Knowledge Based Authentication (KBA) is an available option for signer authentication. The KBA process involves presenting the signer with a series of questions that have been generated from public data sources in order to ensure they are the authentic party designated to sign a document.
Because the KBA process involves the handling of sensitive customer data during the signing session and this process incurs a cost, the KBA feature set must be enabled and configured by the AssureSign staff. When Knowledge Based Authentication has been enabled by the AssureSign support staff, you will see the setting "Knowledge Based Authentication" under the "Signer Authentication" section, and your KBA provider will be shown.
Your AssureSign representative will configure settings that require consideration of your use case. In addition, certain restrictions may be required based on your contract specifications.
Some important options you must consider are:
- KBA questions presented to signers are generated based on information about the signer you submit to us prior to signing presentation. The best practice is that this information is submitted through the template parameters (with classic Document Templates) or sender inputs (in the case of a Simple Setup template) designed for this purpose. However, you have the option of allowing the signer to enter that initial information, in whole or in part. You may indicate one of the following:
- Allow signers to be presented with providing any information required to generate KBA questions
- Do not allow signers to be presented with providing any information required to generate KBA questions
If you intend to always pass all required information about the signer during the Submit operation, then you should request that your account be configured to not allow signers to be presented with that information. However, if your use case allows for signers to be presented with these questions then you may want to request that your account be configured to allow this option.
Presentation of KBA questions results in a billable charge. Once a signer completes the authentication process, they will be provided with a PIN that will allow them to return to their signing session when "Enable Reauthentication Password" has been turned on in the "Signer Authentication" section. Should the signer lose their PIN, allowing them to enter without evidence of the KBA completion would be insecure. However, requiring them to perform KBA questions will result in additional costs. To control costs, you may select to not allow re-authentication for returning signers that have lost their signing PIN.
You may allow signers to skip up to 1 question. If this is enabled, the signer will still be required to complete the same number of questions as if a skip had not occurred.
Once KBA has been enabled on your account, then you may select to require its use on a per signer basis when workflow is defined on a template.
When a signer completes the KBA process they will be provided with a signer PIN. If a signer leaves and returns after completing the KBA questions, they will be prompted for the KBA PIN provided to them after KBA was successfully completed.
When a signer is presented with KBA questions and fails the process, then the document will be cancelled.
When document signing is complete on a document requiring KBA for signing access, it is possible starting with AssureSign version 4.12 to apply a fixed text JotBlock after signing completion that contains information about completed KBA events. This may be desirable in the case that a third party requires some visual indication of the authentication performed applied to the document.
More Information on passing data needed to perform KBA
- Classic Document Templates
Refer to the article on standard template parameters for KBA question generation for detailed information.
- Simple Setup Envelope Templates
Refer to the article on standard simple setup template sender inputs for KBA question generation for detailed information.