Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

p11-compliant approvals in Confluence (cloud)?


We are using Confluence in the cloud, and are considering using it for requirements for some of our GMP-regulated products.  Has anyone used the cloud version of Confluence to document p11-compliant approval signatures?


We are looking at this App:


Of course, part of the overall requirement is validation of JIRA / Confluence itself, and for a cloud environment we need to determine if that's possible.

Hi @Steven Haworth,

We have a cloud app called Comala Approvals, I'd be interested in knowing the specific details of your requirement. Could you contact me through our support system to follow up?



Hi Gorka - yes, we are looking at that App also.  FDA part-11 compliance has a requirement to re-enter at least one security component at the point of signing - usually a password.  So when you click 'approve', you get prompted for password.  Or sometimes even login / password.

I am not sure if we need that level of compliance, or if a simple approval will suffice; that topic needs more internal discussion, for our particular use.

Hi Steven,

If you need to be Part 11 compliant you need an addon that will prompt you to enter the pw (at a minimum) for every signature. The requirements of Part 11 are actually relatively straightforward but you need to be sure you tick all of them. Let us know if we can help any further.

Hi @Steven Haworth,

@Matteo Gubellini _SoftComply_ is right, you'd need an app that requests, at least, the password. We do provide that functionality, but in Comala Workflows, which a server version, not cloud, and we provide a guide to help customers with the FDA Title 21 CFR Part 11.


In the cloud version we are looking at this feature too, I'll update this thread as soon as we have further news.


Hi @Steven Haworth,

I just wanted to let you know that we have released a new Quality Management System (QMS) Workflow. This workflow features approvals with E-Signatures. Reviewers need to use their email and password to confirm their identity (this is a compliance requirement). Although the e-signature does not work with SAML SSO yet. Due to the large amount of identity providers, we will progressively support SAML SSO based on our customers’ demand. If you are using SSO, could you tell me what's your identity provider?

Besides the e-signature, we have also included the option to set up approvers as Space Parameters. Admins can set a list of users or groups as Controlled Document Approvers.

Best regards,

Hi @Steven Haworth,

Yes, you can achieve validation of JIRA and Confluence along with an e-signature solution (such as Comala Workflows) in a cloud environment. One way to achieve this is to validate a cloud infrastructure (such as AWS) and deploy JIRA or Confluence as an application running in that infrastructure. This allows you to maintain the control on application and cloud security but leverage benefits of cloud. Let me know if we can be of assistance.

Andy [Sierra Labs] 

@Monique vdBApologies and yes I'd appreciate the guidance. What is best way to follow up with you?

Monique vdB Community Manager Dec 07, 2017

No problem -- I should have included that -- I'm at if you'd like to email me, @Andy Spoone

Thanks @Andy Spoone - I'm not sure we need that (yet), but we will keep you and that option in mind.  It's very helpful.


yes, Comala does work quite good and other signature components also. They can all be configured to be 21 CFR Part 11 compliant - confluence should be qualified or validated according e.g. ISPE GAMP. The e-signature type we are talking about is an advanced electronic signature (not a qualified / digital one), which is appropriate for the use in the GXP environment (exceptions exist, e.g. for eCTD).

In any case you will get a real "good" e-signature, if you derive your two independent components (user name / password) from LDAP / ActiveDirectory, for example.

Another way around, just to mention it, you might export a PDF file from your (standard) confluence (please design a nice and GMP-like PDF template for reporting) and upload (check-in) the PDF to your validated eQMS/eDMS solution, which might not be on the cloud. In this case you do not need to configure your confluence and your GMP record is transferred back to a validated solution (most probably in-house). In Europe the general understanding and expectation is that your GMP records are under your own control - this is sometimes hard to manage on a cloud-based solution.

We are planning an event for such questions - feel free to have look on that:  

Thanks - very helpful comments @Markus Roemer.

Hello Steven (and others),

We have recently launched a service to provide a fully 21 CFR 11 compliant turnkey solution based on Atlassian tools. Check this if you are interested.

We can also help you set it up yourself in your own server instance if you prefer.



Log in or Sign up to comment
Community showcase
Published in Confluence Cloud

Presenter Mode for Confluence is here 🖥 👩‍💻

👋  Hello Community!  My name is Stephanie Zhang, and I’m a product manager on the Confluence cloud team. Today, I’m excited to announce the rollout of  Presenter Mode : a ...

80,832 views 127 304
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you