Skip to main content
arrow-left Back to Docusign.com
  • Home
  • Ideas
  • Enhancement - Security Settings - KBA/SMS or Access Code for "Any recipient must authenticate on every envelope sent from this account"
New

Enhancement - Security Settings - KBA/SMS or Access Code for "Any recipient must authenticate on every envelope sent from this account"

Related products:Authentication
  • December 5, 2024
  • 2 replies
  • 24 views
  • lcornwell
    lcornwell
  • J
    JackStepalavich
  • R
    rprinceroger
R
Newcomer

Technical Description of the Issue:

The security enhancement introduced a setting requiring all recipients to authenticate for every envelope sent from the account. This feature mandates users to select a recipient authentication method such as Knowledge-Based Authentication (KBA) or SMS Authentication. However, the setting does not currently allow Access Code Authentication to be utilized as the sole method when this requirement is enforced. During testing, it was observed that enabling this feature forces users to choose between KBA or SMS Authentication, excluding Access Code Authentication as an option. This restriction impacts workflow flexibility and introduces additional costs associated with KBA/SMS methods. The request is to modify the feature so that users can mandate recipient authentication while having the option to select among KBA, SMS, or Access Code Authentication.

Business Use Case:

Many users rely on Access Code Authentication to secure envelopes. This method is both cost-effective and user-friendly, making it preferable for both senders and recipients. The current implementation of the security enhancement, which mandates the use of KBA or SMS, imposes additional costs and introduces a level of complexity that may disrupt established client workflows. Aligning the feature to permit Access Code Authentication as a selectable option would ensure compliance with the security team's recommendations while maintaining operational efficiency and cost control.

Business Impact:

Enforcing recipient authentication for every envelope is crucial for mitigating security risks. However, the inability to choose Access Code Authentication as an alternative creates friction and unnecessary expense for users and clients accustomed to this method. Allowing departments to mandate recipient authentication while having the flexibility to choose the most suitable method (Access Code, KBA, or SMS) would ensure security compliance, prevent accidental omission of authentication steps, and provide cost-effective, user-friendly options that align with departmental and client needs. This adjustment would enhance security without imposing undue financial or operational burdens.

2 replies

lcornwell
Conversation Starter
Forum|alt.badge.img+3
  • lcornwellConversation Starter
  • Conversation Starter
  • 17 replies
  • March 19, 2025

I’m looking for the same exact thing.  I’d also accept a way to allow Access Code to be used (SMS or KBA wouldn’t also be required) for those that are within the Organization account.

J
1 person likes this
  • J
    JackStepalavich
J
Newcomer
Forum|alt.badge.img+1

This would also be beneficial for applications that integrate with DocuSign such as Meridian Link where the verification method is limited by an outside factor. More options and variance for levels of security would be greatly beneficial.

Reply


Most helpful members this week

Code of Conduct

Docusign Community

Code of Conduct