Elena Fedianova

Nikita Kalinin

Digital signature for Bitrix24 documents

One of our clients needed to use digital signatures on their Bitrix24 documents. Due to the size of the company, it has huge document circulation. Paper work requires a lot of resources for printing, signing, processing and storing.  Although there are many tools for working with documents in Bitrix24 but there is no Digital Signature feature. We developed and implemented Digital Signature for Bitrix24.

Our tasks included :

1. Placing a digital signature button on the page where it could be used in Bitrix24 CRM.

2. Creating a feature to paste digital signature signet into PDF file within Bitrix24. A signet is an image with the Digital Signature.

3. Creating a map of users with digital signatures in Bitrix24. A user can have multiple digital signatures, and choose which one to use from the drop down menu.

4. Developing a function that enables the CRM admin create a self-signed digital signature for internal use. this digital signature doesn't have legal power. It can only be used for signing internal documents.

5. Giving the Bitrix24  administrator the privilege (right) to attach digital signatures to users.

Digital signature: how does it work?

The following diagram shows the scheme of signing documents in Bitrix24.


SignService Daemon authenticates actual users by OTP-based* authentication.

*OTP -- one-time password

Each “sign” request is authenticated with time-based OTP. Every user who needs to sign documents should set up an OTP generator on his mobile phone and synchronize it with the SignService. This is a one-time act.

We use FreeOTP . It works completely offline and generates a new password every 30 seconds. Password sequences are different for all users, and passwords are never sent via network which makes them secure.

Employees can use the same set of Digital Certificates. More than one certificate can be installed onto a USB token. But it is always clear who clicked the ‘sign’ button in Bitrix24, because it is recorded into the deal history. Additionally, SignService logs all sign operations.

Certificate mapping allows assigning Bitrix24 users to self-signed certificates. The Administrator can specify for each user what certificates they can use.

An example of how to use digital signatures

We have an employee, Mary, who needs to sign documents in Bitrix24.

Given:

1. Mary, employee;

2. Mary uses her login “mary” to log in to Bitrix24

The system administrator needs to follow the steps listed below:

1.    Log in to SignService Control Panel.

2.    Create an account for Mary by filling in three fields

1.    Login = Mary (must match with Mary’s Bitrix24 login

2.    Description — any information about Mary. This is to help the administrator know exactly which Mary in cases where there are clients with the same names.

3.    Disable OTP (ensure deactivated) — allows any user who says “I’m mary, but can’t prove it” to sign documents without entering one-time password.
3.    Create (generate) a link for setting up an OTP(The link is valid for 1 hour).
4.    Send the link to Mary by e-mail.

Bitrix24 user (Mary) should:

  1. Install FreeOTP mobile application.

  2. Open the link received by e-mail. A QR code will appear.

  3. Scan the QR code with FreeOTP app. A new generator will be created and configured.

  4. Open (for example) CRM Deal details page. Suppose that deal has a PDF file attached.

  5. Click  the ‘Sign’ button.


6. In the window that appears:

1.    Choose a certificate from USB eToken (you should be able to store at least 10 certificates per eToken)

2.    Enter OTP from FreeOTP app. 

3.    Specify signature visibility via on / off ‘Enable’ checkbox.

4.    Specify page to place signature. For example; on first / last page.

5.    Specify signature position on page. Six clickable fields represent relative positions: top / bottom and left / center / right. A Blue signature icon indicates the selected position. Also, the textual description of the selection is displayed on the right side.



7. Click ‘Sign’ button and wait for 10-30 seconds for the document to finish signing.



8. When the signing process is completed, the original PDF will be replaced with the signed version.


Digital signatures for internal use

For signing internal documents, we don’t only use USB tokens but also generic certificates. 

Users can have their own Certificate Authority (CA) issue certificates for internal use. CA allows installing just one root certificate on every employee’s workstation and all certificates issued with his CA are considered trusted.

This signature has no legal value but is convenient for signing internal documents.

Results

We successfully implemented Digital signature for Bitrix24 documents.  A Bitrix24 administrator can map digital signature to the users, and  Users can sign documents via Bitrix24.

It is easy to use and has a lot of advantages:

  • it’s time-saving,

  • employees can sign documents during out-of-office work or while on vacation, 

  • signed documents can’t get lost,

  • Every document signed with a token is legally binding.

  • it is secure.

Do you need a digital signature feature in Bitrix24? Contact  INTERVOLGARU.



  • 05.09.2019
  • Elena Fedianova

  • Nikita Kalinin