You are not logged in. Click here to log in.

codebeamer Application Lifecycle Management (ALM)

Search In Project

Search inClear

Tags:  not added yet

Generating Electronic Signature with SSO Login

Since version 20.11-LTS (Carmen) codeBeamer is able to generate an electronic signature for users with SSO and default login too.

All features that need an electronic signature are using the same generation mechanism.

There is always a button that indicates the signature generation process.

  • Generate Signature button
  • Regenerate Signature button
  • Start signature process button
  • Sign & (Approve/Reject) button

A popup window opens after the button click to identify the current user with credentials. Depending on the user's login mechanism either an SSO identity provider's login screen or the default codeBeamer login screen will appear. (If the user is able to login with default credentials and SSO too, then the SSO login screen will appear)



forceAuthn parameter MUST be supported

A boolean value of "true" or "false" that indicates whether the request generated by the service provider should include an option to bypass an existing security context and require explicit user interaction during authenticaton to the identity provider.


prompt parameter MUST be supported

login The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required.

Default CB login screen

For not FDA-compliant industries (e.g.: automotive) it is acceptable that the username is prefilled in the login popup.

In that case, there is an Application Configuration option to enable to prefill the current user's username:

"signature" : {
    "usernameRequired" : true (default) / false

An example SSO login screen

This screen is provided by your identity provider.

Force Authenticate users with SSO

To be FDA compliant, and force the user to enter the combination of their user name and password, your identity provider has to support forced re-authentication with the option prompt=login.

Regardless of the current user authentication state, the Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot prompt the End-User, it MUST return an error.

Google OAuth does not support forced re-authentication

There is no promt=login value for Google OAuth 2.0. at the time of writing this documentation (possible values are none/consent/select_account).

Regenerate Signature

Most of the features that are using the signature generation enabling the user to regenerate the signature if that is needed. There is an icon for that purpose next to the "Successfully signed" label:

Clicking that icon will restart the signature generation process.

Features that are using the signature generation

"Start a new review" action


Mass Edit

Tracker Template Change

Sign Review By User

Restart Review for User

Finish Review / Set Statuses / Reset Review