Knowledge-Based Authentication (KBA) adds an extra layer of identity verification for eSignature requests, helping firms meet compliance requirements for sensitive documents such as IRS Forms 8878 and 8879.
What is KBA?
KBA is an identity verification method that requires signers to answer a set of time-sensitive questions based on their personal and financial history in the United States. This process ensures the authenticity of signatures for legally sensitive documents.
🔐 KBA is only available for recipients with their country set to the United States in the contact’s Accounting Details.
🔒 Only Administrators can enable or disable KBA in firm settings.
Enabling or Disabling KBA in Firm Settings
Administrators can manage KBA settings from the Karbon app:
Navigate to Settings.
Go to eSignature and Approvals.
Locate the Knowledge-Based Authentication (KBA) section.
Click Edit.
Choose one of the following:
Allow – Enables the option to require KBA for recipients.
Don’t Allow – Disables the KBA option for all signature requests.
Click Save Changes.
⚠️ Disabling KBA removes it from all draft eSignature packages. If re-enabled later, it must be manually re-applied to individual recipients.
Enabling KBA for Individual Recipients
Once KBA is enabled in firm settings, it can be applied during the eSignature request process:
Create an eSignature request as usual.
Select a recipient whose country is listed as the United States.
In the recipient settings, choose Yes under the KBA Required dropdown.
KBA is not enabled by default and must be selected manually for each eligible recipient.
Once enabled, the rest of the eSignature request setup continues as normal, including assigning placeholders for signatures, initials, and dates.
In the example below, KBA can be enabled for Annie, whose contact record lists the United States as her country.
However, Arnie is based in Australia, so the KBA option is not available for his signature request.
Note: KBA is not enabled by default. For eligible recipients, select Yes from the KBA Required dropdown to enable it for that signer.
Client Experience with KBA
When a recipient is required to complete KBA:
They receive an email with a link to the signature request.
Before signing, they must complete a timed identity verification process.
The signer has 5 minutes to answer the questions and up to 3 attempts to complete the process successfully.
If the identity check is passed, the recipient can proceed to sign the document. If not, the request will be marked as failed and cannot be completed without resending.
FAQs
Does KBA cost extra?
Yes. Enabling KBA for a recipient uses 3 additional eSignature credits per person.
Can KBA be used for international clients?
No. KBA is only supported for recipients located in the United States, as the verification relies on U.S. financial data.
Is there a way to trial KBA?
There is no separate trial for KBA, but it can be tested using your existing eSignature credits for eligible recipients.