E-Signature Workflow
The One Legal includes a built-in e-signature workflow that enables clients to sign legal policies directly in TheOnePortal. Every signature includes scroll-to-end confirmation, typed name, timestamp, and IP address capture for a legally defensible audit trail.
How Clients Sign
Clients do not need a separate account or DocuSign subscription. Everything happens in TheOnePortal.
Step 1: Client receives notification
When a policy enters Client Review status, each required contact receives:
- An in-app notification in TheOnePortal
- An email notification with a direct link to the document
Step 2: Client opens the document
- The client logs in to TheOnePortal
- They navigate to Documents → Pending Signatures
- They click the pending document to open the signing experience
Step 3: Document review
The client sees the full policy document in a read-only scroll view:
- The document must be scrolled to the bottom before the signature fields activate
- A scroll progress indicator shows how far through the document they've read
- Sections with variables are shown with the filled-in client-specific values
Scroll-to-end is a legal safeguard — it establishes that the signer had the opportunity to read the full document. The progress bar is visible throughout.
Step 4: Electronic signature
Once the client reaches the end:
- A typed signature field activates — the client types their full legal name
- A title/role field appears — they enter their title (e.g., "Chief Executive Officer")
- A consent checkbox confirms they understand this is a binding electronic signature
- They click Sign Document
Step 5: Confirmation
After signing:
- A confirmation screen shows the signed document with the signature block
- An email confirmation is sent to the signer
- The MSP receives a notification that the contact has signed
- The signature record is saved in the Document Vault
What Gets Captured
Each acknowledgement record captures:
| Field | Description |
|---|---|
| Signer name | The typed legal name entered by the signer |
| Signer email | Email address from their TheOnePortal account |
| Signer title | Self-reported title at time of signing |
| Timestamp | UTC timestamp with millisecond precision |
| IP address | The signer's IP address at time of signing |
| User agent | Browser and OS information |
| Scroll confirmation | Boolean confirming they scrolled to the end |
| Policy version | Exact version hash of the document they signed |
| Session ID | TheOnePortal session ID for further forensic tracing |
Multiple Required Signers
If a policy requires multiple contacts to sign:
- Each contact signs independently — they do not need to sign at the same time
- The policy moves to Final Approval only after all required contacts have signed
- You can see which contacts have signed and which are pending in the Acknowledgements tab
- You can send a reminder to individual contacts by clicking Send Reminder next to their name
Viewing Signed Documents
After all required signatures are collected:
- Navigate to Policies → Client Policies
- Open the policy
- Click the Acknowledgements tab
- Click View Signed Document to see the document with the complete signature block
- Click Export CSV to download all acknowledgement records
Signed documents are also stored in the Document Vault and are accessible from the client record in CRM.
Signed Document Storage
Executed documents are stored encrypted in the Document Vault:
- AES-256-GCM encryption at rest
- Document encryption keys (DEKs) stored exclusively in Azure Key Vault — not in the database
- Audit trail on every document access
Legal Validity
Electronic signatures created in The One Legal comply with the United States Electronic Signatures in Global and National Commerce Act (ESIGN Act) and the Uniform Electronic Transactions Act (UETA). For international clients, verify local e-signature law applicability with your attorney.
Key legal compliance elements:
- Intent to sign: Client initiates signing voluntarily after reading the document
- Consent to do business electronically: Consent checkbox is required before signing
- Record retention: Signed documents and audit records are retained indefinitely
- Association of signature to document: The typed name, timestamp, and session data are cryptographically linked to the exact document version signed
Re-signing After Policy Updates
If a policy is updated to a new version and re-assigned:
- Previous signatures are preserved in version history
- Clients are notified to sign the new version
- The re-signing process is identical to the initial signing
- Both the old and new signed versions remain in the Document Vault
What Clients Cannot Do
- Clients cannot modify a document before signing
- Clients cannot download the unsigned document — only the signed copy with signature block
- Clients cannot sign on behalf of another contact — each signer must authenticate individually