See https://support.esign-app.com for eSign Documentation and Support

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

eSign for Jira
2024 Q4 Updates
Status: RELEASED (tick)
Releases: 2024-10-04, 2024-11-06

Contents

Signature Dashboard - New Feature

The new Signature Dashboard is available for all customers and projects. The dashboard provides a central location to review and manage signatures in a project and includes:

  1. My Signature Invites - a list of the issues the current user is actively invited to sign including waiting time and signature type.

  2. Open Signature Invites - every user that has active invites with aggregate count of open signatures and links to each.

  3. Unassigned Signatures - pending Signature Types (e.g. QA Approval, Dev Approval) on all issues that need users to be invited/sign.

  4. Signature Queries - a collection of our favorite queries to quickly find signature related issues in Jira. Use them directly, or modify and save them as your own filters for on demand or scheduled reporting.

Access the Signature Dashboard from the project page of any Jira project. It is available for all project types including Jira Service Management projects.

image-20241004-211336.png

A new dashboard button has been added to the Signatures issue panel to provide quick navigation back to the dashboard.

image-20241005-042208.png

Change Log

2024-11-19

  • IMPROVED PDF Signature Archive - added support for additional custom field types: labels, version (single/multiple), service desk approvals, etc.

  • TECH Tune threshold limits for incoming Jira webhook processing.

2024-11-06

  • IMPROVED JSM Portal enhanced - eSign now allows configuration of which Request Types allow signatures in the Service Portal. Configure in the eSign Project Settings > Jira Service Management section.

    image-20241106-184539.png


2024-10-04

  • FEATURE Introduction of Signature Dashboard.

  • IMPROVED Optional control “Restrict signatures to Invitees only” updated to limit users to only sign for the signature types they were invited for.

  • UX Visibly disable action buttons for anonymous users on public projects.

  • UX Improve error dialog visibility in dark theme.

eSign for Jira
2024 Q2 Updates
Status: RELEASED (tick)
Release Date: 2024-05-16
Last Update: 2024-09-05

Index

New Feature - Predefined Signees

For teams who have a consistent set of people that need to approve issues it is now possible to define the list of Signees within eSign Project Settings for each Signature Type/Issue Type. This feature was released in Beta earlier this spring and is now available to all customers.

image-20240516-224423.png

Once defined, these users can be automatically invited via the expanded Invite Users workflow post-function.

(info) Note that the Jira Workflow Editor for Team Managed Projects does not yet support post-functions. Until it does, this function can only be added in Company Managed Project workflows.

image-20240516-224801.pngimage-20240516-224730.png

New Project Options

4 new project options have been added for increased flexibility and controls. Configure these in eSign Project Settings.

image-20240616-033329.png

Option - Only Invitees can Sign

Users must first be invited to an issue before they can sign it.

Option - Cancel Alternate User Invites on Sign

If enabled, eSign will cancel invites for users with the same Signature Type/Meaning upon signature by another user. This option can be enable for teams that assign multiple “alternate” people to sign for the same role, and only one of them is needed.

This option complements the Predefined Signees feature above, and it will also work with users manually invited to sign the same issue and same signature type.

Option - Block Finalize if Pending Signatures

If enabled eSign will block users from performing Finalize if there are Pending Signatures or Open Invites.
Note this setting does not apply to the automated Finalize workflow post-function; the post function will always cancel Pending Signatures during Finalize.

Option - Notify Emails Link to (Service Management) Portal

For internally focused service projects it is now possible to direct the Signature Invite links to the JSM portal, instead of the default browse issue page. Use this when the invited Jira users should sign from the portal.

New App Option - Disable Bulk Signatures

For teams that do not want to enable bulk signature execution (i.e. allowing users to use one signing event to approve multiple issues), it is now possible to restrict bulk execution site wide.

Configure this in eSign App Settings. Bulk Signatures are enabled by default.

image-20240516-230022.png

Additional Items

2024-09-05

  • SECURITY Additional security hardening applied

2024-07-17

  • TECH Raised capacity of webhook processing

2024-07-11

  • FIX Fixed an issue where group role grants were not supported to authorize bulk signatures.

  • UX Improve on screen message when an Issue that was moved between projects after signing is detected.

2024-07-03

  • FIX Fixed the error message that was shown when attempting to sign an issue without an invite when the “Only Invitees May Sign” option was enabled.

2024-06-15

  • IMPROVED Added new Project Option: Notify Emails Link to Portal (see above)

  • UX Resolve an issue where the portal signature panel did not automatically refresh after a successful signature.

  • UX Add an administrator message in App and Project Settings page if the eSign license trial expired.

2024-06-05

  • IMPROVED Data Residency improvements to add support for automated migration of client sites between US and EU/DE environments.

eSign for Jira
2024 Q1 Updates
Status: RELEASED (tick)
Release Date: 2024-01-20

Index

#1 Pending Signature Placeholders

This update introduces Pending Signatures as placeholders for required signatures. These can be added to Issues via the Invite dialog or via the new workflow post-function.

Use Pending Signatures to indicate what Signatures Types are required for an issue, before any specific people are assigned/invited.

image-20240118-232427.png

Creating Pending Signatures

Pending Signatures may be created via the Invite Signatures dialog or via a workflow post-function.

In the dialog select the “Pending” checkbox to create an Unassigned Pending signature instead of Inviting a specific person. It is supported to mix Invited users and Pending.

image-20240118-232722.pngimage-20240118-233120.png

Notes

  • Unassigned Pending Signatures are enforced by the Required Signature workflow validator.

  • Pending Signatures will be automatically replaced by any Executed Signature or Invited User for the same Signature Type. (e.g. if Indira signs an issue for QA Approval, that will close off the Pending Signature for QA Approval.

  • Only one Pending Signature of any Signature Type is permitted at one time. Duplicates will not be created by the Invite Dialog or Post Function, even if they run multiple times.

  • Users with Invite privilege on Signatures can both create and cancel Pending Signatures.

  • Customers with workflows requiring signatures on read-only issue states are supported. Initializing the Issue Signature Panel with 1 or more Pending Signatures will cause it to be displayed for all users (including read-only users), allowing them to sign.

#2 Signature Audit Events

Go forward Signature Audit Events are now collected and displayed in a separate Signature Audit tab in the Issue Active panel.

The legacy eSign Signature comments will still be added to issues if enabled in Project Settings, but may be disabled to reduce comments and the user notifications.

image-20240119-045351.png

Audit Events in the PDF Archive Report

The PDF Archive Report has been updated and can display Audit Events if enabled in Project Settings. (Option is disabled by default).

Notes

  • The new Audit Activity tab will only display after Signatures are initialized for an issue.

  • Audit data is persistent, the administrator action to remove Signature data will not modify the audit data.

#3 One-Time Signature Pins

It is now possible to switch the eSign Signature Pins from the default Persistent mode to a One-Time Pin.

When One-Time Pin is enabled, for each Signature users will receive a new Pin via email that must be used to execute the next signature. As soon as it is used the One-Time becomes invalid.

For customers using Persistent Pins there is a new option to configure the maximum age of Persistent Pins (default is 180 days).

image-20240119-050905.png

Enabling One Time Pins

Administrators can enable One-Time Pin mode in eSign App Settings. This setting will apply to all site users.

image-20240119-050225.png

Notes

  • One-Time Pins are valid for 30 minutes from time of issue or until used for a signature.

  • The One-Time Pin is bound to the user, but not the issue. It can be used to sign any single issue.

  • Users can use the Pin Request link to ask for a new pin to be generated and emailed. Doing so will invalidate the previous Pin.

  • Users may not manually change One-Time Pins.

  • Bulk Signature Executions use a single One-Time Pin.

#4 Webhooks expanded for Slack/Teams Notifications

The eSign Webhooks have been expanded to send additional event data that Jira Automation can use for advanced and custom notifications to Slack, Teams, email and any other action supported by Jira Automation.

image-20240119-053944.png

Notes

  • Webhooks can be configured on Signature (Execute), Invite, and Finalize.

  • More examples are available in online documentation.

#5 Data Processing Residency available for Europe

eSign for Jira has added a new EU processing location. Customers now have the option to “Pin” their eSign app location to European Union, Germany or USA. Once pinned, the eSign server(s) in that location will perform all signature processing for that cloud site.

Note that eSign does not permanently store any end-user data outside of the Atlassian cloud. This change will have 2 key benefits:

  1. For customers with EU compliance requirements, pinning the location to EU will ensure that signature data processing occurs with the EU.

  2. Customers with Atlassian cloud sites located “closer” to the EU will notice faster response time when working with eSign as compared to the US hosted location.

Administrators can access and Pin apps within admin.atlassian.com. See this Atlassian article for more information on Data Residency. https://www.atlassian.com/software/data-residency

Application Residency and Diagnostics

To improve visibility, the eSign App Settings page now displays the current host location and measured client browser latency.

Access from Apps > Manage Apps > eSign Electronic Signatures > eSign App Settings

image-20240319-000819.png

#6 Additional Items

  • The PDF Archive report layout was streamlined and the Comments and (new) Signature Audit sections aligned.

  • Added new email troubleshooting guide: How to Resolve Email Delivery Issues

  • Changed display rule to hide the Issue toolbars (Add) Signatures button for users with read-only access if the Signature panel is not already initialized. This is being done to reduce confusion as Jira will silently block a read-only user from opening a new app panel. Recommendation is to use the Create Pending Signatures post-function to initialize the signatures before any read-only users need to sign so the button will be available (and functional).

  • 2024-03-11 Improved display of Signature and Invite dialog on small screens to reduce user scrolling.

  • 2024-03-11 Raised the Signature Type limit on the Invite dialog from 8 to 10.

  • 2024-03-18 Add Project admin email notification for post function errors due to project security and permission issues

#7 Issues Resolved

  • 2024-01-20 Resolved - The Show Void menu item could be clicked multiple times in the Issue Signature panel

  • 2024-01-23 Resolved - Bulk operations screen opened with error for customers with no eSign App Settings configured

  • 2024-01-27 Data Integrity - Added warning message when issues containing linked signatures were moved or cloned with third party apps.

  • 2024-03-25 Signature Import - Update import routine to request Jira token refresh for long running imports

eSign for Jira
2023 Q4 Updates
Status: RELEASED
Released: 2023-10-08

Index

Signature Types (New) OCT 8, 2023

This update upgrades the Signature Meanings into a more flexible and configurable Signature Type. This provides the following benefits:

  • Signature Types by default are available project wide for all issues. This is the default.

  • Signature Types can be restricted to specific combinations of issue types and states. (e.g. Only Enhancements and Defects that are In Progress.

  • Configure Signature Types to restrict what project role a user requires to execute the signature. A project role can be assigned to group(s) and/or user(s).

  • Signature Types can be individually enabled/disabled. The sort order of signature types (e.g. in the signature meaning picklist) can be adjusted by editing the position. (Hint: Set position to 4.5 to sort between position 4 and 5.)

  • Signature Types rules are also applicable to bulk operations (invites and signatures).

Restriction Rule Timing

  1. Issue Type rules are enforced at Invite time. (e.g. If Compliance Review is only applicable to New Feature issue types, Compliance Review will not show on the invite dialog for other issue types).

  2. All Signature Type rules are enforced at signature execution time.

Project Settings Automatically Upgraded

eSign will automatically convert existing project settings to the new signature type model. All signatures that are available today will continue to be available after the upgrade:

  • Standard signature meanings will become open (unrestricted) Signature Types.

  • Issue Type specific meanings will be mapped to issue type restricted Signature Types.

  • Project wide status restrictions will be applied to all signature types.

It is recommended to review eSign Project settings after the upgrade if the team is considering using the new configuration options.

Signature Execution Usability OCT 8, 2023

a) For improved compliance, the Signature Meaning field now requires the user to explicitly select the Meaning if there is more than one available choice. Note if the user was invited to sign for a specific meaning that will be pre-selected.

b) The Meaning (if necessary) or Signature Pin field is automatically in focus when the dialog is opened to improve usability and keyboard navigation.

c) Errors encountered during signing now display inline within the the dialog.

Signature Invite Improvements NOV 4, 2023

Improvements to Signature Invites including:

  • Unused Signature Invites are automatically cleaned up on Finalize of Signatures.

  • The Invite dialog has been expanded to support up to 8 signature types.

  • The Signature panel now shows how long each invite has been waiting.

Support for Multi-Role Signees NOV 4, 2023

For organizations that require the same person to sign for multiple roles in the same issue, it is now possible to configure eSign to allow this. Note that existing behavior is unchanged in that projects by default can only have One Signature per User (per issue status).

Embedded Image Rendering in Signature Archive PDF Report NOV 4, 2023

With this new enhancement (attached) images embedded into issue Description fields or Wiki formatted customer fields can now be rendered into the PDF Signature Archive reports.

(info) Images of gif, jpg, and png up to 1 MB in size are supported. Larger images will be replaced with a thumbnail.

Email Notify on Invite OCT 8, 2023

It is now possible to configure whether eSign will send an email to invited users. By default email notification is enabled.

Voiding individual Signatures and Cancelling individual Invites DEC 21, 2023

New options to Void individual Signatures and Cancel Invites are available from the row menu (…) in the signature panel.

Void Signature

Void Signature is available to the signee, owner and admins. Note that only signature captured within the current Jira issue status can be voided. Finalized signatures can not be modified.

image-20231221-200020.png

Cancel Invite

Cancel Invite is available to Signature owners and admins.

image-20231221-200208.png

New Signature Admin Post Function - Cancel Pending Signatures DEC 21, 2023

A new workflow post function is available to Cancel Pending Signatures during a transition.

Additional Items

  • Invite dialog - Prevent accidental submission with Enter key

  • API Security improvements

  • 2023-10-22 Address wrapping of custom fields with very long names in PDF archive

  • 2023-10-22 Correct background color theming of signature panel table header

eSign for Jira
2023 Q3 Updates
Status: RELEASED
Released: 2023-07-21

Support the new Jira Dark Theme

eSign for Jira now supports both the traditional Light theme and new Jira Dark theme. Screens will adapt to the theme to align with the current Jira mode.

(info) The option to switch Jira between Light and Dark themes is under the “Your Profile and Settings” menu > Theme..

Dark Theme

Light Theme

Workflow Post Function - Signature Invite by Group

Released 2023-06-18

The Signature Invite post function can now be configured to Invite By Group. With this option, all members of the Atlassian Group named will be invited to sign.

Workflow Validator - Required Signatures Group Search

Released 2023-06-18

The Signature Validator group selector was upgraded to provide a search function. This will allow customers with many groups (e.g. 100+) to attach them to the validator.

PDF Signature Archive

Released 2023-06-04

  • Display of wiki rendered tables enabled for description and custom text areas.

  • Custom field rendering added for “float”.

  • Additional protection added for unsupported custom field rendering errors.

  • JUNE 25 Notify user and project lead via email if the PDF signature archive report could not be attached to the issue.

Additional Items

2023-06-04 Content Security Policy enforcement enabled for eSign.

2023-06-04 Improved error messaging when Atlassian API requests time out (after 30 seconds).

2023-07-04 Fix issue with required signatures workflow validator expression not allowing a pass with empty group list configured.

2023-08-04 Fix issue with excessive notification emails when signature archives were not enabled for a project.

2023-09-05 Improve messages when eSign is not enabled for a project.

2023-09-14 Improve error message when eSign access is blocked by Jira project security settings.


eSign Document Management - New in 2023

In 2023 the eSign team released eSign Document Management for Confluence. If your team needs a comprehensive document review, approval, release workflow plus an integrated training module, powered by the eSign electronic signature engine.

View a 5 minute demo here: https://www.youtube.com/watch?v=kWjAzZRy2Wo&t=1s

eSign for Jira
2023 Q2 Updates
Status: RELEASED
Released: 2023-04-01

Contents

eSign Document Management

The eSign team has released a NEW app, eSign Document Management for Confluence. Take a look if your team needs a comprehensive document control solution that features the eSign electronic signature engine.

View a 5 minute demo here: https://www.youtube.com/watch?v=kWjAzZRy2Wo&t=1s

Added Integration with Jira Automation

With this update it is now possible to trigger Jira Automation rules via webhooks configured against eSign events. This will make it possible to automatically transition issues to a new status after signing, for example.

Enable the webhooks in eSign Project Settings. See the eSign Guide - JIra Automation Integration for more information and examples

New PDF Signature Archive customization options

As requested by a few customers, the PDF Signature Archive report can now be customized to show or hide Attachments and or Comments.

Default behavior is still to include all attachments and comments (unchanged). Adjust this in eSign Project Settings.

PDF Signature Archive - Improved Compliance Options

To assist with compliance to internal quality and regulatory departments, the following updates have been made to the PDF Signature Archive report:

  1. The dates and time formats for all Jira standard and custom fields are now aligned with the regional and timezone context of the signature page. Previously custom Jira date and date/time fields sometimes were presented in different formats.

  2. Standard and custom fields configured to display in the Archive report are now displayed as N/A if they are empty.

  3. There is a new project setting to override all the date/time formats to be displayed in ISO 8601 format to address customers who require a full numeric and standards based date format in their formal documentation.

User Profile - Account Type added for JSM clarity.

The eSign User Profile now shows the Account Type field to assist with visibility and diagnosing issues on the Jira Service Management portal. The Account Type (Atlassian or Customer) determines how signatures operate within the portal.

Atlassian accounts have full signatures; the Execute Signature dialog operates the same way whether signing in the portal or within the Jira environment. These signatures are restricted by eSign Security settings (standard or advanced).

Customer accounts have limited signatures, they do not have a Pin and cannot choose a signature meaning. Customers accounts can sign any service request they have access to see.

Additional Items

  • Improvements to some error dialog handling and formatting

  • Security updates

  • Technical library updates

  • 2023-05-02 Minor layout adjustments to PDF Signature Archive report

eSign for Jira
2023 Q1 Updates
Status: RELEASED
Released: 2023-01-14

Contents

Signature Issue Type Restrictions and Meanings

It is now possible to choose which Issue Types (e.g. Epic, Enhancement, Task) in a project can have Signatures, and for each of those Issue Types configure an individual list of signature meanings (e.g. Dev Approval, QA Approval, Compliance Review).

Combining this option with Jira Issue Type specific workflows and eSign validators and post functions can allow customers to have very different approval paths for each issue type.

The Issue Type specific meanings are displayed in the Execute Signature , Invite Pages, as well as the bulk Sign/Invite options.

Configure the Issue Type restrictions in the eSign Project Settings page.

Extended Signature Verification for Built-in and Custom Issue Fields

In response to customer requests, we are please to announce that eSign for Jira has added support for Extended Signature Verification. With this enhancement, eSign can be configured to verify additional Jira built-in and/or custom fields have not been modified since signing.

In default field verification mode, captured signatures are checked against the issue Summary, Description, and Attachments. Now additional fields can be included with the signature verification. The issue history is searched for changes to any additional fields after a signature.

Globally Enable or Disable Signatures for all projects

For customers that have many Jira projects it is now possible to disable eSign for all projects, and selectively enable it for projects that require Signatures. Find this new option under Apps | eSign App Settings.

The eSign Project Settings page has been updated to make it clear what global setting is in place.

  1. Resolved issue with workflow required signatures validator unable to access/verify group memberships for certain users.

  1. The Verify Signatures feature now opens within a dialog to maintain issue context and improve usability. Ability to save and print verification reports remains. Note that Bulk Verification Reports, available from Advanced Search, still generates full page reports for up to 50 issues at a time.

  2. CDN Consolidation - external app resources that are loaded from content delivery networks have been streamlined to use a single primary CDN.

  3. Security Updates - A content security policy and other security improvements were applied.

1. Signature Execution - Email Capture

For additional traceability the user email address is now captured with every executed signature.  The email is displayed with the User name on hover in the Signature Panel, and on both the Verification Certificate and PDF Signature Archive.

Example: Signature Panel in Jira Issue

Example: Verification Certificate

Example: PDF Signature Archive

1. Workflow Enhancements

The Invite and Reset workflow post functions were updated to handle concurrency to allow both workflow functions to be attached to the same transition.

(info) TIP - As the invite post function references the current issue fields, ensure the it is added after the “Update change history for an issue and the issue in the database” step so that the current value of the invitees field set during the transition is sent to eSign.

2. Security Enhancements

Various hardening and security improvements were applied.

1. Workflow Enhancements - Void Signatures by Status

For customers that have complex/mult-stage signature workflows, the Void post function has been enhanced to allow selecting for which Status the signatures should be voided. This can be useful where the issue workflow is being reverted back to a previous state and some (but not all) of the signatures need to be voided and re-executed.

(info) Pre-Existing Void post functions will continue to void All signatures as before.

2. Service Management Portal

For customers that require Signatures within a service management project, but do not require external help desk users to sign, eSign can now be disabled only for the Service Mgmt Portal. A new setting in the eSign Project Settings page will control the display of signatures and the signature profile within the Portal

As part of this change the Signature Profile page (used to set Signature Pin and review language and timezone settigns) has been moved into the request links area for better visibility.

3. Other Updates

  • Minor update to the eSign Invitation email format to support Jira project keys that match reserved words and improve escaping for certain email clients.

  • Static resources max cache age have been extended to reduce reload frequency.

  • Switch certain resources to an alternate CDN to improve international support.

1. Service Management Portal - additional enhancements for internal Jira users.

With this update Internal Jira users (e.g for an internal help desk) can now view signatures on their raised service requests without requiring project level browse access.

Note that permission to Execute signatures requires either Edit issue OR use the Advanced Security option to grant eSign Execute Signature to a specific group. See Project Settings for more information on Advanced Security.

2. Support Documentation Moved

eSign online support documentation has moved to https://support.esign-app.com.

3. Security Updates

  • Security update in workflow administration

1. Service Management Portal now supports internal user signatures

The eSign functionality has been extended within Jira Service Management to allow full Atlassian user accounts to sign service requests within the portal, in addition to external customer users.

This enhancement introduces the following changes.

  • As before, customer accounts (customers) may sign service requests with an assertion checkbox.

  • Atlassian User accounts (users) may now view and sign requests within portal.

  • Users will be required to enter a Signature Pin and Meaning to sign.

  • Users/Customers with access to a Service Request will see all signatures on that request.

  • The eSign User Profile page is now available in the JSM Portal to allow Users to set or reset their Pin.

  • Users/Customers may only sign each request once within the Portal.

See https://support.atlassian.com/atlassian-account/docs/what-is-an-atlassian-account/ for more information on the difference between Atlassian accounts and Service Management customers.

2. Signature Meanings Extended

The limits on Signature Meanings have been raised.

  • Each project can configure up to 15 distinct signature Meanings

  • Each Meaning having a maximum length of 24 characters.

  • The length of the Meaning pick lists in the Execute Signature (sign single issue) and Bulk Execute (sign multiple issues at once) have been extended to show the longer meanings.

3. Faster Finalize with PDF Archiving

PDF Signature Archiving has been moved to background processing so that users do not have to wait for the PDF archive during the Finalize. Now after the Finalize is complete the Signature Archive process will start. Archiving will usually complete in less than 30 seconds.

4. Other Items

  • eSign User Settings page renamed to eSign User Profile to align with Atlassian User Profile conventions.

  • Minor UX updates for branding


Dec 2021 Update

Security Advisory on Log4j

Digital Rose has reviewed and confirmed that the eSign App is not vulnerable to the Log4J security issue (CVE-2021-44228). The implicated log4J library is not included in any client side or server side components.

For more information on Atlassian Cloud’s overall impact of this issue, see: https://community.atlassian.com/t5/Trust-Security-articles/Atlassian-s-Response-to-Log4j-CVE-2021-44228/ba-p/1886598

#1 Automate Invites from the Jira Workflow

It is now possible to create Invites on transition within the Jira workflow via the new Invite Users post-function. This can be combined with the workflow validators to enforce that defined users have signed the issue.

(info) Tip: Enable the No Pending Signatures option in the Signature Validator to enforce that all Invites (Pending Signatures) have been completed.

See Advanced Workflow Configuration for this and other workflow automation options.

#2 PDF Signature Archive - additional fields

As an extension to the custom field configuration introduced in November, single and multi-user pickers custom fields, as well as Service Management fields Customer Organizations and Request Participants can now be displayed on the PDF Signature Archive.

#3 Additional Items

  • eSign for Jira has achieved Atlassian Cloud Fortified program status.

  • A Refresh button has been added to the eSign Content panel to quickly show updated Signature changes from other users or workflow functions without reloading the entire issue.

  • Notification of recent eSign Updates are displayed to users in the eSign content panel on their first use after an update.

  • Minor cosmetic changes to the eSign User Settings page to make Pin Reset more visible plus information on the Atlassian Account ID.

  • Resolved an issue where eSign was blocked from creating comments for some JSM projects.


Nov 2021 Update

#1 Cloud Security Program

As a reflection of our ongoing commitment to security, eSign for Jira is now enrolled in the Atlassian Cloud Security program. In this program we invite trained security researchers to investigate apps for security vulnerabilities. Researches who find issues are rewarded with a bounty and then retest it after the vendor corrects the issue.

This program helps ensure the robust security of of Atlassian marketplace apps. See What is the marketplace bug bounty program? for more information.

#2 Fine-Grained Security

With this update the Advanced Security option has been enhanced to support fine-grained permissions. Execute, Invite and Finalize functions each have their own individually grantable permissions; this will allow more flexibility for teams that require more control over eSign.

Note that the legacy Execute permission has been renamed to eSign Manage and continues to allow access to all 3 core functions. This means that projects already using Advanced Security can continue with their current configuration with no changes.

#3 PDF Signature Archive - Custom Field Configuration

It is now possible to configure the list of and sequence for custom fields displayed on the PDF Signature archive for each Project via eSign Project Settings.

Only the selected custom fields will be included on the Signature Archive for this project. Field labels will be shown even if these fields are empty.

Default behavior (unchanged) in that all non-empty custom fields set on the issue are displayed.

#4 Signature Group Workflow Validator

The existing Signature Workflow Validator has been extended to allow restricting by Groups. With this change it is now possible to enforce that a number of signatures have been captured from a specified group of users. For more information see Advanced Workflow Configuration

Tip: If a transition requires signatures from multiple groups, the signature validator can be added multiple times to the transition.

#5 Void Signatures in Reset Post Function

The Reset Workflow Post Function has been expanded to allow the choice to “Void” signatures instead of clearing all signature data. Signatures Voided by this workflow are visible in the eSign Signature panel’s Show Void menu item.

For consistency, Administrative reset of signatures for the current status will now also Void those signatures.


Oct 2021 Update

#1 Workflow Automation

Enhanced options for Jira workflow automation have been introduced to eSign with this update. These tools can be used for additional process control within Jira projects.

  • User is a Signee (validator) - This new validator will verify that the user transitioning the issue has already signed the issue.

  • Required Signatures (validator) - Configure this existing validator to require a minimum number of signatures on the issue, and enforce if pending signatures (invites) are permitted before transition.

  • Finalize Signatures (post-function) - Add this new post-function to any workflow transition to automatically finalized signatures. This function will also generate the PDF Signature archive if enabled for the project.

  • Reopen Signatures (post-function) - This new post-function will reopen Signatures previously finalized (either manually or via the auto-finalized post-function).

  • Reset (Clear) Signatures (post-function) - This existing post-function removes all signatures for an issue; this is typically used to restart the signature process workflow if the material being reviewed has changed.

For more information see Advanced Workflow Configuration

#2 Signature Pin Security

This update includes a significant update to security features supporting the personal Signature Pin.

(info) Note that the Signature Pin is a supplementary identifier in addition to the Atlassian Cloud security controls for the Atlassian account. To apply a signature users must first authenticate with their Atlassian account, and then enter their Signature Pin.

In addition to some internal security improvements, users will notice the following:

  • Existing users will be prompted to reset their current Pin before they can execute any new signatures.

  • The minimum length has been extended to 6 characters.

  • Pins for first-time users must be generated via e-mail.

#3 Additional Items

  • Additional common issue fields (e.g. Components, Labels, Created/Updated Date, etc) added to the PDF Signature Archive.

#4 Security Patches

  • Nov 4, 2021 - incremental security patch applied.


Aug 2021 Update

#1 Bulk Signature Execution

A customer requested feature, this eSign enhancement allows users to apply their signature to multiple issues in a single operation. This feature will facilitate mass signature events such as releases and other high issue volume processing. A complement to the Bulk Invites function introduced in July, users can now sign up to 50 issues at one time via Advanced Search.

#2 Signature PDF Archiving

eSign now supports integrated PDF Signature Archiving of a point in time snapshot of the complete “Signed” issue. The PDF archives include comprehensive issue data, description, attachments, comments and all custom fields, and eSign Signatures and Signature Verification.

Once enabled for a project, Archives are automatically generated and stored as attachments on the Jira issue when Signatures are finalized. Users can view/download these archives on demand as needed for reference, audits, etc.

Notes:

PDF Archiving is disabled by default for projects. Enable PDF archiving in the eSign Project Settings page. Once enabled, the PDF Archive option will be checked by default on the Finalize Signatures page. A preview link is available to view the content (in html) of the PDF archive.

#3 Finalize Signatures

The new Finalizing Signatures feature allows users and teams to indicate that signatures are final for a specific issue. This function “locks down” signatures for the issue to make it clear that no further signatures are required. Neither Signature execution or invites are permitted on finalized issues.

Open Signatures

Finalized Signatures

The Final status is displayed in the Signature table footer and visually clear as the toolbar buttons are also hidden. Signature Verification reports are still available from the … (more) menu.

Note: There is also new custom issue date/time field “Signatures Finalized” which can be displayed and searched for within Jira to search for finalized or (not yet) finalized issues.

Reopen Signatures

Signature Administration includes a new option to Reopen Signatures for a finalized issue.

#4 Additional Items

Pin Reset

Pin Reset is now available from the eSign User Settings page (in addition to the Execute Signature dialog).

Verification Badges

Signature Verification badges were updated for clarity in the Signature Verification report and the (new) PDF Archive.
Note that PDF Archives are excluded from the Signature checksum (ie. PDF Archive(s) attached to the Jira Issue will not invalidate Signatures the way any other Attachment changes will)

Cosmetic Changes - Issue Signatures Panel

  • Signatures Open/Final state and summary counts are now displayed in the table footer with the Recent Changes and Help toolbar.

  • The Table heading now lists Signature Status. The (Issue) Status at time of Signature has been renamed Workflow.

  • Signature table height has been constrained to a maximum height. Jira issues with many Signatures now display in a scrolling panel.


Jul 2021 Update

#1 Bulk Signature Invites

This update introduces new Bulk Operations functionality for Bulk Invites and Bulk Verification. With this enhancement, users can operate on multiple issues at the same time leveraging the Jira Advanced Search capabilities.

  • Start with any Jira advanced search query or filter, then select a list of Issues that require signatures and send invites for all of them in one operation.

  • Invited users receive a new consolidated Invite e-mail

  • See Bulk Signature Operations for details.

(info) Stay tuned! Bulk Signature Execution is currently in development!

#2 Signature Invite Improvements

Signature Invite notifications are now sent directly from the eSign app servers. This not only allows us to send consolidated emails for bulk invites, but also allows us to include quick search buttons in the email to allow the participants to quickly find issues waiting on signatures for themselves and the current project.

Optionally, users or administrators can choose to save these quick searches as Jira filters and add them to a dashboard and/or set up periodic subscriptions to help manage Signature completion.

#3 Bulk Verification Report

Similar to the above, the bulk operations also allows generation of a bulk verification report for a search based or hand-selected list of issues.

  • Every signature on every issue is individually verified and the results collected into a single report.

  • The report is delivered to a web page but can be saved as PDF and stored.

#4 Additional Items

  • [SECURITY] Apply signed app install security enhancements required by Atlassian.

  • [USER EXPERIENCE] Extend CDN caching for certain libraries and static resources for improved performance.


May 2021 Update

#1 Security

This update is focused on security and technical infrastructure improvements. There will be minimal changes visible to most users.

  • Additional security enabled on Atlassian session tokens

  • Personal Signing Pins will now lock out after repeated invalid attempts. Use Pin Reset if this occurs.

  • Improved XSS protection.

  • API rate limiting applied to prevent high volume users from impacting service availability.

#2 User Experience

  • Hide the Invite summary totals if there are no invites for an issue, and simplify the format to X/Y ( signed invitations / total invitations ).

  • The background color of the Invited lozenge was changed to Blue to align with Atlassian Jira “In Progress” convention and provide visual distinction from the Imported tag.

  • Improved clarity of User Pin errors to show if Pin is not set, does not match, or is locked out.


Apr 2021 Update

#1 Electronic Signatures on Jira Mobile

The eSign team is excited to announce that we now support the https://www.atlassian.com/software/jira/mobile-app. With this update eSign Electronic Signatures are now available within the Jira cloud mobile apps on Android and iOS.

Users can execute and review signatures from within the native apps on their smartphones and tablets.

To support this new feature and the variety of screen sizes, the following user experience changes were made:

  • Signature Content display has been optimized for smaller screens through responsive design. Wider screens and landscape orientation will show more signature data; narrower screens will dynamically hide detail.

  • Execute Signature dialog updated reflow to fit on vertical screens.

  • Upgraded Pin Reset upgraded to function within the Execute Signature dialog so it is available on mobile.

  • Note: Advanced functions such as Signature Administration and Certificate Reports are not available on mobile.

#2 Legacy Signature Migration and Import

eSign now allows bulk import of pre-existing Signatures from external systems including legacy Jira Server plugins. With a flexible CSV style import format and optional fields and formats, customers will now be able to migrate signatures into eSign within Jira Cloud.

Look for the following new items:

  • New Signature Import administrative tool that will interactively parse, preview, and bulk load hundreds of signatures into Jira cloud.

  • New Import API created to support migration.

  • Signature Content and Certificate views updated to display imported signatures.

  • The Signature verification algorithms have been updated to identify and exclude imported signatures.

  • Comprehensive import documentation on formats, fields and the import/migration process has been prepared. See Signature Import and Migration


#3 eSign GDPR Compliance, Security and Privacy Assessments

To better support our growing international customers, we have recently published a GDPR compliance summary of eSign and other documentation to assist with regulatory and security assessments.

#4 Additional Changes

4.1 Security

  • The Signature Admin functions (e.g. Reset Signatures) have been restricted to Project Admins on the current project only. Previously the permission check required that the user was a project admin on at least one project, but not necessarily the current project. (Note: Released early March 23, 2021.)

4.2 User Experience

  • Pin Reset updated to complete the reset process within the Execute Dialog and the success message now includes the email address (masked) the reset was sent to.

  • Invited status lozenge color changed from yellow to “In Progress” blue to align with Jira conventions and distinguish from the new [Imported] signature possible state.

4.3 Documentation

  • The eSign Feature Summary has been added to the user documentation to assist with electronic signature app review and comparison.

  • Sample screen captures of Mobile App and Signature Import added to the User Guide


Mar 2021 Update

Update 1 released March 14, 2021

#1 eSign is now faster with Global CDN

eSign static resources are now distributed through the AWS Cloudfront Content Delivery Network (CDN). This will improve Signature display performance and reduce latency for eSign users as the CDN will cache shared resources globally.

#2 Service Management customer signature enhancements

eSign has supported customer signatures in Jira Service Managment (aka Service Desk) since August 2020. The Service Management Portal has now been updated to use client-side rendering for faster display of customer signatures.

Also customer (non-user) accounts may now optionally enter their Title as part of their signature. As with internal users, the Title is saved and may be reused for subsequent signatures.

#3 Other Changes

  • A "New Recent Updates" flag will display in the signature panel when a recent eSign update is detected.  The flag will clear after 7 days.

  • Minor changes to the table headings and help menu in the Signature display panel.

  • Minor cosmetic changes to the eSign Project and User Settings pages.


Feb 2021 Update

#1 Faster Signature Rendering

With this update eSign now utilizes client-side rendering to load and display existing signature content within the customer’s Jira instance. This change will significantly reduce user wait time to display the signature panel within issues, especially for international users not in close proximity to Eastern US eSign servers.

Note: There is no change to the layout of the signature data or the signature process and workflow. The new display is visually identical to the previous display technology and compatible with all pre-existing signatures.

#2 Improve Pin Reset Usability

The Pin Reset process within the Execute Signature dialog now includes a confirmation step for improved usability.

Pin Reset emails are now directly sent to users from the eSign servers (@esign-app.com). This change will allow the reset messages to be delivered immediately, instead of waiting for the Jira Issue Notifications service.

#3 Flexible Signature Administration

The Signature Administration panel (previously Signature Reset) now supports a new option for removal of Signatures for the current issue status only. This can be useful for multi-stage approvals where existing signatures on early states need to be preserved.

#4 Feature: eSign for Confluence

The eSign for Confluence app was released earlier this month. Now the eSign technology is available to electronically sign any Confluence content with the same robust, secure and compliant electronic signature capability as eSign for Jira. See eSign for Confluence in the Atlassian Marketplace for more information.

#5 Additional Changes

  • eSign hosting domain has changed to esign-app.com from esign.digitalrose.dev to align with the new direct email service.

  • The Execute, Invite and Reset dialog windows now support the quick close 'X' in the top right corner.

  • Signature Reset dialog was renamed to Signature Admin as the page allows removal of Pending Invites in addition to Reset.

  • The Show Void function in the Signature Panel was moved to the More (...) menu to conserve screen space as this option is rarely used.

  • Signature Export field storage format adjusted to allow for total length of all signatures greater than 256 characters. See Advanced Configuration | Addon Issue Fields for an updated example.


(info) See the eSign 2020 Change Log for additional change history

Feedback Request
Please share your eSign experiences with us. Let us know what you like, what you don’t and what features would make it better.

Leave feedback via the Contact eSign button in the Atlassian Marketplace

Recent Changes

Change History

  • No labels