Skip to main content

DocuSign SAML integration

Multi-factor authentication (MFA) is an extra layer of security used when logging into websites or apps to authenticate users through more than one required security and validation procedure that only they know or have access to. Security Assertion Markup Language (SAML) is a protocol for authenticating to web applications. SAML allows federated apps and organizations to communicate and trust one another’s users.

Acceptto™, as a SAML provider, improves the user login experience for Docusign users with its smart convenient MFA.

Prerequisites

  • An Acceptto account with a configured Identity Provider and LDAP Agent

    For more information, see the LDAP Agent deployment guide.

  • A Docusign user account with administrative access to the developer dashboard.

  • A user with administrative privileges for the Acceptto Cloud dashboard.

Configure DocuSign as a Service Provider

  1. Download the SAML metadata and certificate for your organization from Acceptto.

    Metadata Download at https://sso.acceptto.com/<myorganization>/saml/download/metadata or view at https://sso.acceptto.com/<myorganization>/saml/metadata

    Certificate Download at https://sso.acceptto.com/<myorganization>/saml/download/cert

  2. Login to your Docusign developer portal as an administrator.

  3. Navigate to the Settings tab.

    docusign_dash.png
  4. You will need to switch to an admin account. Navigate to SWITCH TO and select DOCUSIGN ADMIN.

    docusign_switch_to_admin.png
  5. Click on Domains.

    docusign_domains.png
  6. Select CLAIM DOMAIN. Enter your domain name (e.g. test.com) and click on Claim.

    docusign_claim_domain.png
  7. After adding your domain, click on Get the Validation Token.

    docusign_validation_token.png
  8. Copy the token, go to your domain’ DNS server, and add a TXT record with the received token. This will validate your domain name in DocuSign.

    docusign_txt_token.png
  9. Return to the DocuSign dashboard. In the Domains section, click on Action and select Validate.

    docusign_validate_domain.png
  10. Go back and select Identity Providers under the Access Management section.

    docusign_add_idp.png
  11. Enter the below information in the blank fields:

    • Name: Type an optional name like Acceptto

    • Identity Provider Issuer: The issuer found in the Acceptto metadata (e.g. https://sso.acceptto.com/<myorganization>/saml)

    • Identity Provider Login URL: The login URL found in the Acceptto metadata (e.g. https://sso.acceptto.com/<myorganization>/saml/auth)

    • Identity Provider Logout URL: The Logout URL found in the metadata (e.g. https://sso.acceptto.com/<myorganization>/saml/logout)

    • Identity Provider Metadata URL: The Metadata URL found in the Acceptto metadata (e.g. https://sso.acceptto.com/<myorganization>/saml/download/metadata)

    • Check the Enable-Third Party Login box.

    docusign_saml_config.png
  12. Set Send AuthN and Send Logout to Post. Then, add the below attributes as you can see in the picture below.

    Field

    Attribute Name

    emailaddress

    emailaddress

    surename

    surename

    givenname

    givenname

    docusign_attribute_mapping.png
  13. Save the configuration and select Add New Certificate on the Identity Provider page. Import the Acceptto Certificate which has been downloaded in the first step.

    docusign_add_cert.png
  14. On the Identity Provider page, click on Action and select Endpoints. You can find all the URLs you need for configuring the Acceptto Application. Keep this data for the next section.

    docusign_select_endpoints.png
    docusign_view_endpoint.png

Acceptto SAML Configuration as Identity Provider (IdP)

  1. Login to the Acceptto Dashboard with an administrative account and go to Applications.

  2. Create a new application by selecting the Create New Application.

    Create new application
  3. In the New Application form, enter the following values under the General tab.

    • Name - The application name displayed in the admin panel and application portal and used for push notifications and audit logs (e.g. DocuSign).

    • Type - Select "SAML Service Provider" from the options.

    • Out of Band Methods - Select the allowed methods for approving MFA requests

    • Message for MFA Requests - Enter the user-facing message for Push, SMS, and email MFA requests (optional)

    docusign_add_app.png
  4. Under the SAML Service Provider Configuration tab, enter the following values:

    • Issuer or Entity ID – Copy SP Issuer URL from DocuSign Endpoints

    • Sign in URL - Copy SP Login URL from DocuSign Endpoints

    • Metadata URL- Copy SP Metadata URL from DocuSign Endpoints

    • NameID Format - Email Address

    • Name Identifier - Email

    • ACS URL - Copy SP ACS URL from DocuSign Endpoints

    docusign_sp_settings.png
  5. Navigate to Add New Attribute Assertion and populate the fields like the table below:

    Friendly Name

    Name

    Value

    Name Format

    Email

    emailaddress

    mail

    basic

    Last Name

    surename

    sn

    basic

    First Name

    givenname

    givenName

    basic

    docusign_attribute_assertion.png
  6. Click Save.

Test your application integration

  1. Go to your DocuSign login portal and enter your username.

    docusign_login.png
  2. Click on CONTINUE and then on USE COMPANY LOGIN.

    docusign_company_login.png
  3. You will be redirected to the Acceptto SSO page.

    SSO login
  4. After successful authentication, you’ll see Acceptto’s MFA options. Select your desired method.

    Select MFA method
  5. After approving the authentication attempt, you will be redirected to your DocuSign landing page.

    docusign_dash.png

Support

If you have questions or need assistance, contact SecureAuth Support.

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.