Introducing New Box Sign for Salesforce Features and Enhancements

We’ve rolled out new enhancements to Box Sign for Salesforce, including additional recipient authentication, recipient groups, and expanded extensibility with API support for CAC/PIV smart card authentication, giving teams, including federal government agencies, and contractors, more flexibility, stronger security, and streamlined signing workflows directly within Salesforce.

• Recipient groups in Box Sign for Salesforce: Introduces the recipient groups feature in the native Box Sign web app within the Box for Salesforce integration, enabling senders and signers with the ability to progress a signature request forward as soon as a single recipient from a selected group of recipients signs or approves a signature request. 

• Recipient authentication in Box Sign for Salesforce: Allows senders to select the right level of identity assurance for each recipient when configuring a signature request within Salesforce as part of the Box for Salesforce managed package, closing a critical gap for organizations that rely on signer authentication to meet specific compliance requirements Salesforce to manage their document workflows.

  • Signer authentication methods include:

    • Common Access Card (CAC) or Personal Identity Verification (PIV) smart card authentication for U.S. Federal Government employees and contractors. CAC/PIV smart card authentication requires the purchase the CAC/PIV smart card authentication add-on.

    • SMS Authentication which sends the recipient an SMS text message which they must use to verify their identity before gaining access to the signature request.

    • Box Login which requires the recipient to log in to their Box account to verify their identity before gaining access to the signature request. Recipients who do not have an active Box account can sign up for a free account. 

  • This capability builds on Box Sign’s existing CAC/PIV support and extends it natively into the Box for Salesforce managed package, closing a critical gap for federal customers who rely on Salesforce to manage their document workflows.

• API support for CAC/PIV smart card authentication in Box Sign: Enables developers to programmatically require CAC/PIV smart card verification for signature request recipients, meeting the rigorous identity assurance standards required by federal agencies, defense contractors, and regulated industries. Box Sign's API includes a new verification_method property on the signer object, supporting cac_piv as a verification type. When enabled, signers must authenticate using their CAC or PIV smart card before they can sign a document, ensuring only verified, credentialed individuals can complete sensitive signing workflows.

  • API support for CAC/PIV authentication in Box Sign is available for enterprises who have purchased the CAC/PIV smart card authentication add-on and who have CAC/PIV permissions enabled. 

Additional resources:

• Product Announcements:

  • Recipient groups in Box Sign for Salesforce

  • Recipient authentication in Box Sign for Salesforce

  • API support for CAC/PIV smart card authentication in Box Sign

• Demo Video

• Box Sign Datasheet

• Box Sign for U.S. Federal Government Solution Brief

• Box Sign Integrations Overview deck 

• Using Box Sign for Salesforce

• Extra Security (2FA) Developer Documentation

• Box for Salesforce AppExchange Listing