Introduction
By activating the E-signature functionality in your platform, your learners will be required to electronically sign that they have completed certain courses. The e-signature feature is available for both the desktop version of your platform and the Go.Learn mobile app and the functionality can be applied to all types of courses (e-learning, ILT-classroom and webinar) in the desktop platform and to e-learning courses in your mobile app, both to newly created and existing courses. Learn more about e-sgnature for your mobile app.
When signing a course with an electronic signature, users are able to prove their identity in the system, thus reducing the risk of forgery in your platform.
The Electronic Signature used in your platform is a unique alphanumeric code created by a Hash function. Docebo’s e-signature is generated based on a user’s data, a course’s training material and the date on which the user completed the course.
Because of this, the Audit trail functionality also tracks data relating to courses that use the E-signature functionality. Through the Audit Trail, the platform stores all data relating to the course and the users taking the course (such as user data, the training material needed to complete the course, and the changes made to the training material).
To prove their identities, users will complete an additional authentication process (the first authentication is the login or a single sign-on authentication into the platform) after having completed all of the mandatory training material included in a course that requires an e-signature.
This secondary factor authentication is performed using a 6-digit verification code (One Time Password, or OTP) that is shown on the learner’s device by an authenticator app that generates verification codes or is sent to the learner’s email by using the email authentication method. Users will enter this code in the One Time Password field on the course player page, then validate it to verify their accounts and complete the course.
To learn how to manage this authentication process, refer to the following sections of this article. Learn more about what your learners must do to complete this authentication process.
Best practices & important notes
Please keep in mind the following important information:
- The courses in which you as the Superadmin enabled the e-signature feature are referred to as e-signature courses in your platform and in this article.
- The E-signature app is strictly related to the use of the Audit trail functionality. The E-signature app is free for all plans, the Audit Trail functionality is built-in to the platform.
- Configure SPF and DKIM to be sure that the E-signature email is sent correctly
- The e-signature feature works with the Extended Enterprise app, so each of your subdomains can have e-signature courses.
- The e-signature option cannot be disabled for a course once you activate it. If you enable the E-signature option when you create a new course or edit an existing one, the option will be permanently activated for the course and you will not have the possibility to change it in the future.
- If your learners use the email authentication method to authenticate via One Time Password, they need to have an email address associated with their user profiles in the platform. In case your users don’t have an email address associated with their profiles, during the email authentication process they will be asked to go to their My profile page to perform the association (they will have to insert their email in the corresponding field of the My profile section).
- If you change the training material of an e-signature course in any way, you will lose the electronic signature’s legal validity. Therefore, whenever possible, we advise you against adding, editing or removing the training material of an e-signature course. Refer to the list below to know in which cases and under which conditions the One Time Password authentication process cannot be completed by the user or the electronic signature will lose legal validity when making changes to the content of an e-signature course.
- When you as a Superadmin log in as one of the users in your platform and impersonate one of your users, for security reasons, you cannot access e-signature courses into which the user that you are impersonating is enrolled. When a user is enrolled in an e-signature course, they have to go through a secondary authentication process in order to prove their identity. Accessing an e-signature course of another user would mean having access to personal One Time Passwords (OTP) needed for e-signature authentication. As a consequence, the electronic signature will lose its legal validity (of course, in order for the learner’s e-signature to have legal validity, the course must be completed by the user who signs it and in their own account). More information about the User Impersonation functionality.
- If a user has completed the training material of an e-signature course but they have not completed the One Time Password authentication process yet, if you (as the Superadmin) then add new training material to the e-signature course unblocking the Training Material tab of the course, the user will be able to complete the OTP authentication process anyway without having to complete the new training material.
-
The OTP authentication process will be blocked and the electronic signature process cannot be performed (because the hash won't be created) in the following situations:
- If you manually change the status of a learner in an e-signature course to Completed before they have completed the One Time Password authentication process;
- if the only or last training material in an e-signature course requires action by another user to be completed (such as an assignment, an observation checklist, or a test) and the Superadmin or the instructor marks it as passed.
- When the OTP authentication process is blocked (as described by the previous point in the list), if the user clicks on the e-signature training material of the course, they will see a message warning that the authentication via One Time Password is not required.
Activating the E-signature app
Activate the E-signature app as described in the Managing apps & features article of the knowledge base. The app is listed in the Docebo Additional Features tab.
Once activated the app, you need to activate the E-signature functionality. To activate it, access the Admin menu from the gear icon in the top right corner of your platform. Here, select the Manage option in the E-signature section. On the E-signature page, switch on the Enable e-signature for this domain toggle in the Activation section in order to activate e-signature in your platform.
When you switch the toggle on, the One Time Password Authentication Method section will appear below the Activation section. Here, you can select the authentication method(s) (Authenticator app or Email) that your users will use to verify their identity when completing the course.
Both authentication methods are enabled by default, but you can decide to deactivate one of them and use only one authentication method, or to select again both options (Authenticator App and Email). However, we suggest that you use the Authenticator App as the authentication method.
The authentication methods that you select in the Manage menu are the methods that your learners can use to complete the One Time Password authentication process.
Please Note: If you disable the E-signature functionality by switching off the toggle, remember that you will have to manage manually every e-signature course not yet completed (as the Superadmin, you will need to force the completion of the course for the users enrolled into the course).
Managing the Authenticator app pairing for your users
If you selected the Authenticator app option in the Manage menu, your users can authenticate using an authenticator app (this authentication method is the one that users will see by default when electronically signing the course, but they can also choose to use the email authentication method, if you also activated this authentication method).
Remember that if your learners use the authenticator app authentication method, they need to configure the app and associate it with their profiles in the platform. If your users’ profiles are not yet associated with the app, when they log in and, in case they skip the pop-up box that opens at login, when they open an e-signature course’s overview or player page, they will be asked to go to their My Profile page to perform the association and configure the authenticator app, in order to be able to access e-signature courses.
As a Superadmin, you are able to remove the association between a user and the authenticator app. To do so, access the Admin menu from the gear icon in the top right corner of your platform. In the E-Learning section, select the Users item. In the list of users, you can check if the authenticator app is paired to their profiles in the corresponding column of the users' list. If you want to remove the association between a user and the authenticator app they use to prove their identity, select the ellipsis menu at the end of the user row and choose the Unpair Authenticator app option from the dropdown menu. If you confirm your action in the pop-up box that will open, the association will be reset for the user you selected.
Email authentication method
If your learners use the email authentication method to authenticate via One Time Password, they need to have a valid email address associated with their user profiles in the platform. In case your users don’t have an email address associated with their profiles, at login and, if they skip the pop-up box that opens at login, when they open an e-signature course’s overview or player page, they will be asked to go to their My Profile page to perform the association (they will have to insert their email in the corresponding field of the My Profile section).
The 6-digit verification code (One Time Password, OTP) included in the email received by users expires five minutes after they receive the email. In case of issues, they can select the Resend the One Time Password option and the OTP is sent again to their email (it is possible to ask to resend the OTP another time after a minute).
Configuration tips
In order to properly configure the email authentication method, reach the Advanced Settings menu in your platform and:
- in the Users tab, make sure that the Hide the Preferences tab in the My Profile area for users and Power Users option is not selected. If you need to activate this option and your users don’t have an email address associated with their profiles, they’ll have to use the Authenticator App authentication method instead of the Email one.
- in the Self-Registration tab, insert the email of the sender of the emails including the verification code in the Registrations, lost passwords and background jobs email sender field.
Enabling the e-signature feature for courses
To activate the e-signature feature for a newly created or already existing course, reach the Admin menu from the gear icon and select the Course management option from the E-Learning section. Find the course and click on its description. While in the Properties tab, move to the Details tab and activate the Enable e-signature for this course option in the E-signature section of the tab.
Once you flag this option, the Title and Description fields will appear under the E-signature checkbox. These fields are pre-filled, and you can edit the text inside of them if necessary, but remember that you cannot delete the text and leave them blank. When taking an e-signature course, your users will see the title and description you configured for the E-signature item of that course in the training material box on the right side of the course player page.
By enabling the E-signature option, your users will need to authenticate via One Time Password (OTP) to complete the course. When finished, press the Save changes button in the bottom right corner of the page.
Please note: The e-signature option cannot be disabled for a course once you activate it. If you enable the e-signature option when you create a new course or edit an existing one, the option will be permanently activated for the course and you won’t have the possibility to change it in the future.
Viewing e-signature courses from the Course management menu
In the E-signature column in the list of courses on the Course Management page in your platform, you can see which courses in your platform are e-signature courses.
On the Course Management page, you can also apply filters to see only e-signature courses in the courses list. Press the filters icon in the top left corner of the page, then select the Show e-signature courses only filter in the E-signature section of the slideout panel. Now, you’ll only see e-signature courses in the list.
Managing & unlocking training material in e-signature courses
When training material is used in an e-signature course, you should pay careful attention to the management of the training material within the course.
All learners enrolled in an e-signature course have to complete it under the exact same conditions to maintain the learners’ e-signature legal validity. For this reason, when a user completes all of the mandatory training material included in the e-signature course and thus the One Time Password authentication process is available for users, a message at the top of the Training Material tab of the Course Management page will inform you that training material for the e-signature course is locked.
As a Superadmin, you can decide to select Unlock on the right side of the message in the Training material tab to be able to add, edit or remove the course’s training material.
Please note: If you unlock and then make changes to the e-signature course’s training material, you cannot prove the validity of the electronic signatures of users who have completed the course. When you select Unlock, the Unlocking pop up box informs you that the platform will record, in the Audit Trail, all of the changes that you made (if you have added, edited or removed training material). For more information about the Audit Trail, refer to the Audit Trail article and to the following section of this article.
Likewise, before editing or deleting the training material from within the Central repository, a warning message informs you that the electronic signatures of the users who have completed the e-signature course will lose legal validity.
Whenever possible, we advise you against adding, editing or removing the training material of an e-signature course, because if you change it in any way, you will lose the electronic signature’s legal validity. Refer to the Best Practices section in this article to know in which cases and under which conditions the One Time Password authentication process cannot be completed by the user or the electronic signature will lose legal validity when making changes to the content of an e-signature course.
Editing, deleting or adding training material in e-signature courses
If you can’t avoid making changes to the e-signature course’s training material, we recommend creating a new version of the training material. By uploading a new version of the training material that you edited, you’ll be able to find all data recorded in the Audit Trail, where you can check in which conditions users completed the course. If you need further information about how to upload a new version of training material, refer to the Creating multiple versions of the same training material section of the knowledge base article on the Central repository.
If you decide that you want to unlock content listed in the course’s training material tab, after having selected the Confirm button in the Unlocking pop-up box at the top of the Training Material tab of the Course Management page, you will be able to edit or delete the training material by selecting the menu icon at the end of its row in the list of training material and then choosing the corresponding option from the dropdown menu. You’ll also be able to add new training material to the course by selecting the Add training material button above the training material list.
Recording e-signature data in the Audit trail
Docebo creates an electronic signature based upon cryptographic methods of authentication, which is a unique hash based on user data, course name, training material, training material version, test score, timestamp of course completion and One Time Password authentication method. This data is available in the Audit Trail.
The Audit Trail functionality keeps track of the administrative actions performed in the system. Relating to e-signature courses, the Audit Trail records admin and learner data and activities such as user data, the training material completed by learners, and the changes made to training material associated with an e-signature course.
Viewing e-signature info in reports
As all the e-signature data and activities are recorded in the Audit trail, e-signature data can be seen in some reports in the platform as well: Course summary report, Courses dashboard, and some custom reports (Users - Courses, Users - Course Enrollment Time, Courses - Users, and Groups - Courses).
Notifications
If you want to immediately know when your users electronically sign the course they’ve completed through the e-signature authentication, make sure that the Notifications feature is active in your platform, and that you have correctly created and configured the User performed the e-signature course's authentication notification.
By doing so, when your users complete the e-signature authentication, you as the Superadmin will receive a notification informing you that your user performed the One Time Password authentication after having completed all of the mandatory training material included in an e-signature course. This notification can be also sent to managers, power users, instructors, and learners as well.
Please note: You will only receive notifications about e-signature authentication if the Notification feature is active and if you as the Superadmin have properly set up the User performed the e-signature course's authentication notification. When configuring this notification, you can choose between the email, in-platform, or Slack option, according to your needs. Also note: The new shortcode [esignature_course] is available for the Learner has yet to complete a course notification and for the Digest: Learner has yet to complete a course notification. These notifications can also be sent to managers and instructors.