How to digitally sign PDF documents from SAP document center in a secure, reliable and binding way
Many processes are “digitized” today, e.g. transformed from a classical, paper-based flow to a frictionless and fast electronic flow. Generally, there are two major challenges coming up during such a transormation:
- how can the “legally binding” aspect of a hand-written signature on a piece of paper be digitized?
- how can such a process be designed in a secure way, especially when mobile devices are involed?
This blog shows a way to address those issues in an easy-to-use way, interfacing with SAP standard soltutions such as SAP Document Center and SAP Cloud Identity.
One example how to integrate this Document Signature functionality with SAP Transportation Management (Signing a Bill-of-Lading Document) is shown in this video from SAP TechEd 2017 in Las Vegas:
The following video explains the functionality from an end-user perspective:
The following picture shows the system overview:
We assume that the PDF document which is to be signed is generated by an SAP backend / on-premise or by any cloud-based application.
- The PDF document is handed over to the SAP Document Center using standard SAP API. This will return the document ID generated by SAP Document Center
- The application will call the KOBIL Cloud Platform Connector (SAPc), passing the document ID and a user ID to be referenced.
https://<your-sapc-application-url>.hana.ondemand.com/sapc/scp?signeeUserId=P000000¬ificationText=Please sign this document&documentId=OmP2B4bYk....
- The KOBIL SAP Cloud Platform connector (SAPc) will forward the document via KOBIL SSMS/SCP server landscape to the KOBIL SDK inside the Signature App. The app instance of the target user is selected.
- End user is informed by a push notification to open the Signature App and log in. He will see the document to be signed in a typical messanger-style incoming bubble.
- After checking the document, the user taps on “Sign here” button to trigger the electronic signature using the end user’s private key in the virtual Smartcard.
- The signed PDF document is sent back all the way and can be retrieved in SAP Document Center
- SAP Cloud Platform Account with KOBIL SAP Cloud Platform connector (SAPc) deployed
- SAP Document Center Subscription
- Managing SAP users via SAP Identity and Authentication Service (SAP CloudIdentity)
or SAP ID Service
- KOBIL SSMS/SCP Server landscape – on premise or cloud instance
- KOBIL Signature App
Additional Information about the KOBIL virtual smartcard and on strong two-factor authentication for the SAP Cloud Platform can be found here: https://blogs.sap.com/2017/03/30/extending-the-sap-cloud-platform-sdk-for-ios-with-strong-2-factor-user-authentication-and-digital-signatures/