DocuSign <-> Azure SSO

Question

DocuSign <-> Azure SSO

Inji Song 5

Dear Team,

my client have successfully done the SSO setting in Azure and DocuSign side, however, we would like to user to provisioning to their each owned account and we have found that we need to send the accountID and permissionID to docusign side as below.

https://support.docusign.com/en/guides/org-admin-guide-identity-providers

I want to create the two below custom attribute :

1- accountid (Optional):
The DocuSign ID for the account associated with the user. If specified, this accountId will be used during just-in-time provisioning. This is the account that the user will be provisioned into when the user is created on first login. The accountId must be in the account GUID format. This must be specified in conjunction with the PermissionProfileId below, otherwise login will fail.

2- permissionprofileid (Optional):
The DocuSign ID of the Permission Profile associated with the user. Permission Profiles are sets of account permission settings that can be applied to individual users. Using this option allows new users to be assigned to a permission profile when they are added to the account. The ID information can be retrieved using the REST API.

Is there any way to set up from Azure side to send the accountID and permissionID to DocuSign side?

How this can be done?

Kindly share us the guidance.

Thanks,

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2023-03-31T05:27:56.2533333+00:00

Hello @Inji Song , I'm working on your question and will come back with a solution ASAP.
Inji Song 5 Reputation points

2023-04-03T07:33:05.48+00:00

@Alfredo Revilla - Upwork Top Talent | IAM SWE SWA Is there any update regarding my question..?
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2023-04-05T17:23:22.4+00:00

Apologies for the delay, I will need a couple more days to finish my research.
Inji Song 5 Reputation points

2023-04-13T04:22:44.24+00:00

@Alfredo Revilla - Upwork Top Talent | IAM SWE SWA Any updates?
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2023-04-13T20:16:28.77+00:00

Hi @Inji Song , research done I need to replicate your scenario. I'm setting it right now. Let's continue with this thread offline. Please mail me to azcommunity@microsoft.com with Subject Attn: Alfredo Revilla and include a link to the current thread.
Inji Song 5 Reputation points

2023-04-17T00:21:13.92+00:00

Hi @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA , i have just sent you ane email to azcommunity@microsoft.com with subject attn:Alfredo Revilla. kindly double check the email and will wait for your reply.

1 answer

Your answer

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2023-03-31T05:27:56.2533333+00:00

Hello @Inji Song , I'm working on your question and will come back with a solution ASAP.
Inji Song 5 Reputation points

2023-04-03T07:33:05.48+00:00

@Alfredo Revilla - Upwork Top Talent | IAM SWE SWA Is there any update regarding my question..?
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2023-04-05T17:23:22.4+00:00

Apologies for the delay, I will need a couple more days to finish my research.
Inji Song 5 Reputation points

2023-04-13T04:22:44.24+00:00

@Alfredo Revilla - Upwork Top Talent | IAM SWE SWA Any updates?
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2023-04-13T20:16:28.77+00:00

Hi @Inji Song , research done I need to replicate your scenario. I'm setting it right now. Let's continue with this thread offline. Please mail me to azcommunity@microsoft.com with Subject Attn: Alfredo Revilla and include a link to the current thread.
Inji Song 5 Reputation points

2023-04-17T00:21:13.92+00:00

Hi @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA , i have just sent you ane email to azcommunity@microsoft.com with subject attn:Alfredo Revilla. kindly double check the email and will wait for your reply.

Answer 1

Hello @Inji Song , apologies for the delay. I could not get ahold of a DocuSign SSO enabled test env/subscription but I think we can make this work using Azure AD only.

First, you need to choose where to store the aforementioned values per user. You can use any of the following:

Extension attributes: The easiest to implement. These properties were initially custom attributes provided in on-premises Active Directory (AD) and Microsoft Exchange. However, they can now be used for more than syncing on-premises AD and Microsoft Exchange data to Azure AD through Microsoft Graph.
Directory (Azure AD) extensions: You can create 2 extensions in the DocuSign enterprise app.

Then you can configure the Azure AD DocuSign enterprise app SAML token claims to match what DocuSign expects:

Using extension attributes:

Add new claim:
Source it from Attribute
Select the appropiate attribute (user.extensionattribute1 in this case)

User's image

Click Save

Using Directory Extensions:

Add new claim
Source it from Directory schema extension (preview)
Select the DocuSign enteprise application or the application where the directory extension was created:

User's image

Select extension attribute:

User's image

Click Add
Click Save

Follow the same steps in order to add the permissionprofileid claim.

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

Share via

DocuSign <-> Azure SSO

1 answer

Using extension attributes:

Using Directory Extensions:

Your answer