--- title: Provisioning Docusign with PingOne description: Provision Docusign in PingOne. component: pingone page_id: pingone:integrations:p1_provisioning_connection_docusign canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_provisioning_connection_docusign.html revdate: April 10, 2026 section_ids: provisioning-capabilities: Provisioning capabilities before-you-begin: Before you begin steps: Steps result: Result: validation: Validation docusign-directory-attributes: Docusign directory attributes docusign-provisioning-known-limitations: Docusign provisioning known limitations --- # Provisioning Docusign with PingOne Docusign is a cloud-based service for electronic signatures and managing agreements. By using the Docusign connection in PingOne, you can provision users and groups between your Docusign account and PingOne, ensuring seamless access control and identity management. ## Provisioning capabilities The following table summarizes the inbound and outbound provisioning capabilities for each resource type: | Resource | Capability | Description | Inbound | Outbound | | ---------- | -------------- | ------------------------------------------------------------ | ------- | -------- | | User | Create | Generates a new user record in the destination. | Yes | Yes | | | Read | Retrieves or polls user attributes for synchronization. | Yes | Yes | | | Update | Modifies existing attributes, such as `job title`. | Yes | Yes | | | Delete | Deletes a user or temporarily suspends an account. | Yes | Yes | | Group | Create | Provisions a new group in the target application. | No | Yes | | | Rename | Updates the display name or identifier of an existing group. | No | Yes | | | Delete | Removes a group from the target application. | No | Yes | | Membership | Add and remove | Adds or removes users from groups. | No | Yes | ## Before you begin Make sure that you have: * A Docusign administrative account. Learn more in [Existing Docusign Customer](https://support.docusign.com/s/document-item?language=en_US\&bundleId=rrf1583359212854\&topicId=xbe1583359132742.html&_LANG=enus) in the Docusign documentation. * The following from your Docusign account for OAuth authentication: * **Client ID** * **Client Secret** * **Refresh Token** * **Token Endpoint** * Users assigned to a specific population or group in PingOne designated for DocSign provisioning. Learn more in [Adding a user](../directory/p1_adduser.html) and [Managing groups](../directory/p1_managing_groups.html). ## Steps 1. Create a Docusign connection: 1. In the PingOne admin console, go to **Integrations > Provisioning**. 2. Click **[icon: plus, set=fa]**and then click **New Connection**. 3. Click **Select** for **Identity Store**. 4. Click **Select** for the **Docusign** connection, and click **Next**. 5. Enter a **Name** and **Description** for this provisioning connection. 6. Click **Next**. 7. []()In the **Configure Authentication** section, enter the following configurations that apply to your Docusign account: * **Service URI**: Enter the base URL for the Docusign API endpoint, for example, `https://demo.docusign.net`. * **Authentication Method**: Select **OAUTH** and enter the following: | Configuration | Example | | ------------------ | ------------------------------------------------------------------ | | **Account** | `12345678-90ab-cdef-1234-567890abcdef` | | **Client ID** | `9f3b2c1d-4e5f-6789-abcd-1234567890ef` | | **Client Secret** | `7y3b2c8e-4e5f-6776-rtyu-1564525790df` | | **Token Endpoint** | `https://account-d.docusign.com/oauth/token` | | **Grant Type** | `refresh_token` | | **Refresh Token** | `bcX7LM_-aQMAAAAAAAAAAGh3kTQPLmNZ933_wEr8JkLm4pQz7yHtYU-VbNQ-DtKp` | 8. Click **Test Connection** to verify that PingOne can establish a connection to the Docusign. ### Result: If there are any issues with the connection, a **Test Connection Failed** modal opens. Click **Continue** to resume the setup with an invalid connection. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | You can't use the connection for provisioning until you've established a valid connection to Docusign. If the connection fails, click **Cancel** in the **Test Connection Failed** modal, verify that you have entered the configuration details in [step g](#p1_configure_authenication_step) correctly, and try again. | 9. Click **Next**. 10. In the **User Actions** section, enter the following as needed: | Field | Description | | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Enable users creation** | Creates a user in the target identity store when the user is created in the source identity store. | | **Enable users updation** | Updates user attributes in the target identity store when the user is updated in the source identity store.If **Enable users updation** is selected, you can choose to select **Enable users disable**, which disables a user in the target identity store when the user is disabled in the source identity store. | | **Enable users deprovision** | Deprovisions a user in the target identity store when the user is deprovisioned in the source identity store. If **Enable users deprovision** is selected, the following options appear:- **Remove Action**: Removes or disables a user in the target identity store when the user is deleted in the source identity store. Select **Delete** or **Disable**. Remove Action is only available if you select Enable users disable. - **Deprovision on rule deletion**: Deprovisions users if the associated provisioning rule is deleted. | 11. Click **Save**. 12. To enable the connection, click the toggle at the top of the details panel to the right (blue). | | | | - | ------------------------------------------------------------------------- | | | You can disable the connection by clicking the toggle to the left (gray). | 2. Create an [inbound](p1_create_provisioning_rule_inbound.html) or [outbound](p1_create_provisioning_rule_outbound.html) rule and select the existing Docusign connection as the target or source. You can optionally add [attribute mappings](#docusign-directory-attributes). | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Directly mapping the PingOne **Enabled** attribute Boolean to the Docusign `userStatus` attribute String causes a schema error. To prevent this, PingOne provides a default, optional attribute mapping that uses a Spring Expression Language (SpEL) expression to convert the values, such as mapping `true` to `Active`.For Docusign inbound rules, enabling the **Sync Only Active Users** configuration in the **Onboarding Settings** panel triggers an immediate full resync. Any users currently in PingOne who were previously provisioned by this specific rule, but don't have an **Active** status, will be deleted from PingOne. | ## Validation Confirm users and groups are successfully provisioned to Docusign. View the [sync status](p1_view_sync_status.html) to review synchronization results and any errors. You can find examples in [Outbound provisioning sync summary examples](p1_outbound_group_provisioning_sync_summary_examples.html). ## Docusign directory attributes The following table lists common Docusign attributes that can be mapped for user provisioning: | Attribute | Description | | ----------- | ----------------------------------------------- | | `userName` | The unique identifier or username for the user. | | `email` | The user's primary email address. | | `firstName` | The user's first name. | | `lastName` | The user's last name. | | `jobTitle` | The professional title assigned to the user. | ## Docusign provisioning known limitations The following limitations apply to the Docusign provisioning: * Docusign doesn't support disabling Docusign user accounts. * Currently, user filtering isn't supported for inbound rules. All users from the source Docusign instance will be provisioned to PingOne. * For inbound provisioning, data updates once a day. The sync occurs daily at the time the initial full-sync completed. Manual syncs don't change this schedule. Changes in the source appear in PingOne after the daily update. * Using both inbound and outbound sync rules for the same application can cause issues, such as duplicate users, because the rules operate independently.