• Choose language: RU EN DE ES

Digital signature for Bitrix24 documents

One of our client needs to use a digital signature at Bitrix24 documents. The big company has huge document circulation. Paper work needs a lot of resources for printing, signing, processing and storing. There are many tools for working with documents at Bitrix24 but there was no Digital Signature function. We developed and implemented Digital Signature for Bitrix24.

The task was:

  1. Place the digital signature button on the page where it could be used at Bitrix24 CRM.

  2. Create the feature to paste digital signature signet into PDF file within Bitrix24. Signet is an image with the Digital Signature.

  3. Create a map users with digital signatures at Bitrix24. If a user has more than one digital signature, he could choose one from the drop down menu.

  4. Develop a function to create (by CRM administrator) a self-signed digital signature for internal use. That digital signature doesn't have law power. It could only be used for signing internal documents.

  5. Attach digital signatures to users by Bitrix24 administrator.

Digital signature: how it works

The following diagram shows the scheme of signing every document at Bitrix24.


SignService Daemon authenticates actual users by OTP-based* authentication.

*OTP -- one-time password

Each signing request is authenticated with time-based OTP. Every user who needs to sign documents should set up OTP generator on his mobile phone and synchronize it with the SignService. This is one-time task.

We use FreeOTP . It works completely offline and generates a new password every 30 seconds. Password sequences are different for all users. And passwords are never sent via network. That’s why they’re secure.

Employees can use the same set of Digital Certificates. More than one certificate can be installed onto a USB token. But it is clear who clicked the ‘sign’ button in Bitrix24, this is recorded into the deal history. Additionally, SignService logs all the operations.

Certificate mapping allows assigning Bitrix24 users to self-signed certificates. Administrator can specify for each user what certificates they can use.

Example of digital signature using

Let’s see the case. Given:

  1. Mary, employee;

  2. Mary uses login “mary” to login to Bitrix24;

Mary needs to sign documents from Bitrix24.


At first a system administrator should:

  1. Log in to SignService Control Panel.

  2. Create account for Mary by filling in three fields:

    1. Login = mary (must match up with Bitrix24 login);

    2. Description — any information about user for system administrator.

    3. Disable OTP (ensure deactivated) — allows any user who says “I’m mary, but I can’t prove it” to sign documents without entering one-time password.

  3. Create (generate) a link for setting up OTP. The link works for 1 hour.

  4. Send the link to Mary by e-mail.


Bitrix24 user (Mary) should:

  1. Install FreeOTP mobile application.

  2. Open the link received by e-mail. A QR code will appear.

  3. Scan the QR code with FreeOTP app. A new generator will be created and configured.

  4. Open (for example) CRM Deal details page. Suppose that deal has PDF file attached.

  5. Click ‘Sign’ button.


6. In the window that appears:

    1. Choose a certificate from USB eToken (you should be able to store at least 10 certificates per eToken)

    2. Enter OTP from FreeOTP app. 

    3. Specify signature visibility via on / off ‘Enable’ checkbox.

    4. Specify page to place signature on first / last page.

    5. Specify signature position on page. Six clickable fields represent relative positions: top / bottom and left / center / right. Blue signature icon indicates the selected position. Besides, the textual description of the selection is displayed on the right side.



7. Then click ‘Sign’ button and wait for 10-30 seconds.



8. When the process finishes, the original PDF will be replaced by the signed version.


Digital signatures for internal use

For internal documents signing we don’t only use USB token but also generic certificates. 

User can have their own Certificate Authority (CA) to issue certificates for internal use. CA allows installing just one root certificate on every employee’s workstation and all certs issued with his CA are considered trusted.

That signature has no legal value but is convenient for internal documents signing.

Results

Digital signature for Bitrix24 documents has been implemented. Bitrix24 administrator can map digital signature to the users. Users can sign documents via Bitrix24.

This is easy to use and has a lot of advantages:

  • it’s time-saving,

  • employees could sign documents during out-of-office work or on vacation, 

  • signing documents can’t get lost,

  • the digital signature with the token has legal value, 

  • it is secure.

Do you need a digital signature at Bitrix24? Just call INTERVOLGARU.