Release 25.R2: March 2025 (Sandbox)

Changed Behavior

Here are some of the changes in behavior that you might want to be aware of.

Improved API Key Generation

To increase the security of our API keys, we have implemented a new generation algorithm that will generate longer keys. This change means that all existing API keys in Sandbox environments have been converted to follow the new format. Additionally, any new keys that are created with the creation of a new user in a Sandbox environment will also follow this new format.

To give you time to prepare and to conduct integration tests, our Production environments will be updated in a future release, which will be announced at a later date.

Note that any integrations that were implemented using the older keys will continue to work. These keys will remain functional until further notice.

Older Sandbox keys have already been converted and cannot be retrieved. Thus, it is highly recommended that you keep a copy of your current Production key stored in a secure location, in the event that these Production keys are required for your current integrations. You will not be able to retrieve the current key once this version is released into Production environments. For more information on Production environment deployments see our Trust Center.

OAuth 2.0 is the industry standard protocol for online authorization. OneSpan Sign now supports OAuth 2.0 protocol focusing on consented access, using Grant type client credentials (only). For more information on OneSpan Sign and OAuth 2.0 see Managing API Access and Authentication Settings.

Option to Use Either Passkeys or Another Authentication Method

Previously, if a recipient has registered a passkey for authentication purposes the passkey would be the only authentication method made available to them. Now, if a recipient has registered a passkey AND the Sender has configured another authentication method (such as IDV, KBA, Q&A, SMS), both authentication methods will be presented to the recipient. (refs PB-107892)

Additional Changes in Behavior

• For security reasons we will no longer allow Signers to use HTML code in the Reason field when declining a transaction. (refs PB-108289)

• Similarly, we will no longer allow Senders to enter HTML code in the Message to all recipients and Personal Message fields of a transaction. However, this can be enabled by contacting our Support Team. (refs PB-108287)

• We have updated the message that is displayed when removing a member from a Sender Group to clarify that the member will be removed from the group, but that the member will not be removed as a Sender in the account. (refs PB-110714)

Upcoming Changes

Here are some of the new features, changes, and enhancements that we will be introducing in an upcoming release.

Improved API Key Generation

To increase the security of our API keys, we have implemented a new generation algorithm that will generate longer keys. This change means that all existing API keys in Production environments will be converted to follow the new format. Additionally, any new keys that are created with the creation of a new user will also follow this new format.

As this change has already been implemented in Sandbox environments, we recommend that you use those environments to prepare and to conduct integration tests with the new keys.

Note that once this change is deployed in our Production environments, any integrations using the older keys will continue to work until further notice.

It is highly recommended that you keep a copy of your current Production key stored in a secure location, in the event that this key is required for your current integrations. You will not be able to retrieve the current key once this version is released into Production environments. For more information on Production environment deployments see our Trust Center.

OAuth 2.0 is the industry standard protocol for online authorization. OneSpan Sign now supports OAuth 2.0 protocol focusing on consented access, using Grant type client credentials (only). For more information on OneSpan Sign and OAuth 2.0 see Managing API Access and Authentication Settings.

A brand-new introductory walk-through!

We will be introducing an enhanced product walkthrough for new users. With this improved walkthrough new users will be able to follow a step-by-step guide to creating, preparing, and sending their first transaction. (refs PB-111389)

What's New

Here are some of the new features and enhancements we have made for this release.

BETA - More Ad hoc group enhancements:

Following up on our initial release of Ad Hoc Groups in 25.R1, we continue to improve and enhance this feature. In this release you will find the following: (refs PB-108663)

• The ability to define a Personal Message for each ad hoc group recipient.

• Ability to specify whether members of the Ad Hoc Group can download the Evidence Summary document once the transaction is complete.

• You can now enable or disable Email Delivery for Ad Hoc Groups.

• Updating and removing Ad Hoc Groups and Members can be done from both the UI and by using APIs.

• You can replace a recipient with an Ad Hoc Group.

• Similarly, you can convert an Ad Hoc Group into another recipient type.

• You can define a specific language for your Ad Hoc Groups.

• Using a signing order is now possible.

• Document visibility is now supported with Ad Hoc Groups.

• Signing reminders. Remind buttons are available at both the transaction level and at the recipient level.

• Scheduled email reminders

• A cleaner display of Ad Hoc Group recipient information in the Evidence Summary.

This feature is currently in BETA and only available for Sandbox environments.

BETA - New Transaction Dashboards:

We have updated our Transaction Analytic Reports with the following new Dashboards: (refs DAG-50)

• Transaction Performance: This dashboard helps to view and analyze the performance of transactions, including their distribution and changes over time.

• Transaction Velocity: This dashboard helps in analyzing the time taken for transactions to move through various stages to completion.

• Transaction Volume: This dashboard helps in analyzing the transaction volume and status trends across months, which in turn could help to identify patterns and performance trends.

Note the following:

• This feature is only available for users with Admin or Manager roles, or users with the Reports permission enabled for them.

• To enable this feature you must contact our Support Team.

• Data is currently restricted to transactions that were NOT purged or deleted before March 30, 2025. Starting April 2025 all transactions data will be available.

This feature is now available in all environments (with the exception of FedRAMP environments - for more information see Unsupported FedRAMP features).

A new data retention disclaimer has been added:

We have added a disclaimer to the Data Retention page to clarify the precedence rules for data deletion. To summarize, if the Total Transaction Lifetime limit is shorter than any other Data Retention limit, the Total Transaction Lifetime limit will take precedence and delete the transaction once it reaches the set limit. Note that this disclaimer is for informational purposes only - no changes have been made to the way data retention works. (refs PB-113365)

BETA - Counter Signing Enhancements

Counter Signing is now supported for both Account Senders and Transaction Owners (Myself) recipients, specifically for eSigning and In-Person eSigning transaction types. This enhancement covers the entire end-to-end flow—from configuring counter signers in the Sender UI to completing the Signer Experience — ensuring smooth transaction creation, signing, and completion.

Counter Signing is also now supported in Bulk Transactions, ensuring consistent signer behavior across single and bulk transaction flows.

This feature is currently in BETA and only available for Sandbox environments.

Workflow Integrations

Within OneSpan Sign for Salesforce you can now enable or disable the signing order feature that was introduced in OneSpan Sign Release 25.R.1 (refs PB-111794)

We have made the following enhancements to our OneSpan Sign for Greenhouse, OneSpan Sign for SharePoint, OneSpan Sign for MS Dynamics, and OneSpan Sign for HubSpot Workflow Integrations: (refs PB-111184, 113079, 113082)

• Users can now add an authentication method (SMS, Q&A) for contacts.

• Multiple signers can now be added to contact fields.

• You can now define a signing order for your contacts.

We have also developed a new Workday integration that aligns more closely with the Workday Business Process framework. This integration incorporates signing as a sub-process within a business process. In this process, a signing step is triggered upon the completion of the preceding step, and the completion and archiving of signed documents subsequently trigger the next step in the business process framework. (refs DAG-103)

The Transaction Report now displays two additional columns to give you additional information on your transactions: (refs PB-108394)

• Source of Transaction: The Workflow Integration that initiated the transaction. For example, CRM, or HubSpot.

• Destination of Transaction: The archiving or storage location of the transaction. For example, Google Drive.

Bug Fixes

The following issues were resolved in this release:

Administrators

• In situations where a user had chosen to ignore a Geolocation prompt the Evidence Summary would include a misleading message stating “Geolocation: did not allow geolocation”. We have updated this message so that it now reads “Geolocation: user did not respond”. (refs PB-111867)

• Account Reports are once again generating on a daily basis. (refs PB-113170)

Authentication

• If a system error occurs during IDV authentication (for example, if the network connection is broken or a system error occurs), users will see an error message and will no longer be prompted to enter a phone number. (refs PB-111867)

Notarization and Virtual Room

• When creating a Virtual Room transaction with a PST time zone, there was a discrepancy between the scheduled time defined in the transaction, and the time displayed in the meeting invitation send to the recipient. Specifically, the time zone displayed to the recipient was three hours earlier than the time specified by the Sender. This has been fixed. (refs PB-112691)

Senders

• The URL link in the email.lock.signer template would sometimes redirect a user to the Signer Experience, and not to the Sender’s dashboard. The link now works properly. (refs PB-110927)

• Attempting to use an ampersand (&) in an email no longer results in an Invalid email error. (refs PB-111839)

• We have fixed an issue where the expiry time was different when using Expiry Date, versus when using Expiry Days.

Signers

• When attempting to view a Signer Experience on a Mobile device, values in drop-down lists would not appear properly. This no longer occurs. (refs PB-111868)

• We have fixed an issue where field names within error messages displayed in the Signer Experience did not match the field names defined in the Designer. (refs PB-112851)

• Signatures would sometimes disappear from a document in the Signer Experience when a signer had attachments to upload and the signatures were confirmed. These signatures would reappear on the document once refreshed. These signatures no longer disappear. (refs PB-114232)