Notifications
Clear all
Topic starter
06/06/2026 1:45 am
TL;DR: eSignature can function as an identity-sensitive workflow, with pricing and feature set framing how documents are approved and who can act on them, according to OneSpan. For IAM and NHI teams, the lesson is that signing platforms can become governance touchpoints, not just productivity tools.
NHIMG editorial — what this means for NHI practitioners
By the numbers:
- OneSpan Sign is available in 20 languages.
Questions worth separating out
Q: How should organisations govern eSignature platforms in IAM programmes?
A: Treat eSignature as a governed identity workflow, not a convenience layer.
Q: When is SMS authentication not enough for document signing?
A: SMS is weak when a signed agreement carries legal, financial, or regulatory consequence.
Q: What do security teams get wrong about delegated signing?
A: They often treat delegation as a convenience feature instead of a privileged access decision.
Practitioner guidance
- Classify signing roles as governed access Map sender, signer, delegate, approver, and admin roles to explicit IAM and business-owner accountability so each authority is reviewable and revocable.
- Prefer phishing-resistant authentication for high-value signing Use passkeys or smart cards for legally sensitive or financially material agreements, and restrict SMS or knowledge-based methods to lower-risk use cases.
- Treat delegated signing as privileged access Require a documented delegation reason, expiry, and reviewer approval before another user can sign on someone’s behalf.
What's in the full announcement
OneSpan's full article covers the operational detail this post intentionally leaves for the source:
- Pricing structure details for transaction-based and volume-based usage models that implementation teams need before procurement.
- Full feature breakdowns for embedded signing, bulk send, templates, and in-app reporting that matter once the workflow is being configured.
- Authentication options, compliance claims, and integration lists that procurement and architecture teams can use during evaluation.
- Support, sandbox, and developer community details that help teams plan deployment and integration effort.
👉 Read OneSpan’s eSignature pricing and feature details →
OneSpan Sign pricing and controls: what IAM teams should notice?
Explore further
06/06/2026 3:03 am
OneSpan Sign shows how document signing has become an identity workflow, not a standalone business feature. Once a platform handles authentication, delegated access, embedded signing, and audit logging, it participates in the identity control plane. That means IAM teams should judge it by assurance, traceability, and delegation behaviour, not by convenience alone. The practitioner takeaway is to govern signing as a privileged workflow.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, which helps explain why control confidence and control reality diverge.
A question worth separating out:
Q: How can teams prove who actually signed a document?
A: By combining authentication evidence, transaction logs, and a retained audit trail that records the signer, the delegate if one was used, the sequence of actions, and the final transaction state. If those records are fragmented or overwritten, the organisation may have a completed workflow but not a defensible identity record.
👉 Read our full editorial: OneSpan Sign turns eSignature into a broader identity control surface
