Back to Docusign.com
Currently, Knowledge-Based Authentication in DocuSign is an all-or-nothing setting at the enterprise level. We have business use cases where KBA is essential for certain documents, but not for all outgoing envelopes. Having more granular control would significantly improve usability and efficiency.
Proposed Enhancements:
- Default KBA on All Outgoing Envelopes with Override Option
KBA should be enabled by default for all outgoing envelopes, with the option for the sender to remove it when it is not required. This shifts the decision-making to the sender, ensuring that sensitive documents are always protected unless explicitly exempted.
- Profile-Level Default Settings
Allow KBA requirements to be set based on user profiles or roles. This would enable departments or teams handling sensitive information to have stricter controls, while other teams can operate with fewer restrictions.
- Internal vs. External Signers
Provide an option to automatically disable KBA for internal signers (e.g., employees using company email domains) while keeping it enabled for external recipients.
- Template-Level Configuration
Allow KBA defaults to be set at the template level. This would ensure that documents using specific templates automatically have the correct security settings applied without manual intervention.
- Conditional Logic Based on Document Type or Metadata
Enable rules where KBA is triggered based on metadata such as document type, sensitivity classification, or department origin.
- Reporting & Audit Controls
Add reporting features to track when KBA was enforced, who disabled it, and for which documents, to maintain a full audit trails
- API Support for KBA Controls
Provide granular API endpoints to manage KBA settings programmatically for automated workflows.