OTP = One-Time Password. SahlSign sends a 6-digit code to the signer's email immediately before they submit a signature. The signer enters the code on the signing page; only then does the signature record commit.
Why this matters legally
UETA (US), ESIGN Act (US), and eIDAS (EU + adopted across GCC) all require electronic signatures to be attributable to the signer. The OTP provides the attribution: the signer is the person who controls that email address at that point in time.
Without OTP, an electronic signature is harder to defend in a dispute — opposing counsel can argue "someone else with access to the email impersonated my client." With OTP, that argument fails: the OTP proves real-time email control at the moment of signing.
What if the OTP doesn't arrive?
Common causes, in order of likelihood:
- Spam filter — check the spam / promotions tab. The from-address is the SahlSign verified sender (or your tenant's verified domain if configured)
- Wrong email — verify the address on the signer panel matches what they actually use
- Resend delays — if our email provider has elevated latency (rare), the code might take 1-2 minutes. Check the status page
- Code expired — OTP codes expire after 15 minutes. The signer can request a new one from the verification screen
Can OTP be turned off?
For tenant-internal documents (e.g., HR paperwork between employees of the same company) the legal bar is lower. We don't currently offer an "OTP off" toggle because the small friction of typing a 6-digit code is worth the dramatic improvement in legal defensibility. If your use case genuinely needs to skip OTP, contact us.