Directories

Directories are tags (categories) that you assign to Contact Groups. They are used by Group Signer settings to:

• Filter which contact groups are available for selection.
• Prevent accidental exposure of contact groups across teams within the same organization.
• Support safe, scalable usage of Group Signers in embedded and API-driven flows.

If you are new to Group Signers, start here: Group Signers.

To use a contact group as a Group Signer, the contact group must have at least one directory assigned.

• This applies to both newly created and existing contact groups.
• If an existing contact group has no directories, you must assign a directory before using its GroupId in Send Document / Create Template requests.

Directories are managed on contact groups only via API.

Use the Contact Groups APIs to create or update a contact group with its directory values:

• Create Contact Group
• Update Contact Group

Directories are applied through GroupSignerSettings.AllowedDirectories when sending a document or creating/editing a template.

• If AllowedDirectories is configured, only contact groups that belong to at least one allowed directory can be used as Group Signers.
• If a contact group is not in an allowed directory, it will be restricted from use.

This is especially important for embedded experiences where users can search and select contact groups.

The following limitations apply when assigning directories to contact groups:

• You can add a maximum of 5 directories to a contact group.
• Each directory value can be up to 40 characters.

To keep administration and access control straightforward:

• Use directories that map to teams, departments, or business units (for example: Finance, Legal, HR).
• In multi-tenant setups, prefer UUID v4 directory values to avoid name collisions (example: 550e8400-e29b-41d4-a716-446655440000).
• Keep names stable over time; avoid per-user or temporary naming.
• Treat directories as an access control boundary for Group Signer selection.

Group Signers are designed with strict sender isolation to reduce cross-team access within an organization:

• Senders can only use contact groups from directories that are allowed in their GroupSignerSettings.
• Contact groups in disallowed directories are restricted from being used as signers.
• This prevents accidental exposure of contact groups across teams.

To make isolation robust at scale, use a stable unique identifier as the directory value (for example, the sender's team ID or organization unit ID in UUID v4 form). This reduces the risk of two teams independently choosing the same human-readable directory name (such as Legal) and unintentionally broadening access when AllowedDirectories is applied.