DocuSign SAML integration
Multi-factor authentication (MFA) is an extra layer of security used when logging into websites or apps to authenticate users through more than one required security and validation procedure that only they know or have access to. Security Assertion Markup Language (SAML) is a protocol for authenticating to web applications. SAML allows federated apps and organizations to communicate and trust one another’s users.
Acceptto™, as a SAML provider, improves the user login experience for Docusign users with its smart convenient MFA.
Prerequisites
An Acceptto account with a configured Identity Provider and LDAP Agent
For more information, see the LDAP Agent deployment guide.
A Docusign user account with administrative access to the developer dashboard.
A user with administrative privileges for the Acceptto Cloud dashboard.
Configure DocuSign as a Service Provider
Download the SAML metadata and certificate for your organization from Acceptto.
Metadata Download at
https://sso.acceptto.com/<myorganization>/saml/download/metadata
or view athttps://sso.acceptto.com/<myorganization>/saml/metadata
Certificate Download at
https://sso.acceptto.com/<myorganization>/saml/download/cert
Login to your Docusign developer portal as an administrator.
Navigate to the Settings tab.
You will need to switch to an admin account. Navigate to SWITCH TO and select DOCUSIGN ADMIN.
Click on Domains.
Select CLAIM DOMAIN. Enter your domain name (e.g. test.com) and click on Claim.
After adding your domain, click on Get the Validation Token.
Copy the token, go to your domain’ DNS server, and add a TXT record with the received token. This will validate your domain name in DocuSign.
Return to the DocuSign dashboard. In the Domains section, click on Action and select Validate.
Go back and select Identity Providers under the Access Management section.
Enter the below information in the blank fields:
Name: Type an optional name like Acceptto
Identity Provider Issuer: The issuer found in the Acceptto metadata (e.g.
https://sso.acceptto.com/<myorganization>/saml
)Identity Provider Login URL: The login URL found in the Acceptto metadata (e.g.
https://sso.acceptto.com/<myorganization>/saml/auth
)Identity Provider Logout URL: The Logout URL found in the metadata (e.g.
https://sso.acceptto.com/<myorganization>/saml/logout
)Identity Provider Metadata URL: The Metadata URL found in the Acceptto metadata (e.g. h
ttps://sso.acceptto.com/<myorganization>/saml/download/metadata
)Check the Enable-Third Party Login box.
Set Send AuthN and Send Logout to Post. Then, add the below attributes as you can see in the picture below.
Field
Attribute Name
emailaddress
emailaddress
surename
surename
givenname
givenname
Save the configuration and select Add New Certificate on the Identity Provider page. Import the Acceptto Certificate which has been downloaded in the first step.
On the Identity Provider page, click on Action and select Endpoints. You can find all the URLs you need for configuring the Acceptto Application. Keep this data for the next section.
Acceptto SAML Configuration as Identity Provider (IdP)
Login to the Acceptto Dashboard with an administrative account and go to Applications.
Create a new application by selecting the Create New Application.
In the New Application form, enter the following values under the General tab.
Name - The application name displayed in the admin panel and application portal and used for push notifications and audit logs (e.g. DocuSign).
Type - Select "SAML Service Provider" from the options.
Out of Band Methods - Select the allowed methods for approving MFA requests
Message for MFA Requests - Enter the user-facing message for Push, SMS, and email MFA requests (optional)
Under the SAML Service Provider Configuration tab, enter the following values:
Issuer or Entity ID – Copy SP Issuer URL from DocuSign Endpoints
Sign in URL - Copy SP Login URL from DocuSign Endpoints
Metadata URL- Copy SP Metadata URL from DocuSign Endpoints
NameID Format - Email Address
Name Identifier - Email
ACS URL - Copy SP ACS URL from DocuSign Endpoints
Navigate to Add New Attribute Assertion and populate the fields like the table below:
Friendly Name
Name
Value
Name Format
Email
emailaddress
mail
basic
Last Name
surename
sn
basic
First Name
givenname
givenName
basic
Click Save.
Test your application integration
Go to your DocuSign login portal and enter your username.
Click on CONTINUE and then on USE COMPANY LOGIN.
You will be redirected to the Acceptto SSO page.
After successful authentication, you’ll see Acceptto’s MFA options. Select your desired method.
After approving the authentication attempt, you will be redirected to your DocuSign landing page.
Support
If you have questions or need assistance, contact SecureAuth Support.
Sales
Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.
Disclaimer
All product names, trademarks, and registered trademarks are the property of their respective owners.
All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.