41 results found
-
Critical security feature: Clearly show email of the person who prepared the contract to prevent fishing attack
We use PandaDoc to sign documents with contractors, vendors, etc. Typically someone from the team prepares the contract and then the management (often me) gets an email with a request to sign, sign it and that's it.
The problem is, that there is no way for management to verify, who actually created the contract. There is just the name of that person but no email! This creates a simple attack vector - anyone with PandaDoc can now change their name to match someone from another company, create an arbitrary contract, send it to some person from that company and have…
2 votes -
2 votes
-
2 votes
-
Customize password submission screen for password-protected documents/folders
It would be very helpful to be able to add our own customized text or image to the password submission screen. There is a lot of available screen real estate (see the attached image from https://support.pandadoc.com/hc/en-us/articles/1500002610481--Editor-2-0-Protect-documents-with-two-factor-authentication). There is already a small paragraph of PandaDoc-specific text ("by clicking Submit and using PandaDoc's services..." "...as detailed more fully in PandaDoc's Privacy Notice [linked]."). But since the recipient will enter the password to access OUR documents, it's critical that we can add a bit of our own text as well. This could be something like "by clicking Submit, you agree to confidentiality…
2 votes -
Javascript sdk user authentication
A method that can authenticate the user to automatically log in with the help of API-key or access token.
2 votes -
Certificate that complies with EU applying Regulation (EU) 910/2014.
Ability to change the certificate so it's from qualified trust service provider according to EU applying Regulation (EU) 910/2014.
2 votes -
Password change notification.
Password change notification.
2 votes -
ISO 9001 compliant
ISO 9001.
2 votes -
ACPR Compliant
ACPR (Autorité de Contrôle Prudentiel et de Résolution (ACPR) is the independent administrative authority responsible for monitoring the conduct of financial institutions in France. Apparently in this case it determined that PD security solution is not strong enough
2 votes -
signatures compliant in Thailand.
signatures compliant in Thailand.
2 votes -
CJIS Compliance
Particular agencies need to work with vendors that comply with CJIS standards. More information here: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
2 votes -
Webhook Authentification
I’m pretty confident I should be able to break through the Merge Field bit as I’m sure I’m just doing something daft, but I don’t see how the WebHooks work.
When I provide an endpoint for PandaDoc to call, how do I set any headers or authentication? We don’t allow anything to make completely unauthenticated connections regardless of their origins. There’s mentions of shared keys that can be provided by Panda, but the challenge my end remains that if you cant authenticate with me, we wont even get as far as accepting the request.
2 votes -
A generic "Privacy Policy" page for websites.
FormSwift has this. I would like to be able to get this item from PandaDocs without switching document generating sites.
1 vote -
ability to sign for a user and break in when a document/ signature is forwarded
ability to sign for a user and break in when a document/ signature is forwarded to another recipient
1 vote -
1 vote
-
Webhooks Security
Concern of security of Webhooks in the dashboards (users have access into the dashboard and can adjust/delete Webhooks; also no audit capabilities)
Need to get this behind a security role/wall1 vote -
Disable local password for certain email domains
I would like to enforce Google login for my company's users. Please provide settings where I can specify my company's email domain and specify that local passwords not be permitted for users with this email domain.
This is a simpler configuration option than setting up Google as a SAML IdP.
1 vote -
1 vote
-
AODA compliance
require AODA compliance
1 vote -
CRA requires special compliance
CRA Canadian revenue association that requires special compliance
1 vote
- Don't see your idea?