Our definition of a synchronous signature is when the end user is already interacting with a website and, as a result of their actions — are sent to Signicat’s signature environment. An example could be a user filling out a form which leads them to an agreement that needs to be signed.
There are three options when it comes to authenticating the user before they sign:
- Using a supported eID type
- Single sign-on artifact (SSO)
- No authentication
Instead of having to (re)authenticate the end user using an eID type when the user is redirected to Signicat, it is possible issue a single sign-on artifact (created in the request to DocumentService) which lasts for 30 seconds. This takes the form of a small text string which is appended to the task URL. When the end user is redirected to Signicat, the user will be authenticated and therefore does not have to login.
In order so maintain appropriate security, it is generally recommended that the end user is authenticated (either with eID or an artifact) before they are allowed to see and sign the document(s).
Our definition of an asynchronous signature is when the user is notified of a pending signature, and subsequently starts the signature process when they so desire. The user is sent a reference to the signature task either as a URL or a reference code that can be used to get to the task. The user can get access to the document with or without authentication with a supported eID method prior to seeing and signing the document.
Notifications to end users can be handled by Signicat signature services or by your own systems depending on your preference. You can choose to notify the user using DocumentService with either email or SMS notifications.