Phase Locked Software logoDocument Control
Authentication Settings

Document Control Logo Document Control Authentication Settings

Revision: 2024-04-08

Authentication Settings

Regulatory Compliance
Your organizational regulatory compliance requirements influence the required authentication settings for signatures. For example 21 CFR 11 requires the signer to authenticate for each signature. Bulk signatures, i.e. a single electronic signature for multiple documents, are not conformant. Please consult with an expert and/or contact Document Control support if you have specific questions.

Email Address Usage

Some authentication methods use email sending and the user's email address in the authentication and/or setup flow. Document Control does not store or record the email addresses of Confluence users. When Document Control needs access to the email address, the email address will be retrieved on demand from the Confluence API. That means Document Control always uses the user's current email address as it is registered in Confluence and the Atlassian user account. The user's organization and/or the user have full control over the email address, and Document Control can not change it. For some authentication methods, the user's Atlassian registered email address is compared to an external email address (e.g. for SSO). When this comparison is done, Document Control will lower case the email addresses before comparison (e.g. "Jane.Anderson@example.com" and "jane.anderson@Example.COM" are considered equal).

Users can view their Atlassian registered email address at their Atlassian profile page.

Authentication Methods

Authentication Methods available on the configuration page.

Personal Token

A Personal Token is a code or password a user needs to set up before the first use. When you enable this authentication method, users without such a token are prompted to create it. Token creation is validated by a short lived code sent by email, and token deletion triggers a warning email to the user.
Token usage and misuse is protected by rate limiting, and if too many incorrect tokens have been tried, the user is prompted to reset the token.

2FA Token

For 2FA authentication, a user needs to install and pair an authenticator app. Compatible apps are:

When using 2FA authentication for the first time, a user needs to pair their authenticator app with Document Control.
The 2FA codes are unique to each user, and can be revoked on demand using a user-specific API token. When signing, the signature dialog asks you to enter a 6 digit code called 2FA token. This token is generated by your authenticator app. The token is refreshed regularly.


API key: When using API key authentication, a user needs to generate a secure token once by using the Atlassian provided secure token management page at the Atlassian API token page. The token is unique to each user, and can be revoked on demand.

The email for the signature must be the email address used for Confluence login.

SSO - OpenID

Single Sign-On (SSO) is supported through OpenID. Document Control works with many OpenID authentication providers, e.g. Okta and Microsoft Entra ID (Azure AD).
The configuration for OpenID requires multiple OpenID provider settings. These settings depend on your organization's OpenID setup.

OpenID configuration dialogue.

Setting up OpenID requires you to provide Document Control with the OpenID provider's information, and also requires you to provide specific Document Control settings to your OpenID provider.
As part of the setup process, you will be redirected to your OpenID provider to check if all settings are correct.

Regulatory Compliance: When using OpenID, Document Control uses an external authentication provider for user authentication for the signatures. Document Control does not control the settings of the external authentication provider, and it is your responsibility to validate the authentication settings to ensure regulatory compliance. Document Control protects the integrity of the signature information in the authentication process, however Document Control can't guarantee the integrity of the authentication request. It is your responsibility as user of Document Control to validate the authentication flow with the applicable regulatory regulations.

OpenID Provider Configuration Information

Microsoft Entra ID

Microsoft describes their OpenID settings at OpenID Connect on the Microsoft identity platform.
The issuer URL has the form of https://login.microsoftonline.com/XXXXXXXXXX/v2.0/.well-known/openid-configuration.


The Okta OpenID information can be found at OpenID Connect & OAuth 2.0 API.
The issuer URL has the form of https://XXXXXXXXXX.okta.com/.well-known/openid-configuration.

Document Control LogoDocument Control for Confluence Cloud



© 2024  Phase Locked Software