Release 23.R5 (11.54)

For information on our current and upcoming deployments for this release, please see the Releases and Maintenances Calendar section of our Trust Center.

These Release Notes were last updated on November 13th, 2023.

What's New

Trust Vault

Introducing Trust Vault: Trust Vault enables organizations to securely store critical signed and completed digital agreements ensuring long-term viability and integrity that withstands the test of time.

Supported functionalities include:

• Out of the box integration with OneSpan Sign

• Granular user access management through OneSpan Sign Roles and Permissions functionality

• Irrefutable Proof Certificate

To enable Trust Vault on your OneSpan Sign account, please contact our Support Team.

If sub-accounts are enabled, Trust Vault cannot be used.

Languages

• Support for three more languages: We added support for the following languages: (1) Bulgarian; (2) Romanian; (3) Norwegian (Bokmål). Note: (1) Due to certain Canadian SMS guidelines, SMS messages sent in Romanian or Norwegian to Canadian phone numbers via Twilio's messaging service will be received in English. (2) Twilio does not support Bulgarian. Thus SMS messages sent in Bulgarian via Twilio's messaging service will be received in English.

If you have any customized email templates that you would like to use with these newly added languages, please contact our Support Team. If you do not contact our Support Team, the default OneSpan Sign email templates will be used.

Senders

• Increased OSS Email File Attachment Size: Senders can now configure the file sizes that emails can support. To do this, contact our Support Team.

• Added support for tooltips on Fields: Senders can now add tooltips to Fields in a transaction, which will be displayed or read in the Signer Experience when a reader hovers over or tabs to that field. Tooltips can be used to add additional context or instructions to a field, thus improving the user experience.

• Added checkbox to allow for transactions that do not expire: Previously, to create or edit a transaction so that it does not expire, or to set a default value for an account so that transactions associated with that account do not expire, Senders had to enter a value of '0' in the Expiration field. Now, Senders can simply use the checkbox to create transactions that do not expire.

• Added ability to assign delegates from Users page: You can now assign delegates using the Users page.

• Sender details can now be seen on the Users page: You can use the Users page to view additional information on a selected Sender.

• Removed references to Opt out: References to the deprecated feature "Opt out" that appeared in the Usage Summary report have been replaced by "Decline to Sign".

• Re-branded Activation and Expiration emails: The account activation and expiration email templates have been updated to reflect our latest corporate branding.

• Improved Designer performance when using Conditional Logic: The performance of the Designer was significantly improved in situations where many fields with conditional logic had been applied to a document.

Admins

• All blacklisted attachments are now displayed: When configuring your Upload Settings a complete list of blacklisted attachments is now displayed. This includes both the default blacklisted attachments, as well as any account specific blacklists.

• Disabled features are no longer available when viewing using the Self Service Account Configuration: When using the Self Service Account Configuration page features that have been disabled because of a previously configured setting are no longer available to edit. For example, if the feature Enable document visibility is disabled, then the feature Allow configuring document visibility will be grayed out.

• Self-service settings can now be configured using Java SDK: Integrators can now configure Self-service account settings using Java SDK.

User Authentication

• Implemented callback and email notifications for LexisNexis failures: Callbacks and emails will now be sent when the following scenarios are met:

  • Signer failed to authenticate.

  • Signer not found in LexisNexis database.

  • Signer does not have enough information associated with them and thus LexisNexis was not able to generate any authentication questions.

    For more information, see email.kba.failure

• Enhanced SSN authentication with KBA with LexisNexis: When setting up KBA with LexisNexis, it is now possible to provide a Social Security Number for a Recipient in three ways:

  • No SSN

  • Full SSN

  • Last four digits of SSN

• Enhanced Identity Verification: Additional verification results can be included in the Evidence Summary. These are:

  • Verification Results: Show the checks and matches used to determine if the verification should pass or fail.

  • Personal Information: Show the data extracted from the document presented, about the identity. For example, Name, Date of Birth.

  • Document Information: Show the data extracted from the document presented, about that document. For example, Country, Type, Issue Date.

    These features are enabled by default. To disable any of these features contact our Support Team.

• Additional information available in the Evidence Summary and IDV Evidence Summary JSON: The following information is now available for viewing:

  • The IDV Evidence Summary PDF now displays the Document_Authenticated matcher only.

  • The IDV Evidence Summary now includes the signer ID in its JSON API.

  • The IDV Evidence Summary now includes the number of verification attempts in the list of image URLs JSON and the JSON API.

Accessibility

• Enhanced Document screen-readability: We have enhanced the screen-readability of documents in the Signer Experience. Screen readers can now read through a transaction's documents and fields without requiring the signer to switch to Accessibility Mode, and without requiring the Sender to create an accessible transaction. During this process, the screen reader will tell the signer if the document can be read by the screen reader.

  If full accessibility is a requirement for your organization, then you must create accessible transactions using properly tagged documents.

• Improved wording on document accessibility toggle: We have changed the label used to create an accessible transaction and improved the accompanying tool-tip for an enhanced user experience. The toggle now says Enforce document accessibility instead of Enable Accessibility.

• Made the following Designer page icons 'bolder' to satisfy WCAG Accessibility standards for color contrast:

  • Apply layout icon

  • Document visibility icon

  • Keyboard shortcuts icon

  • Save layout icon

  • Settings icon

Notarization & Virtual Room

• RON supports three more U.S. States: We added the following States to the Jurisdiction drop-down list that the system presents to notaries when they register their Notary Commission: (1) Louisiana; (2) Rhode Island; (3) Kansas.

• Added support for External Signer Verification for VR and RON Signers: It is now possible to setup External Signer Verification for Signers signing Virtual Room and RON transactions. Note that the account must be configured to use an external verification service. If configured, when signing and after clicking Confirm document, the Signer will be directed to the external verification service, which will open in a new browser tab.

• In RON transactions, the State/Province field is now associated with the Country field: When creating a RON transaction the State/Province field will now display the regional jurisdiction that is relevant to the selected country. Thus, if USA is selected as the country, the State/Province field will show States. If Canada is selected, Provinces will be displayed. For other countries, users can enter the proper value themselves.

• Notary field values are now visible on documents: When accessing the documents, notary fields will now be visible, even before confirmation. The following notary values are displayed:

  • Notary Country

  • Notary Jurisdiction

  • Notary Commission Expiration Date

  • Notary Commission Number

  • Notary Name

• New process for applying a Notarial seal: After a notary finishes signing a document an Apply Seal button will appear. Once clicked, the documents will be confirmed and the Notarial Seal will be applied and rendered on the document.

• Enhanced user experience for in-person and in-person Notarized transactions: Adjusted the look and wording on affidavits for in-person, and in-person Notarized transactions.

• New email template for in-person Notarized transactions: When a Signer is invited to a in-person Notarized transaction the email the Signer receives will allow them to review the documents in the transaction, but not begin the signing process. Signing can only take place in the presence of the notary. For more information see email.activate.ipen

• Enhanced user experience for notaries initiating a Signer Experience. Notaries now:

  • See a configuration screen that invites them to setup or configure their audio and video settings.

  • See the status of signers in the transaction waiting room.

  • See a transaction overview page that will aid them in running the Signer Experience.

eOriginal Integration

• Added ability to use their own transaction type name when using vaulting: Vaulting customers can now pass their desired transaction type name to our system using the transactiontypename parameter. This allows users to distinguish the source of certain transactions when vaulting from multiple sources they want to track.

• Enhance error handling for bad or incomplete vaulting data: Error handing has been improved to include more information for the customer use. This includes more information about the error, along with error callbacks and email notifications.

• Enhanced vaulting robustness and reliability: The vaulting experience has been enhanced with the following:

  • Retry time changed from 1 hour to 4 minutes

  • New retry attempt callback

  • Improved success, failure and retry callback verboseness

  • Improved logs

External Archiving

• Added a second connector for SFTP with the option of obtaining a NOM 151 certificate: In 11.52 we added Arkhineo as an integration connector. You can now use SFTP as an integration connector as well, while also having the option of obtaining a NOM 151 certificate. To enable this feature, contact our Support Team.

Bug Fixes

User Authentication

• PB-97932: Fixed an issue where in certain scenarios the Signing logo did not display on the KBA authentication page.

Senders

• PB-96825: Fixed an issue which was preventing users from updating a transaction's status to SENT via the API.

• PB-97293: Fixed an issue where a user could not update a template's name. This occurred when attempting to change the case and only the case of any letter in the template (for example, from upper case to lower case).

• PB-97435: Updated the wording in a confirmation message that appeared when deleting a transaction.

• PB-97725: Fixed an issue where the maximum length of 64 characters was not being respected when multi-byte characters were used.

• PB-98011: Fixed an issue where it was possible to retrieve attachments from a deleted transaction.

• PB-98502: Fixed an issue where a blank screen would appear when attempting to reassign a recipient on a mobile device.

• PB-98918: Fixed an issue where setting the Group Validation Range for some checkboxes to '0' resulted in a "Something went wrong" error message. Now, a warning message appears telling the Sender that you cannot set this range to zero.

• PB-99039: Fixed an issue where attachment requirements could not be added for a recipient from the Designer.

• PB-99190: Fixed an issue where it was possible to obtain a valid transaction ID when making an API request with faulty information.

• PB-100585: Fixed an issue which was causing a security vulnerability in relation to one of our GET API calls.

Connectors

• PB-97618: Fixed an issue in which the default banner did not appear if the Designer was integrated inside a Salesforce iFrame.

• PB-98482:Fixed an issue which was preventing the creation of transactions from templates when using OneSpan Sign Embedded Integration for Salesforceand OneSpan Sign Embedded Integration for CRM connectors with Roles and Permissions enabled.

Signer Experience

• PB-98089:Fixed an issue where default values defined by the Sender for list fields and their options do not appear in the Signer Experience. The fields appeared, but the default options did not.

• PB-98146, PB-96342: Fixed an issue where the Accept bar no longer appeared on a short Electronic Consent Document if a session expiry message was dismissed, or if a cookie notification was dismissed.

• PB-95888: Fixed an issue where the More Actions menu was not displayed when accessing the Signer Experience from the Rejected Attachment email.

• PB-96288: Fixed an issue where the More Actions menu was not hidden in the Signer Experience when there are no options available to select.

• PB-98382: Fixed an issue where the signer was not prevented from making changes to input fields on a document when a document was confirmed.

Admins

• PB-96303: Fixed an issue which was causing a significant delay (lag) when adding a new role to a user. This occurred when Roles and Permissions was enabled and they attempted to do so using an Admin's API key.

• PB-96909: Fixed an issue that where an Invalid JSON error occurred when setting certain properties to 'null' within packagesettings and then making changes using the Self Service Account Configuration.

• PB-98288: Fixed an issue where the Senders page did not properly display column headers in certain languages, most notably Dansk, Nork, or Greek. In these situation, the last column (Actions) was sometimes truncated.

• PB-99187: Updated the Add a checkbox to the top of the Consent document description in the Self-Service Account Configuration page.

• PB-100060: Fixed an issue that was preventing Sub-Account enabled accounts from creating transactions using Bulk Send.

Vaulting

• PB-98570: Fixed an issue where document vaulting was triggered multiple times.

Accessibility

• PB-98223: Fixed an accessibility issue regarding the color contrast of icons displayed within the Transaction list.

• PB-98283: Fixed an accessibility issue regarding the color contrast of the View all link on the Dashboard.

• PB-98355: Fixed an accessibility issue regarding the color contrast of the links within the application footer.

Changed Behavior

• PB-93756: The format for all date fields in exported CSVs are now set to yyyy-MM-dd HH:mm:ss.

• PB-98015: The label for the PACKAGE_RESTORED callback in the Event Notification page has been changed from Transaction Unarchived to Transaction Restored.

• As part of transaction expiry re-factoring, account settings are now checked when creating a transaction even if a previously created template was created with unlimited expiry.

Technology Updates

• PB-100182: Added support for eOriginal cookies. This ensures that any integration with eOriginal is maintained during any infrastructure updates.

Known Issues

• PB-100157: An error occurs when attempting to remove a field with conditional logic from a transaction that has already been sent. To resolve this issue, dismiss this error and then remove the field again. The field will be successfully removed.

• PB-100050: The link to open the Trust Vault appears in English only, no matter what language is selected for the UI.

• PB-100357: Administrators and Managers cannot assign delegates for locked or disabled users. This issue will be fixed in a future release.

• PB-100235: Administrators and Managers that were created after Roles and Permissions have been activated cannot assign delegates from the Users page. This issue will be fixed in a future release.

• PB-100635: Attempting to use the Users page to assign delegates to sub-account users results in a 404 error. This issue will be fixed in a future release.

• PB-100497: An error occurs when users who have Customized Roles attempt to use the Users page to assign delegates for other users. In a future release the ability of users with customized roles to assign delegates for other users will be removed (though they will still have the ability to assign delegates for themselves).