BoldSign AI Assistant
Chat with the BoldSign AI AssistantKnowledge-Based Authentication
Knowledge-based authentication (KBA) is a signer authentication method in BoldSign that helps verify a signer's identity before the signer can access and sign a document. When KBA is enabled for a signer, BoldSign asks the signer to provide legal identity information and answer security questions generated from public record information.
KBA is useful when you need stronger signer authentication without requiring the signer to upload an identity document. It adds an extra verification step to help ensure that the person opening the document is the intended recipient.
How KBA works
When a signer opens a document that requires KBA, the signer must agree to continue with KBA and provide the required legal information. BoldSign uses this information to generate security questions for the signer. The signer must answer the questions correctly before continuing to the document.
If the signer completes KBA successfully, the signer can access the document based on the configured KBA frequency. If the signer fails KBA, the signer can retry while attempts remain. After the maximum number of attempts is reached, access is restricted for that signer until the sender takes action.
BoldSign does not store the personal KBA information entered by the signer, such as address details or the last four digits of the SSN. BoldSign stores only operational KBA metadata needed to track the authentication attempt, such as status, provider reference, and timestamps.
KBA settings
You can configure KBA for each signer using kbaSettings.
KBA settings let you control how often signers must complete KBA, how many attempts are allowed, and how strictly BoldSign compares the signer name with the identity details provided during KBA.
For detailed setting values and examples, refer to KBA settings.
KBA compared with identity verification
KBA and Identity Verification are different signer authentication methods.
| Feature | KBA | Identity Verification |
|---|---|---|
| Signer verification method | Legal identity information and public-record security questions. | Identity document upload and optional selfie checks. |
| Document upload required from signer | No. | Yes. |
| Verification report/image APIs | Not applicable. | Available for Identity Verification. |
| Access to verification details | KBA does not expose the signer's personal KBA inputs or answers. | Identity Verification supports report and document retrieval APIs. |
| Primary use case | Add a higher-assurance access step for U.S.-based signers by requiring public-record security questions before they can view or sign the document. | Verify a signer with government-issued identity documents when document-based proof of identity is required. |
Limitations
- KBA is available only for U.S.-based recipients.
- KBA can be used only when the signer's
authenticationTypeisKBA. kbaSettingsmust not be sent for other authentication types.- KBA cannot be combined with Access Code, Email OTP, SMS OTP, or Identity Verification for the same signer.
- KBA is not available for group signers.
- KBA is not available for in-person signers.