Okta

How to Configure SAML 2.0 for DocuSign

The DocuSign Enterprise Edition is required to use SAML. In addition, DocuSign charges a one-time activation fee for SAML. Contact your DocuSign sales representative for pricing details.


We have two sets of instructions, one for older DocuSign tenants, one for newer tenants. It should be clear when you log in to DocuSign what functionality is available for you.


Variables


You will need some of the following auto-generated variables for your SAML configuration, for both New and Old DocuSign tenants:


New DocuSign Tenants

If you have a new DocuSign tenant, follow the steps below to set up SAML:

  1. Log into your DocuSign Tenant's admin section as a user with administrator privileges.

  2. Select Identity Providers in the left nav:

    Note that if you are unable to see these options, you probably have an older DocuSign tenant, see Old DocuSign Tenants for instructions.

    select Identity providers in left nav

  3. Click on ADD IDENTITY PROVIDER:

    Click ADD IDENTITY PROVIDER

  4. Enter the following:

    • Name: Enter a name for the Identity Provider.

    • Identity Provider Issuer: Copy and paste the value from the Variables section, above.

    • Identity Provider Login URL: Copy and paste the value from the Variables section, above.

    • Identity Provider Logout URL: Copy and paste the value from the Variables section, above.

    • For Send Authn Request by, select POST.

    • For Select Send Logout Request by, select POST.

    Enter SAML Config values in Docusign

  5. Scroll down to the Custom Attribute Mapping section, click ADD NEW MAPPING then add the following three mappings:

    • Select surname from the Field dropdown menu, then type surname in the Attribute field.

    • Select givenname from the Field dropdown menu, then type givenname in the Attribute field.

    • Select emailaddress from the Field dropdown menu, then type emailaddress in the Attribute field.

    “docusign_new4a.png"

  6. In the Identity Provider Certificates section:

    • First download your x.509 certificate in .cert Format. Go to the Variables section, above, to download this certificate.

    • Click ADD CERTIFICATE, then upload the certificate you just downloaded.

    • Click SAVE.

    “docusign_new4b.png"

  7. Back in the Identity Providers section, select Endpoints from the ACTIONS dropdown menu for the Identity Provider you just created.

    “docusign_new5.png"

  8. Make a copy of the values for the Service Provider Issuer URL and the Service Provider Assertion Consumer Service URL as shown below, then click CLOSE:

    “docusign_new6.png"

  9. In Okta, select the General tab for the DocuSign app, click Edit, then enter the following:

    • Assertion Consumer Service URL: Enter the value you copied from DocuSign’s Service Provider Assertion Consumer Service URL field.

    • Service Provider Issuer URL: Enter the value you copied from DocuSign’s Service Provider Issuer URL field.

    • Click Save

    “docusign_new7.png"


Old DocuSign Tenants

  1. Please contact your DocuSign account manager to get your DocuSign account setup for SAML 2.0 access. Copy and paste the fields below to compose the message, substituting your company name for <YOUR COMPANY>.

  2. Download your Identity Provider Certificate and attach it to your email. Go to the Variables section, above to download this certificate.

  3. Send the email and wait for further instructions from DocuSign on how to enable SAML for your organization. 

  4. If you want to allow your users to sign on to DocuSign immediately, you can change the sign-on mode to Secure Web Authentication. No further further configuration will be required by you if you choose Secure Web Authentication.You can assign DocuSign access to your users at anytime from their user profile. Go to People to view and edit user profiles.