SMS Authentication is an optional recipient setting that adds an additional layer of identity assurance to Conga Sign by requiring signers to enter a one-time passcode delivered through SMS, prior to viewing a Conga Sign document. SMS Authentication is currently available for Salesforce integration only and must be purchased from Conga as a separate feature.

SMS Authentication Setup

Administrators must setup SMS Authentication prior to using the feature in Conga Sign Transactions.

To setup SMS Authentication

  1. Click the Conga Sign Setup tab.
  2. Under the Org Configuration section of Conga Sign Setup, change the SMS Authentication toggle from Disabled to Enabled.

To use SMS Authentication, Conga Sign users must have a minimum of read access to the fields below on the Contact, Lead, and User objects.

  • Contact: MobilePhone and MailingCountry
  • Lead: MobilePhone and Country
  • User: MobilePhone and Country

Enable SMS Authentication for Recipients

SMS Authentication is enabled for individual recipients on the Create Transaction screen. Conga Sign users must first add a Recipient to the transaction before enabling SMS Authentication. SMS Authentication is available for Recipients with a role of Signer, In-Person Signer, and CC.

To enable SMS Authentication for a Recipient

  1. Navigate to the Create Transaction screen.
  2. Add a recipient to the transaction.
  3. Change the Authentication field's value from Standard to SMS.
  4. Confirm or enter the mobile phone number of the recipient. 

    The Recipient's phone number is automatically pulled from the Contact, Lead, or User record's standard Mobile field. If no value is entered in the Mobile field, users must enter a phone number with the appropriate country code when setting the Authentication field to SMS. A country code is required for SMS Authentication. Use the dropdown field with the flag icon to select the corresponding country code if the mobile phone number does not yet include a country code. 

  5. Click Save.
  6. Click Send Now or Preview and Tag to send the transaction.

Completing SMS Authentication as a Recipient

Once the transaction is sent to a Recipient with SMS Authentication enabled, Recipients must follow the steps below to complete SMS Authentication.

To complete SMS authentication

  1. Open the initial Conga Sign email and click Begin Signing.
    • Clicking the button redirects the recipient to the SMS Authentication page.
  2. On the SMS Authentication page, verify that the phone number is correct and then click Send Code.
    • Clicking the button sends the SMS authentication code to the user's mobile phone.
    • The code is sent typically sent from a 5-digit, 6-digit, or a 10-digit phone number.

    The Recipient cannot modify the phone number that the code is sent to. If the phone number is incorrect, the Recipient must contact the Sender.

  3. Enter the 6-digit code in the Authentication Code field and click Submit Code. Upon entering the correct code, Conga Sign redirects the recipient to begin signing the Conga Sign document. 

    Signers have three attempts to complete SMS Authentication. The transaction is canceled with a status of AUTHENTICATION FAILED after the third incorrect attempt. If the Recipient completes SMS Authentication successfully but does not complete signing, the Recipient must complete SMS Authentication again once they revisit the Conga Sign document. If the Recipient completes their portion of the Conga Sign transaction and revisits the document, they do not have to complete SMS Authentication again.

Tracking SMS Authentication in the Audit Trail

SMS Authentication is displayed in a Conga Sign Transaction's Audit Trail to show if a Recipient completes or fails SMS Authentication. Successful SMS Authentication results in a transaction Status of COMPLETE. An event is also logged on the Audit Trail displaying [Recipient] completed SMS Authentication. 

Failed SMS Authentication results in a transaction Status of AUTHENTICATION_FAILED. An event is also logged on the Audit Trail displaying [User] failed SMS Authentication. 

Reassigning Signers with SMS Authentication

A Recipient with SMS Authentication specified can reassign signature responsibilities to another Recipient. In this scenario, the initial Recipient must complete SMS Authentication prior to reassigning to a new Recipient. Additionally, the initial signer must provide the new Recipient's phone number. The new Recipient must also complete SMS Authentication.

Frequently Asked Questions

Where does Conga Sign pull the recipient's phone number used for SMS Authentication? Conga Sign automatically uses the phone number listed in the standard Mobile field on Contact, Lead, and User records.

What is the best practice for storing phone numbers used for SMS Authentication? It is best practice to add phone numbers with the country code included in the standard Mobile field on Contact, Lead, and User records. For example, a phone number from the US is stored as +17325671098 and a phone number from the UK is stored as +447921123456.

How does Conga Sign choose a country code if no country code is present in the Mobile field? If a country code is not present in the Mobile field, Conga Sign automatically uses the country code corresponding to the Recipient's country. If the Recipient's country is not present, Conga Sign uses the country code corresponding to the Sender's (the running User) country. If the Sender's country is not present, Conga Sign uses the country code corresponding to the Org's country. 

If a country is not entered correctly, Conga Sign requires the user to enter a country code on the SMS Authentication page.