Skip to content

Installation Instructions

Preparations

What the customer needs to prepare or answer before the installation:

  • Which email address should be used as a from address?
  • Ensure email deliverability: Lime Marketing Deliverability Toolbox
  • What is the public url to the Lime CRM server?
  • Prepare for opening firewall/proxy for inbound traffic to the Lime CRM server as described here.
  • Which signing methods should be used? (Checkbox, Swedish BankID, Norwegian BankID, Danish MitID, Finnish Trust Network (FTN))
  • Should eSign be used in both Desktop and Web client?
  • Which limetypes it should be possible to start the signing flow from?
  • Which users should be able to initiate signings? Lime eSign is a subscription per user.

Installation

This is your checklist during the installation. For installations in shared cloud, go to step 3.

  1. Add limepkg-esign as a dependency to your solution.
  2. Build and deploy your solution.
  3. In Lime Admin, go to the Setup page in eSign's settings and follow the installation instructions.
  4. Configure in LISA.
  5. Configure Transactional Message Library (TRAML).
  6. Configure Lime Gävle's signing services.
  7. Configure the add-on.
  8. Set up desktop client.
  9. Ensure/configure internet access if on-premise.

Warning

The installation is based on a Lime CRM Base Solution. This means that unwanted tables and fields could be created and manual hand-laying be required.

Info

Example: If the deal table is named business in your database structure, the installation will create a completely new table called deal because it has a relation to the Signing table. Solution: Manually remove the Deal table completely and add a relation from the Signing table to the Business table instead.

LISA

Additional Data Structure

  1. Add a new option with key = 'signedagreement' on the field document.type:

    Swedish English Danish Norwegian Finnish Dutch Key
    Signerat avtal - eSign Signed agreement - eSign Signeret aftale - eSign Signert avtale - eSign Allekirjoitettu sopimus - eSign Ondertekende overeenkomst - eSign signedagreement

User Group Permissions

  1. During the installation, the group Lime eSign users was created. Make all users that should be able to use Lime eSign a member of this group. The name of this group must later be added to the configuration in Lime Admin.
  2. Create two new table specific policies called tbl_signing and tbl_signer. Only give access to the group Lime eSign users according to the table below.

  3. Add the two policies on the tables signing and signer.

    Policy name R W A D Apply to
    tbl_signing signing table
    tbl_signer signer table

    Warning

    The group Lime eSign users should NOT have W and A on the policies tbl_signing and tbl_signer even though it would seem logical!

  4. Make sure that all users that are members of the Lime eSign users group, also have permissions to other tables that eSign uses. Preferably these permissions should come through other already existing groups (e.g. "Users", "Users Sweden" or "Sales" etc.) or object access. The table below shows which permissions that must be in place.

    R W A D Apply to
    coworker table
    document table
    history table
    ALL other configured tables configured for Lime eSign, either as related limetypes or signer parents. Examples: person, deal, company

Info

In case there are limetypes with object access (like documents, deals etc.), object access will be honored and the objects might not be available for the user to create a signing on.

Impersonate User

For security reasons, the endpoint used by the eSign portal implements impersonation. During the installation, the impersonate user portal@limeesign was created and added to the Administrators group. This user must not be a member of any other groups and should later be added to the configuration in Lime Admin.

TRAML

Lime eSign is using the TRAML lib to send emails. There are two scenarios here:

  • The customer does not already use TRAML: Lime eSign provides a shared site at Lime Marketing where the email templates needed are provided.
  • The customer has their own Lime Marketing account and are using TRAML already: The email templates needed must be copied to this account.

Depending on which is true, you need to set up TRAML differently.

  1. Do one of the following:
    1. Set up TRAML for Shared Account: Follow the internal Lime Technologies documentation for how to create a new customer specific API key to the shared Lime Marketing account. Keep in mind: Do not use or do not remove an already existing API-key!
    2. Set up TRAML for Own Account (should only be used if the customer are using TRAML for other things): Copy the email templates esign-with-action-button and esign-without-action-button from the shared account to your specific account. Follow the internal documentation for more details. Keep in mind: Do not remove or modify these templates, just copy them!
  2. Configure TRAML.
  3. Add the names of the email templates in the runtime config. The ones used for the shared account are esign-with-action-button and esign-without-action-button.

Electronic Identification Services

Lime eSign currently has support for the following:

  • Swedish BankID
  • Norwegian BankID
  • Danish MitID
  • Finnish Trust Network (FTN)

If any of these should be used as a signing option, you need to set up one of the following signature services and retrieve the API key and token needed in the application configuration. The selected integration service should be configured in the runtime config.

  • Lime BankID SE Service: Use this service if only BankID SE should be used (among the supported electronic identifications).
  • Lime Signatures Service (Criipto): Use this service if at least one out of BankID NO, Danish MitID or Finnish Trust Network (FTN) should be used. Also supports BankID SE1. Additional international providers may be enabled in the future in this service. You can find further information about the service here.

Please follow the internal Lime Technologies documentation on how to enable these services.

PAdES Support

In order to enable PAdES, an API key to the Lime Technologies service PDF Manager is required. Follow internal Lime Technologies documentation on how to retrieve an API key. It must then be added to the application config. Finally, check 'Enable PAdES' in Lime Admin under Settings -> eSign, i.e., in the runtime config.

Desktop Client

These steps are only necessary if eSign is supposed to be used from the Lime CRM Desktop Client.

  1. Add the LBS apps from the apps folder in the LIP package to the Actionpads\apps folder.

  2. If your Lime CRM application already has an Actionpad for the document card: Add the code below to the document.html Actionpad. Adjust document if you are using another limetype for documents.

    <div data-app="{
    app: 'addon_esign',
    config: {
        'limetypeDocument': 'document'
    }
}">
</div>

  3. Add the same code to the Actionpads for each limetype from where you want to be able to start the eSign flow (that you have configured as additionalLimetypes). Adjust document if you are using another limetype for documents.

  4. Make sure to add lbs.html as Actionpad for the tables signing and document in LISA. If you cannot find the tables in LISA, refresh the browser.
  5. In LISA: Add Descriptive Expressions to the tables signing and signer according to the files in the LIP package under lisa/descriptives.
  6. Add the icons from the folder lisa\icons in the LIP package to the tables signing and signer in LISA.
  7. Add the icons for the Actionpad headers for signing and document in actionpads\resources folder on the server. The icons are found in the folder actionpads\resources in the LIP package.
  8. Compile and save in VBA.
  9. Publish the Actionpads.
  10. Configure user-friendly views and set up relevant filters and infotiles for the customer. E.g. My ongoing signings.

Internet Access On-premise

Public Access

In order for non-Lime users to access the Lime eSign portal, some parts of the Lime CRM server must be publicly exposed to the internet. Some customers already have the full server exposed, some don't. Exactly how to minimize the exposure is up to the customer's IT department to solve, but using a proxy is one solution2. The URL patterns that must be exposed for Lime eSign to work are:

  • SERVER_URL_IN_LIME_ADMIN/static/limepkg_esign/* - portal
  • SERVER_URL_IN_LIME_ADMIN/APPNAME/limepkg-esign/portal/* - portal endpoints

SERVER_URL_IN_LIME_ADMIN is referring to the public Server Url entered in the Lime Admin config.

Internet Access for Outgoing Traffic

The Lime CRM server must have internet access for outgoing traffic in order to send emails and support signatures using electronic identification, such as BankID.

  • IP range that is used to send emails can be found here.
  • IP addresses that is used to sign with electronic identification: 185.140.117.156 and 193.183.196.18.

  1. Using Swedish BankID is free, but other providers comes with an additional license fee. 

  2. Note that if a proxy is used, the URL can differ from the server URL.