Advanced User Guide

Customization of eSignAnyWhere

This advanced feature is for customizing the eSignAnyWhere Viewer for the signers. You can change the colors and logo to align them to your CI and set eSAW Viewer behavior. Therefore you have upload a ZIP-Archive with the new design settings. You can download a design template and change it. Moreover you are able to set a redirect URL when a document is finished.

If the feature is available for your organisation, you can:

• set a redirect URL for finished documents
• upload a design
• reset to default design
• download a design template
• download current design

The Customisation.zip file contains:

• variables.xml: contains the style configuration of eSignAnyWhere. The comments in the file will help you to modify it.
• global_variables.xml: contains settings for the eSAW Viewer
• /files/logo_sidebar_collapsed.svg & /files/logo_sidebar_expanded.svg: Logos in the top-left of your eSignAnyWhere customization

If you have modified the files just put them in an archive and upload via UI. You can use instead of svg also png, gif or jpg.

Example: Change Default Color (purple to blue) and Logo

Open variables.xml and look for “defaultColor” and replace #661864 with #000044 (dark blue).

Replace

<variable name="defaultColor" value="#{[color:#661864]}#"  ... />

with

<variable name="defaultColor" value="#{[color:#000044]}#"  ... />

(simplified version)

For changing the Logo you have to put your Logo in the subfolder /files. Then you have to change the variables.xml to set the new files (e.g. my-logo-large.png and my-logo-small.png).

<variable name="logoCollapsedUrl" value="#{[image:my-logo-small.png]}#" ... />
<variable name="logoExpandedUrl" value="#{[image:my-logo-large.png]}#" ... />

Save the files and pack it in a zip-file (e.g. “my-style.zip”), with same structure as the downloaded Customization.zip, and upload it as new design in your organization settings.

Customization – Viewer Policy

You can also set your default viewer policies. So you can in addition to the visual appearance also set the UI elements. For details about the policy paramenter check the SignAnyWhere Viewer Customization page.

Email Templating

The Email Templating allows you to adopt the email, sent by eSignAnyWhere. A default template and default notifications are preset for every organization and can always be restored to default. For each language set in “Localization”, a separate template and notification can be set. This allows you to set up languages, which are not directly supported by eSignAnyWhere and sent the notifications in the, by you translated, language to the recipient.

Note: If a recipient has an eSignAnyWhere user account (on the same instance), the user will receive the mails in his/her prefered language. Sample: the recipient has a eSAW language set in German and you sent her/him an envelope in Italian, he/she will receive the notification in German (his prefered language).

There are three types of templates:

• email master template “TEMPLATE”
• reminder template for reminder notifications “ReminderText”, which is used a prefix for the subject of the mail (e.g. “Reminder: “)
• email notifications, the text/wording/layout used for a certain type of notification and is placed within the master template

The email master template is called “TEMPLATE” and defines the basic layout of the notifications for the given language. You can define, for example a header, logo, footer, etc. The {{Content}} element is a placeholder to be replaced by the email notification template (e.g. “Sign”) to place the notification information and text.

You can select the following placeholders, but please note that not all placeholder are available in all notifications! In general placeholders of the eSAW default notification are available for the notification type.

Email Notification Types

Besides the master template “TEMPLATE” and the reminder type “ReminderText” the following types are available:

*Note: You only get this notification if you wanted to open the envelope at a time another signer has already opened the envelope. After he/she has finished the signing you will get the notification.

**Note: You only get this notification if authentication for the recipient is activated. If no type of authentication is enabled the sender gets the regular notification of delegation with no need of an action.

***Note: Only active directory.

Simple Example

Messages exists of the placeholders (see above) and basic HTML tags. Therefore a HTML knowledge for modifing the messages is useful (<br />, <p>...</p>, <strong>...</strong>, <h3>...</h3>).

<h4>The envelope "#EnvelopeName#" has been signed by the following recipients:</h4>
<p>#RecipientList#</p>

Set placeholder	Result

Restore Default Template

If you click on restore the current selected template will be restored to the systems default.

Bulk Envelopes

1. Design the Workflow

New buttons “Add Bulk” and “Bulk CSV Template” are available. You can add one bulk per envelope and you are defining the bulk recipients via CSV file. The “Bulk CSV Template” generates your desired bulk recipient configuration. So you are able to define Authentication or Information for Remote or Disposable Certificates in the CSV. Please note that you have a maximum of 1000 recipients per bulk.

The Bulk Recipient in the Recipient List.

You can see the uploaded recipient list and the number of recipients found in the uploaded CSV file.

2. Designer

In the designer the bulk recipients behave like a normal recipient. You can place and define its signature fields, form fields or predefined fields.

3. Manage Bulk Envelopes

The bulk envelopes are listed normal in the document overview with special bulk envelope features. The statistics are added (number of completed, rejected, … envelopes of the bulk). Moreover you still can control each unique workflow.

Bulk Envelopes API

Sending a bulk is basically creating multiple independent envelopes, which are linked together by an identifiert (bulk id). The API allows accessing the bulk and its envelopes. Please note that only one bulk per envelope is allowed.

Sending a bulk via SendEnvelopes or CreateDraft is simple.

<envelope>
  ...
  <steps>
    ...
    <step> <!-- a bulk step is a step with multiple recipients -->
      ...
      <recipients>
        <recipient>
		...
        </recipient>
        <recipient>
        ...
        </recipient>
      </recipients>
    </step>
    ...
  </steps>
  ...
</envelope>

Result of sending a Bulk is different of sending an envelope. You will receive a bulk identifier in addition.

<apiResult version="0.0.0.0">
   <baseResult>ok</baseResult>
   <okInfo>
      <bulk id="dc4cdaa9-c204-470f-986d-94786ff159f7">
         <envelopeId eMail="mail1@eflowauto.test">2daf11a0-6802-474b-bb48-df4b199b026a</envelopeId>
         <envelopeId eMail="mail2@eflowauto.test">18c7245f-2a78-45b8-9262-3ffe05a62fd1</envelopeId>
      </bulk>
   </okInfo>
</apiResult>

The Callbacks got an additional bulk parameter to provide the bulk id:

http://www.mycallback.at?envelope=##EnvelopeId##&bulk=##BulkId##&action=##Action##

Finding Envelopes (v1) of Bulk: per default only bulk parent are returned. If you want to get the children of a bulk use the bulk parameter:

<findEnvelopesDescriptor>
   <status>Active</status>
   <bulk>dc4cdaa9-c204-470f-986d-94786ff159f7</bulk> <!-- new filter parameter -->
</findEnvelopesDescriptor>

The FindEnvelopes_v2 will return in the Extended version also details about the bulk id.

GetEnvelopesById also returns the bulk id. If you are calling with the bulk id, a list of all bulk recipients and its envelopes ids is returned.

GetEnvelopesById with a Bulk ID:

<apiResult version="0.0.0.0">
   <baseResult>ok</baseResult>
   <okInfo>
      <envelopeStatus>
...
         <id>5b69258c-2327-43ba-80ad-53b4b6a2f3eb</id>
         <bulk>5b69258c-2327-43ba-80ad-53b4b6a2f3eb</bulk>
...
         <bulkRecipients>
            <bulkRecipient eMail="test1@eflowauto.test" id="e9b53acc-9378-4308-99be-0fca92465dac">
...
            </bulkRecipient>
            <bulkRecipient eMail="test2@eflowauto.test" id="5701da00-2b8c-4e2a-8698-a66c43c3e4c7">
...
            </bulkRecipient>
         </bulkRecipients>
      </envelopeStatus>
   </okInfo>
</apiResult>

GetEnvelopeId with an envelope id, which is part of a bulk:

<apiResult version="0.0.0.0">
   <baseResult>ok</baseResult>
   <okInfo>
      <envelopeStatus>
...
         <id>e9b53acc-9378-4308-99be-0fca92465dac</id>
         <bulk>5b69258c-2327-43ba-80ad-53b4b6a2f3eb</bulk> <!-- bulk id is set - see find result above -->
...
         <bulkRecipients>
            <bulkRecipient eMail="" id="">
...
            </bulkRecipient>
         </bulkRecipients>
      </envelopeStatus>
   </okInfo>
</apiResult>

SAML Support

Examples of Use Cases

• ADFS integration for eSAW backend users
• Signer authentication with external SAML service

How to configure OAuth2 Authentication

OAuth2 enables you to configure an external authentication method, such as LinkedIn or Facebook. In this section you find how to configure them.

The signer will see an additional external authentication option. A pop-up appears, where the signer has to enter his credentials to authenticate. eSignAnyWhere will receive a temporary token to receive some authentication information, which will be stored in the audit log of the envelope. You can integrate any external OAuth 2.0 service. For example the open source project OAuthServer (https://oauthserver.codeplex.com/) would enable you to connect your AD/LDAP via OAuth 2.0 and eSignAnyWhere, or you can implement your own OAuth 2.0 service.

OAuth2 – LinkedIn

Step 1: Create a new LinkedIn App

Go to your LinkedIn Account and create a new LinkedIn App. You have to enter a name (e.g. “my-eSAW-Authenticator”, a description, URL and some additional information). Once you have created your LinkedIn App you have to finish the configuration.

Step 2: Configure LinkedIn App

In your LinkedIn App you will find your (secret) client-id and client-secret, and the available scopes (e.g. r_basicprofile r_emailaddress). It is important to separate the scopes with space ” “.

You have to add a OAuth 2.0 forwarding URL. The URL for eSignAnyWhere is https://www.significant.com/esawviewer/HttpHandlers/AuthHandler.ashx.

Step 3: Configure eSignAnyWhere

Open the Settings > Organization page and add a new OAuth 2.0 provider. Enter the LinkedIn credentials as below (see LinkedIn documentation for current configuration!). The Identifier is your unique identifier for using with API. The ressources URIs are called for data, which will be stored in the audit-log.

Ressources

LinkedIn and OAuth2: https://developer.linkedin.com/docs/oauth2

OAuth 2.0 – Facebook

Step 1: Create a new Facebook App

Go to Facebook Developer, login and create a new Facebook App. You have to enter your App Name (e.g. “my-eSAW-Authenticator”), a contact email-address and a category.

Step 2: Configure your Facebook App

In your Facebook App dashboard and subpages you will find the API ID (similar to Client Token) and the App Secret (similar to Client Secret). You have to add a Facebook Login product to your app (OAuth2). In the settings page of your Facebook Login you can configure the OAuth Redirect URI (https://www.significant.com/esawviewer/HttpHandlers/AuthHandler.ashx).

For the scope you will need to add permissions, which can be found here. For this example we are using the following permissions: public_profile email user_about_me. It is important to separate the scopes with space ” “.

Step 3: Configure eSignAnyWhere

Open the Settings > Organization page and add a new OAuth 2.0 provider. Enter the Facebook credentials as below (see Facebook documentation for current configuration!). The Identifier is your unique identifier for using with API. The ressources URIs are called for data, which will be stored in the audit-log (see Facebook documentation).

The configured Ressource URI returns a JSON object with the specified parameter. These parameter can be defined in the fields to force a specific LinkedIn user to authenticate (e.g. email address). HINT: to see what data is returned in the Ressource URI send yourself an envelope and have a look in the audit trail. It contains the returned object with its parameter. Note: Parameter in Ressource URI of LinkedIn is not the same in the result (email vs. emailAddress).

The Ressource URI will return data of the profile. With the “Graph API Explorer” you can build and test your own profile requests. With the optional configuration of “Fields” you can define fields, which are checked for authentication. So you can force a specific user (e.g. identified via email, id or birthdate) to authenticate. Other users are not accepted.

{
  "id": "5761459xxxxxx",
  "name": "Firstname Lastname",
  "first_name": "Firstname",
  "last_name": "Lastname",
  "email": "some@email.com",
  "birthday": "01/01/2000"
}

Ressources

Facebook Developer: https://developers.facebook.com
Permissions: https://developers.facebook.com/docs/facebook-login/permissions/
Facebook API: https://developers.facebook.com/docs/graph-api/using-graph-api/

Force a specific user to authentication

You can force a specific user to authentication via checks in the authenticator (based e.g. on userid or email). Via API you configure the authentication with a “check”.

<authentications>
  <authentication>
    <!-- CustomAuthenticationProvider will be mapped to GenericOAuthProvider -->
    <method>CustomAuthenticationProvider</method>
    <parameter>nameofprovider</parameter>
    <checks>
      <check compareOperation="equals" fieldId="userprofile" value="a232656-6656-5665"></check>
    </checks>
  </authentication>
  <authentication>
    <method>CustomOAuthProvider</method>
    <parameter>nameofprovider</parameter>
      <checks>
      <check compareOperation="equals" fieldId="useremail" value="jordan@xyzmo.com"></check>
          <check compareOperation="equals" fieldId="userprofile" value="a232336-6656-5665"></check>
    </checks>
  </authentication>       
</authentications>

Advanced Document Tags

Here you can download a PDF which contains two recipient tags and some additional tags like a Checkbox and a Textfield.

Start and Endmarker in the Document [[tags]]

Parameters

Signature Fields

[[!sigField1:signer1:signature(sigType="Click2Sign,Draw2Sign",batch=1):label("some label"):size(width=10,height=10))]]
sigType, batch, label, size are optional.

Supported signature types: Click2Sign, Draw2Sign, Type2Sign, RemoteSignature, BiometricSignature, LocalCertificateSignature, DisposableCertificate

Attachments

[[myAttachment:signer:attachment:label("some label"):size(width=10,height=10)]]

label, size are optional.

Textfield

[[*myText:signer2:text(maxLength=100,password=1):default("default text"):font(name=Arial, color=#FF0000, size=12):alignment(left|right|center):size(width=10,height=10)]]

maxLength, mask, default, font, alignment, size are optional.

Checkbox

A required checked checkbox is for only one signer.

[[!chk1:signer:checkbox:size(width=10,height=10):checked]]

checked, size are optional.

RadioButton

All items of a group have to have the same name. Group of three RadioButtons for one recipient:

[[testRbnGroup:signer:radio(Red):size(width=10,height=10):checked]]
[[testRbnGroup:signer:radio(Green):size(width=10,height=10)]]
[[testRbnGroup:signer:radio(Blue):size(width=10,height=10)]]

checked, size are optional.

DropDown

[[myDrop:signer:dropdown(options="Red,Green,Blue",values="R,G,B",editable=1):default("R"):font(name=Arial, color=#FF0000, size=12):alignment(left|right|center):size(width=10,height=10)]]

values, editable, default, size, font, alignment are optional.

List

[[myList:signer:list(options="Red,Green,Blue",values="R,G,B",multiSelect=1):default("R"):font(name=Arial, color=#FF0000, size=12):alignment(left|right|center):size(width=10,height=10)]]

values, multiSelect, default, size, font, alignment are optional.

Offset

You can define a offset by using

:offset(x=-10.5,y=-50.6)

The offset starts at the lower left position, is using points as unit and numbers (double) as input. A positive x value moves to right and a positive y value moves up. Note: this is support eSAW version 3.0+.

Variables

Use to reuse some fragments and allow an easier placement of the text markup into floating text.

Definition:

[[#myFontSettings=:font(name=Arial, color=#FF0000, size=12):alignment(left|right|center)]]

Usage:

[[myList:signer:list(options="Red,Green,Blue",values="R,G,B",multiSelect=1):default("R")$myFontSettings:size(width=10,height=10)]]

Input Validation

Input Validation is available with version 3.1. It might be helpful to check the workstep configuration documentation for accepted formats.

• Date
  • Requires a date field for signer1

  • [[!someDate:signer1:date(format="dd. MMMM yyyy"):range(from="13. März 2018",to="18. December 2019")]]

  • range is optional and must match with defined format
• Email
  • optional for email field

  • [[someMail:signer:email()]]

• Number

  • [[someNumber:signer:number(decimalPlaces=2,decimalSeparator=comma,thousandsSeparator=point,symbol="€",symbolLocation=endWithBlank):range(from="-300,00 €",to="5.000,00 €")]]

  • range, decimalSeparator, thousandsSeparator, symbol, symbolLocation, are optional
  • decimalSeparator: comma, point, apostrophe, none
  • thousandsSeparator: comma, point, apostrophe, blank, none
  • symbolLocation: start, startWithBlank, end, endWithBlank
  • range must match with defined format
• phone

  • [[somePhone:signer:phone(type=international)]]

  • type: international, internationalLeadingZero, internationalLeadingPlus
• time

  • [[someTime:signer:time(format="HH:mm"):range(from="12:00",to="18:00")]]

  • range is optional
  • range must match the defined format

REST example

For detailed information of using api calls in REST please also see this tutorial: Postman_tutorial.

You can download the PDF for the following tutorial here.

To test it yourself, use the following endpoint: https://demo.xyzmo.com/api.asmx?WSDL.

1. Prepare a PDF document
2. Upload the document (uploadtemporary)
3. Prepare the envelope (prepare)
4. Send the envelope
5. Result

Step 1: Prepare a PDF document

You can either prepare a PDF document with field markups or use this sample document: sample.

Step 2-4: Upload, prepare and send envelope

For these steps you can download the JSON file with the configurations here.

Result

SOAP example

For detailed information of using api calls with SOAP please also see this tutorial: SOAP_tutorial.

You can download the PDF for the following tutorial here.

To test it yourself, use the following endpoint: https://demo.xyzmo.com/api.asmx?WSDL

1. Prepare a PDF document
2. Upload the document (UploadTemporarySspFile_v1)
3. Prepare the envelope (PrepareSendEnvelopeSteps_v1)
4. Send the envelope (SendEnvelope_v1)
5. Result

Step 1: Prepare a PDF document

You can either prepare a PDF document with field markups or use this sample document: sample

Step 2: Upload the document

In the next collapse with the title “upload_example” you can find a configuration for uploading a document:

Step 3: Prepare the envelope

The “PrepareSendEnvelopeSteps_v1” call parses the document. Therefor we get the exact positions of the field markups so that we can place them in the next step. In the next collapse with the title “prepare_example” you find a sample for the adHoc workstep configuration which is needed for this call.

Note: The following lines of code of the prepare_example are the configuration of the fieldmarkups. You can either decide to clear the field markup strings or not with the value (0,1). In this example we clear the strings because we have no use of them later.

<esig:prepareSendEnvelopeStepsDescriptor>
         &lt;prepareSendEnvelopeStepsDescriptor&gt;
         &lt;clearFieldMarkupString&gt;1&lt;/clearFieldMarkupString&gt;
         &lt;/prepareSendEnvelopeStepsDescriptor&gt;
</esig:prepareSendEnvelopeStepsDescriptor>

After a successful configuration you get a new workstep configuration including the form fields at the end. With the sample PDF the addFormFields section of the new workstep configuration should look like:

<addFormFields>
        <document docRef="1">
          <textBox name="myText1" readOnly="false" required="true" x="72" y="563.477001953125" width="200" height="65.149999999999991" page="1">
            <fontSettings>
              <textColor>#FF0000</textColor>
              <fontName>Arial</fontName>
              <fontSize>12</fontSize>
              <fontStyleBold>false</fontStyleBold>
              <fontStyleItalic>false</fontStyleItalic>
              <textAlign>Center</textAlign>
            </fontSettings>
            <value>Place for signer1</value>
            <maxLength>100</maxLength>
            <isMultiLine>false</isMultiLine>
            <isPassword>false</isPassword>
            <isFileSelect>false</isFileSelect>
            <isScrollAllowed>false</isScrollAllowed>
            <isComb>false</isComb>
          </textBox>
          <checkBox name="chk1" readOnly="false" required="true" x="72" y="439.802001953125" width="25" height="25" page="1">
            <isChecked>true</isChecked>
          </checkBox>
        </document>
      </addFormFields>

Step 4: Send the envelope

After you received the new workstep configuration you can now send it to recipients. If you want use another workstep configuration but with the same form fields you can just add these form fields to the configuration. The next collapse contains a sample workstep configuration and the form fields for the sending api call.

Result

QES with Disposable Certificate

To use the disposable certificate you just click the settings for the recipient to edit her/his information for the certificate. You need the following information:

• Country of residence
• Mobile phone (required for sending the one-time-password via SMS)
• Social security number
• Document number
• Document issued by
• Document issued on
• Document expiry date
• Document type (e.g. Driving License or Passport)

In the designer you have to select the signature field type as “Dispoable Certificate”.

The signer will receive its email as usual and when wants to sign a disposable certificate signature field he will get a one-time-password via SMS. The counter on the disposable certificate starts by signing the first signature.

When the document is finished you can validate, for example, the qualified electronic signature in Adobe Reader.

QES with Remote Certificate

If the user has a long lived certificate you can use the Digital Remote Signature option. It is similar to the disposable certificate, but you must not provide so much information, be the user is already registered. It is not required to define the User Id or Device Id, then the signer must enter the data himself.

In the designer you must select the Digital Remote Signature for the signature type.

P7M Signers

The P7M signer can be defined in the recipient list (P7M Signer Type). The P7M signer has no assigned signature fields in the document, so you will not be able to assign signature fields, form fields or predefined fields for him or her.

When a workflow with a P7M signer is finished you will not receive a PDF document, but a signed P7M container with the PDF.

The workstepconfig must be extended with a invisibleSignature, Task and a document information:

<signatureTemplate>
	<InvisibleSig>
		<id>pkcs1</id>
		<TargetDocument>
			<DocRefNumber>1</DocRefNumber>
			<completed>0</completed>
		</TargetDocument>
		<TargetDocument>
			<DocRefNumber>2</DocRefNumber>
			<completed>0</completed>
		</TargetDocument>
		<TargetDocument>
			<DocRefNumber>3</DocRefNumber>
			<completed>0</completed>
		</TargetDocument>
	</InvisibleSig>
</signatureTemplate>

Taskdefinition:

<WorkstepTasks SequenceMode="SequenceOnlyRequiredTasks">
	<Task enabled="1" completed="0" required="0" id="pkcs1" displayName="" DocRefNumber="1" type="SignPkcs7" finishPercentage="0" />
</WorkstepTasks>

EnvelopeDocumentInforamtion

<WorkStepInformation>
    ...
    <EnvelopeInformation>
        <EnvelopeDocumentInformation numberOfPages="1" DocRefNumber="1" name="" isOptionalDocument="0" isPkcs7="0" enabled="1" />
        <EnvelopeDocumentInformation numberOfPages="1" DocRefNumber="2" name="" isOptionalDocument="0" isPkcs7="0" enabled="1" />
        <EnvelopeDocumentInformation numberOfPages="1" DocRefNumber="3" name="" isOptionalDocument="0" isPkcs7="0" enabled="1" />
    </EnvelopeInformation>
	...
</WorkStepInformation>

Automatic Remote Signatures

If you create a workflow, a new type “Add Automatic” recipient is available. The automatic remote signature / esealing is applied automatically to the document, if it is the automatic recipient turn. The workflow continues automatically with the next recipient after the automatic recipient.

• Automatic Remote Signatures / eSealing are an optional eSignAnyWhere feature
• User Managers can configure the automatic remote signature / esealing profiles in the Organization settings page, when they have enabled the user option “Allow Automatic eSealing”
• Power use can use the automatic remote signature / esealing profiles, if they have the user option “Allow Automatic eSealing” enabled

1) Automatic Remote Signature Profiles

The profiles for automatic remote signatures are managed via the organization’s settings page (so only by user managers). For creating an automatic remote signature profile you need a description (e.g. name), the username and the password.

Attention: if a power user wants to use the automatic remote signatures, the user must have enabled the user right “Allow automatic eSealing” (see “Settings” > “Users”).

2) User Settings

User must have enabled the option “Allow automatic eSealling” to use the automatic remote signatures / esealing within a workflow.

3) Creating a workflow with automatic remote signatures

In the eSAW UI you can add an automatic signer / esealing via button in the recipient list “Add Automatic”. Then the profile must be selected for the automatic signature / esealing. Attention: the power user must have the right “Allow automatic eSealing” enabled (see “Settings” > “Users”).

Creating the Automatic Remote Signature Recipient via API

Via API you have to use a new recipient type (“Automatic”). Moreover the workstepConfiguration must contain information about the automatic remote signature. As additional option, you can user more than one profile for the workstep configuration at once via API. Note: this leads to a missing information in eSAW UI!

1) Envelope XML with new recipient type “Automatic”

<envelope>
  ...
  <steps>
    <step>
      <emailBodyExtra></emailBodyExtra>
      <orderIndex>1</orderIndex>
      <recipientType>Automatic</recipientType>
      <workstepConfiguration skipThirdPartyChecks="0">
      ...
      </workstepConfiguration>
      </step>
  </steps>
</envelope>

2) Workstep Configuration

2.1) Define Signature Field in WorkstepConfiguration

<sig id="GENERIC_SIG_IDENTIFIER">
  <DocRefNumber>1</DocRefNumber>
  <param name="enabled">1</param>
  <AllowedSignatureTypes>
    <sigType id="automatic" type="AutomaticSignature" preferred="0">
	  <trModType>RemoteSignature</trModType>
	  <ImageRenderingLanguage>en</ImageRenderingLanguage>
	  <SealingProfileId>SEALING_PROFILE_IDENTIFIER_FROM_ORGANIZATION_SETTINGS</SealingProfileId>
    </sigType>
  </AllowedSignatureTypes>
</sig>

The sealing profile identifier can be found in the organization settings page at the automatic remote signature settings (Identifier).

2.3) Finalize Action in WorkstepConfiguration Policy

<Policy version="1.1.0.0">
  <FinalizeActions>
	<AutomaticSignature sigId="GENERIC_SIG_IDENTIFIER" />
  </FinalizeActions>
</Policy>