Release 25.R2: March 2025 (Sandbox)

Changed Behavior

Here are some of the changes in behavior that you might want to be aware of.

• To increase the security of our API keys, we have improved the API key generation algorithm which now generates API keys with longer lengths. This change will be immediately applied to any new keys that are created. Existing keys will also be updated, but to allow you time to modify any existing integrations the shorter version of these keys will remain functional until September, 2025. If you are ready to disable your older keys please contact our Support Team.

• Previously, if a recipient has registered a passkey for authentication purposes the passkey would be the only authentication method made available to them. Now, if a recipient has registered a passkey AND the Sender has configured another authentication method (such as IDV, KBA, Q&A, SMS), both authentication methods will be presented to the recipient. (refs PB-107892)

• For security reasons we will no longer allow Signers to use HTML code in the Reason field when declining a transaction. (refs PB-108289)

• Similarly, we will no longer allow Senders to enter HTML code in the Message to all recipients and Personal Message fields of a transaction. However, this can be enabled by contacting our Support Team. (refs PB-108287)

• We have updated the message that is displayed when removing a member from a Sender Group to clarify that the member will be removed from the group, but that the member will not be removed as a Sender in the account. (refs PB-110714)

Upcoming Changes

Here are some of the new features, changes, and enhancements that we will be introducing in an upcoming release.

A brand-new introductory walk-through!

We will be introducing an enhanced product walkthrough for new users. With this improved walkthrough new users will be able to follow a step-by-step guide to creating, preparing, and sending their first transaction. (refs PB-111389)

What's New

Here are some of the new features and enhancements we have made for this release.

BETA - More Ad hoc group enhancements:

Following up on our initial release of Ad Hoc Groups in 25.R1, we continue to improve and enhance this feature. In this release you will find the following: (refs PB-108663)

• The ability to define a Personal Message for each ad hoc group recipient.

• Ability to specify whether members of the Ad Hoc Group can download the Evidence Summary document once the transaction is complete.

• You can now enable or disable Email Delivery for Ad Hoc Groups.

• Updating and removing Ad Hoc Groups and Members can be done from both the UI and by using APIs.

• You can replace a recipient with an Ad Hoc Group.

• Similarly, you can convert an Ad Hoc Group into another recipient type.

• You can define a specific language for your Ad Hoc Groups.

• Using a signing order is now possible.

• Document visibility is now supported with Ad Hoc Groups.

• Signing reminders. Remind buttons are available at both the transaction level and at the recipient level.

• Scheduled email reminders

• A cleaner display of Ad Hoc Group recipient information in the Evidence Summary.

This feature is currently in BETA and only available for Sandbox environments.

BETA - New Transaction Dashboards:

We have updated our Transaction Analytic Reports with the following new Dashboards: (refs DAG-50)

• Transaction Performance: This dashboard helps to view and analyze the performance of transactions, including their distribution and changes over time.

• Transaction Velocity: This dashboard helps in analyzing the time taken for transactions to move through various stages to completion.

• Transaction Volume: This dashboard helps in analyzing the transaction volume and status trends across months, which in turn could help to identify patterns and performance trends.

Note the following:

• This feature is only available for users with Admin or Manager roles, or users with the Reports permission enabled for them.

• To enable this feature you must contact our Support Team.

• Data is currently restricted to transactions that were NOT purged or deleted before March 30, 2025. Starting April 2025 all transactions data will be available.

This feature is now available in all environments (with the exception of FedRAMP environments - for more information see Unsupported FedRAMP features).

A new data retention disclaimer has been added:

We have added a disclaimer to the Data Retention page to clarify the precedence rules for data deletion. To summarize, if the Total Transaction Lifetime limit is shorter than any other Data Retention limit, the Total Transaction Lifetime limit will take precedence and delete the transaction once it reaches the set limit. Note that this disclaimer is for informational purposes only - no changes have been made to the way data retention works. (refs PB-113365)

BETA - Counter Signing Enhancements

Counter Signing is now supported for both Account Senders and Transaction Owners (Myself) recipients, specifically for eSigning and In-Person eSigning transaction types. This enhancement covers the entire end-to-end flow—from configuring counter signers in the Sender UI to completing the Signer Experience — ensuring smooth transaction creation, signing, and completion.

Counter Signing is also now supported in Bulk Transactions, ensuring consistent signer behavior across single and bulk transaction flows.

This feature is currently in BETA and only available for Sandbox environments.

Workflow Integrations

Within OneSpan Sign for Salesforce you can now enable or disable the signing order feature that was introduced in OneSpan Sign Release 25.R.1 (refs PB-111794)

We have made the following enhancements to our OneSpan Sign for Greenhouse, OneSpan Sign for SharePoint, OneSpan Sign for MS Dynamics, and OneSpan Sign for HubSpot Workflow Integrations: (refs PB-111184, 113079, 113082)

• Users can now add an authentication method (SMS, Q&A) for contacts.

• Multiple signers can now be added to contact fields.

• You can now define a signing order for your contacts.

We have also developed a new Workday integration that aligns more closely with the Workday Business Process framework. This integration incorporates signing as a sub-process within a business process. In this process, a signing step is triggered upon the completion of the preceding step, and the completion and archiving of signed documents subsequently trigger the next step in the business process framework. (refs DAG-103)

The Transaction Report now displays two additional columns to give you additional information on your transactions: (refs PB-108394)

• Source of Transaction: The Workflow Integration that initiated the transaction. For example, CRM, or HubSpot.

• Destination of Transaction: The archiving or storage location of the transaction. For example, Google Drive.

Bug Fixes

The following issues were resolved in this release:

Administrators

• In situations where a user had chosen to ignore a Geolocation prompt the Evidence Summary would include a misleading message stating “Geolocation: did not allow geolocation”. We have updated this message so that it now reads “Geolocation: user did not respond”. (refs PB-111867)

• Account Reports are once again generating on a daily basis. (refs PB-113170)

Authentication

• If a system error occurs during IDV authentication (for example, if the network connection is broken or a system error occurs), users will see an error message and will no longer be prompted to enter a phone number. (refs PB-111867)

Notarization and Virtual Room

• When creating a Virtual Room transaction with a PST time zone, there was a discrepancy between the scheduled time defined in the transaction, and the time displayed in the meeting invitation send to the recipient. Specifically, the time zone displayed to the recipient was three hours earlier than the time specified by the Sender. This has been fixed. (refs PB-112691)

Senders

• The URL link in the email.lock.signer template would sometimes redirect a user to the Signer Experience, and not to the Sender’s dashboard. The link now works properly.  (refs PB-110927)

• Attempting to use an ampersand (&) in an email no longer results in an Invalid email error. (refs PB-111839)

• We have fixed an issue where the expiry time was different when using Expiry Date, versus when using Expiry Days.

Signers

• When attempting to view a Signer Experience on a Mobile device, values in drop-down lists would not appear properly. This no longer occurs. (refs PB-111868)

• We have fixed an issue where field names within error messages displayed in the Signer Experience did not match the field names defined in the Designer. (refs PB-112851)