S-Sign Security Updates – April 2021


These updates are required for all customers upgrading to S-Sign version 2.178+
S-Docs version 4.400 is required for S-Sign version 2.178+


The S-Docs Development team is continuously striving to ensure our 100% native e-signature solution, S-Sign, employs the highest level of security. The S-Sign configuration steps have been slightly changed to align with Salesforce’s newest security recommendations. This article details the steps that you need to take to align with the latest updates.

Note: This article makes several references to your S-Sign Internal User. Your S-Sign Internal User is any licensed Salesforce user of your choosing. S-Sign operations that require internal data access will be conducted through this user's profile using the secure S-Docs Connected App. We recommend choosing a Salesforce Administrator.

Step 1. Create an S-Docs Connected App

The S-Sign security upgrades leverage Salesforce’s secure Connected Apps integration. If you are familiar with the S-Docs Run As User feature with the S-Doc Jobs object, you may have already created your S-Docs Connected App. If not, please navigate to this documentation article and follow the steps to create your S-Docs Connected App.

Note: For help troubleshooting your S-Docs Connected App configuration, please click here.

Step 2: Update Your S-Sign Site

Navigate to your S-Sign Site detail page. From the Setup menu, type "Sites" into the Quick Find bar, click Sites in the dropdown menu, and then click your S-Sign Site Label.

Click Edit to edit your Site, then uncheck the Lightning Features For Guest Users checkbox. Click Save.

Step 3: Remove Your S-Sign Sharing Settings

In previous versions of S-Sign, you may have configured Sharing Settings for the S-Sign Site Guest User. This security upgrade removes this requirement; therefore, these Sharing Settings should be removed.

From the Setup menu, type "Sharing" into the Quick Find bar, then click Sharing Settings in the dropdown menu.

From here, confirm for each S-Docs and S-Sign object that Default External Access is set to Private/Controlled by Parent. In addition, ensure that the Secure guest user record access checkbox is checked for each object.

Finally, remove any Sharing Rules created for the S-Sign Site Guest User (likely created on the S-Sign Envelope and SDoc Template objects). Be sure that the Sharing Rules you remove are specifically set for the S-Sign Site Guest User to prevent any issues outside of the S-Docs and S-Sign packages. Your Sharing Settings might look similar to the following:

Step 4: Set Your S-Sign Internal User and Assign Permissions

The S-Sign Internal User is a Salesforce user which all S-Sign operations are conducted by. All steps requiring internal data access will be performed by your S-Sign Internal User through the secure S-Docs Connected App. This was previously conducted by the S-Sign Site Guest User, which will no longer have access to any data in your internal org.

You likely set the username of your S-Sign Internal User when you completed Step 3 of the Connected App configuration guide. If you did not complete this step, navigate to Setup > Custom Settings > SDocsSettings, and enter the username of your chosen S-Sign Internal User into the ConnectedAppUserName field.

Note: We recommend using an administrator's username for the S-Sign Internal User.

After setting this Salesforce username, you need to assign the S-Sign Site Internal User Permission Set to said user. This is required for the S-Sign managed package processes.

From the Setup menu, type "Permission" into the Quick Find bar, click Permission Sets in the dropdown menu, then click on the S-Sign Site Internal User permission set.

Next, click Manage Assignments.

Then, click Add Assignments.

From there, choose the username that you specified as the S-Sign Internal User.

Once these steps are completed, you are ready to continue securely signing documents!

Tags: , , ,

Was this helpful?