Skip to Content
Author's profile photo Markus Tak

How to digitally sign PDF documents from SAP document center in a secure, reliable and binding way

Many processes are “digitized” today, e.g. transformed from a classical, paper-based flow to a frictionless and fast electronic flow. Generally, there are two major challenges coming up during such a transormation:

  • how can the “legally binding” aspect of a hand-written signature on a piece of paper  be digitized?
  • how can such a process be designed in a secure way, especially when mobile devices are involed?

This blog shows a way to address those issues in an easy-to-use way, interfacing with SAP standard soltutions such as SAP Document Center and SAP Cloud Identity.

One example how to integrate this Document Signature functionality with SAP Transportation Management (Signing a Bill-of-Lading Document) is shown in this video from SAP TechEd 2017 in Las Vegas:

The following video explains the functionality from an end-user perspective:

The following picture shows the system overview:


We assume that the PDF document which is to be signed is generated by an SAP backend / on-premise or by any cloud-based application.

  1. The PDF document is handed over to the SAP Document Center using standard SAP API. This will return the document ID generated by SAP Document Center
  2. The application will call the KOBIL Cloud Platform Connector (SAPc), passing the document ID and a user ID to be referenced.
    https://<your-sapc-application-url> sign this document&documentId=OmP2B4bYk....​
  3. The KOBIL SAP Cloud Platform connector (SAPc) will forward the document via KOBIL SSMS/SCP server landscape to the KOBIL SDK inside the Signature App. The app instance of the target user is selected.
  4. End user is informed by a push notification to open the Signature App  and log in. He will see the document to be signed in a typical messanger-style incoming bubble.
  5. After checking the document, the user taps on “Sign here” button to trigger the electronic signature using the end user’s private key in the virtual Smartcard.
  6. The signed PDF document is sent back all the way and can be retrieved in SAP Document Center



  • SAP Cloud Platform Account with KOBIL SAP Cloud Platform connector (SAPc) deployed
  • SAP Document Center Subscription
  • Managing SAP users via SAP Identity and Authentication Service (SAP CloudIdentity)
    or SAP ID Service
  • KOBIL SSMS/SCP Server landscape – on premise or cloud instance
  • KOBIL Signature App

Additional Information about the KOBIL virtual smartcard and on strong two-factor authentication for the SAP Cloud Platform can be found here:


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Useful info..Thanks for the post.

      Author's profile photo Martin RESCH
      Martin RESCH

      ... good to see this ready - great solution component - makes really sense for many processes over all industries.