DocuSign SAML integration

Multi-factor authentication (MFA) is an extra layer of security used when logging into websites or apps to authenticate users through more than one required security and validation procedure that only they know or have access to. Security Assertion Markup Language (SAML) is a protocol for authenticating to web applications. SAML allows federated apps and organizations to communicate and trust one another’s users.

Acceptto™, as a SAML provider, improves the user login experience for Docusign users with its smart convenient MFA.

Prerequisites

An Acceptto account with a configured Identity Provider and LDAP Agent
For more information, see the LDAP Agent deployment guide.
A Docusign user account with administrative access to the developer dashboard.
A user with administrative privileges for the Acceptto Cloud dashboard.

Configure DocuSign as a Service Provider

Download the SAML metadata and certificate for your organization from Acceptto.
Metadata Download at https://sso.acceptto.com/<myorganization>/saml/download/metadata or view at https://sso.acceptto.com/<myorganization>/saml/metadata
Certificate Download at https://sso.acceptto.com/<myorganization>/saml/download/cert
Login to your Docusign developer portal as an administrator.
Navigate to the Settings tab.
You will need to switch to an admin account. Navigate to SWITCH TO and select DOCUSIGN ADMIN.
Click on Domains.
Select CLAIM DOMAIN. Enter your domain name (e.g. test.com) and click on Claim.
After adding your domain, click on Get the Validation Token.
Copy the token, go to your domain’ DNS server, and add a TXT record with the received token. This will validate your domain name in DocuSign.
Return to the DocuSign dashboard. In the Domains section, click on Action and select Validate.
Go back and select Identity Providers under the Access Management section.
Enter the below information in the blank fields:
- Name: Type an optional name like Acceptto
- Identity Provider Issuer: The issuer found in the Acceptto metadata (e.g. https://sso.acceptto.com/<myorganization>/saml)
- Identity Provider Login URL: The login URL found in the Acceptto metadata (e.g. https://sso.acceptto.com/<myorganization>/saml/auth)
- Identity Provider Logout URL: The Logout URL found in the metadata (e.g. https://sso.acceptto.com/<myorganization>/saml/logout)
- Identity Provider Metadata URL: The Metadata URL found in the Acceptto metadata (e.g. https://sso.acceptto.com/<myorganization>/saml/download/metadata)
- Check the Enable-Third Party Login box.
Set Send AuthN and Send Logout to Post. Then, add the below attributes as you can see in the picture below.
Field
Attribute Name
emailaddress
emailaddress
surename
surename
givenname
givenname
Save the configuration and select Add New Certificate on the Identity Provider page. Import the Acceptto Certificate which has been downloaded in the first step.
On the Identity Provider page, click on Action and select Endpoints. You can find all the URLs you need for configuring the Acceptto Application. Keep this data for the next section.

Field	Attribute Name
emailaddress	emailaddress
surename	surename
givenname	givenname

Acceptto SAML Configuration as Identity Provider (IdP)

Login to the Acceptto Dashboard with an administrative account and go to Applications.
Create a new application by selecting the Create New Application.
In the New Application form, enter the following values under the General tab.
- Name - The application name displayed in the admin panel and application portal and used for push notifications and audit logs (e.g. DocuSign).
- Type - Select "SAML Service Provider" from the options.
- Out of Band Methods - Select the allowed methods for approving MFA requests
- Message for MFA Requests - Enter the user-facing message for Push, SMS, and email MFA requests (optional)
Under the SAML Service Provider Configuration tab, enter the following values:
- Issuer or Entity ID – Copy SP Issuer URL from DocuSign Endpoints
- Sign in URL - Copy SP Login URL from DocuSign Endpoints
- Metadata URL- Copy SP Metadata URL from DocuSign Endpoints
- NameID Format - Email Address
- Name Identifier - Email
- ACS URL - Copy SP ACS URL from DocuSign Endpoints
Navigate to Add New Attribute Assertion and populate the fields like the table below:
Friendly Name
Name
Value
Name Format
Email
emailaddress
mail
basic
Last Name
surename
sn
basic
First Name
givenname
givenName
basic
Click Save.

Friendly Name	Name	Value	Name Format
Email	emailaddress	mail	basic
Last Name	surename	sn	basic
First Name	givenname	givenName	basic

Test your application integration

Go to your DocuSign login portal and enter your username.
Click on CONTINUE and then on USE COMPANY LOGIN.
You will be redirected to the Acceptto SSO page.
After successful authentication, you’ll see Acceptto’s MFA options. Select your desired method.
After approving the authentication attempt, you will be redirected to your DocuSign landing page.

Support

If you have questions or need assistance, contact SecureAuth Support.

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.

In this section: