Overview
OpenOTP Signature Plugin for Nextcloud allows authenticated users to either self-sign documents or submit them for signature to other Nextcloud users. It facilitates electronic signatures using your mobile device with the OpenOTP Server and OpenOTP Token, which validates your identity and ensures secure communication with all parties involved in the signature process.
This plugin supports all signature types provided by RCDevs: Standard, Advanced, and Seal.
To use this plugin, you need to have WebADM and OpenOTP servers running in your infrastructure (either on-premises or in the cloud). Please refer to the documentation for setup instructions. If your tenant is hosted on RCDevs or another cloud provider, you must provide a client certificate or API key issued by your tenant during the Nextcloud plugin configuration.
You also need a valid license for OpenOTP and should download the OpenOTP Signature Plugin for Nextcloud from the RCDevs website or the Nextcloud store. Additionally, ensure that you meet the prerequisites for e-signature with OpenOTP. Refer to the OpenOTP Signature documentation for further details.
Installation from Nextcloud Store
The installation process is straightforward. Navigate to the Nextcloud App Store and search for OpenOTP Sign
. Once you find it, proceed with the installation. Alternatively, you can find the application by browsing this URL or by visiting the Downloads section on the RCDevs website.
Configuration
Go to your Nextcloud page and then navigate to the Admin page/Additional settings, or go directly to the configuration via Administration button in the header.
Once you access the configuration page of the OpenOTP Sign plugin, configure it as described below.
- Set at least the
OpenOTP server URL #1
and theOpenOTP client id
, clickSave
.
You can also choose the types of signatures that will be allowed for your users:
Standard Signature
: Handwritten signature and initials for documents with multiple pages.Advanced Signature
: Certificate-based signature. This type of signature must be controlled by Client Policies to define the scope of the issued certificates (e.g.,Local CA
,Global CA
, oreIDAS
). Refer to the OpenOTP Signature documentation for more information on supported scopes.
Additionally, you can enable or disable the various OpenOTP methods, including the signature and seal options.
Client Policy
A client policy should be configured for Nextcloud signature on WebADM side.
For more information, you can refer to the about the Policies and Conditionnal Access documentation.
First, create a client policy object from WebADM GUI
> Admin
> Client Policies
> Add Client
.
You can name it Nextcloud Sign
as it is the value that we configured as Client ID
during the plugin configuration.
If you name it differently than the name we configured in the Client ID
setting during the plugin configuaration, you need to add the value configured in Client ID
as Client Name Aliases
on the next page.
You can then configure the settings according to your requirements for that client. Here are the settings I configured:
Scroll down and save your client policy.
Signature
In the following example, a request for signing a document between two persons.
Log into the NextCloud and choose the document to be signed. Select it with a right click and select "Sign with OpenOTP".
The document can then be signed by the user himself or submitted to another user.
In the header, click on the OpenOTP Sign
icon to get an overview of the pending/failed signature requests.
Seal
If you allow users to seal a document, they will see the Seal with OpenOTP
option when right-clicking on a document.
Click on the Seal with OpenOTP
to start the sealing process. The following appears:
Click on Seal
, and the sealing process will begin. Once the document has been successfully sealed by OpenOTP, it will be returned and saved to Nextcloud in the same location as the original file, with the seal extension you configured during the plugin setup.