PingOne for Enterprise

Adding DocuSign to Your PingOne for Enterprise Dock

Add the DocuSign application your PingOne for Enterprise dock from the application catalog.

About this task

For more information about configuring an identity provider for DocuSign, see Set Up an Identity Provider in the DocuSign documentation.

Steps

  1. In the PingOne for Enterprise admin console, go to Applications → Application Catalog.

  2. Optional: In the Search field, search for the application.

  3. Click the DocuSign 2.0 - Production application line to expand it and then click Setup.

Next steps

Click Continue to Next Step.

Docusign Connection Configuration

Steps

  1. Import the metadata for DocuSign:

    Choose from:

    • Click Select File to upload the metadata file.

    • Click Or use URL to enter the URL of the metadata.

  2. Required: In the ACS URL and Entity ID fields, replace the ${customer-organization-ID-goes-here} variable with the value in your DocuSign account.

  3. In the Target Resource field, enter a URL to redirect the user to after IdP-initiated single sign-on (SSO).

  4. In the Single Logout Endpoint field, enter a URL for PingOne to send single logout (SLO) requests to.

  5. In the Single Logout Response Endpoint field, enter a URL for PingOne to send SLO responses to.

  6. To add a Primary Verification Certificate, click Browse to locate and upload a local certificate file used to verify SLO requests and responses coming from DocuSign.

  7. To add a Secondary Verification Certificate, click Browse to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.

  8. Select the Force Re-authentication check box to require your identity bridge to re-authenticate users with an active SSO session.

  9. Select the Encrypt Assertion check box to encrypt outgoing SAML assertions.

  10. On the Signing line:

    Choose from:

    • Click Sign Assertion to have PingOne sign outgoing SAML assertions. This is the default option.

    • Click Sign Response to have PingOne sign responses to incoming SAML assertions.

  11. From the Signing Algorithm list, select an algorithm with which to sign SAML assertions.

  12. Select the Use Custom URL check box to enter a customer URL to launch DocuSign from the dock.

Next steps

Click Continue to Next Step.

DocuSign Attribute Mapping

About this task

For DocuSign, the required attributes are:

  • SAML_SUBJECT: Map to your username attribute.

    On the SAML_SUBJECT line, click Advanced.

    In the Name ID Format to send to SP list, select urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.

    Click Save.

  • emailaddress: Map to your email attribute. This can be the same as your username attribute.

  • givenname: Map to your first name attribute.

  • surname: Map to your last name attribute.

DocuSign also creates two optional attributes.

  • accountid: Map to your account ID attribute.

  • permissionprofileid: Map to your permission profile id, for example memberof.

Steps

  1. To add an additional optional attribute, click Add new attribute.

  2. In the Application Attribute field, enter the attribute name as it appears in the application.

  3. In the Identity Bridge Attribute or Literal Value field, choose one of the following:

    Choose from:

    • To map to the application attribute: Enter or select a directory attribute.

    • To assign to the application attribute: Select As Literal, then enter a literal value.

  4. To create advanced attribute mappings, click Advanced.

    For more information, see Create advanced attribute mappings.

Next steps

Click Continue to Next Step.

DocuSign Customization

Steps

  • To change the application icon, click Select image and upload a local image file.

    The image file must be:

    • PNG, GIF, or JPG format

    • 312 x 52 pixels maximum

    • 2 MB maximum file size

      Images are scaled to 64 x 64 pixels for display.

  • To change the name of the application displayed on the dock, in the Name field, enter a new name.

  • To change the description of the application, in the Description field, enter the new description text.

  • To change the category to which the application is assigned on the dock, in the Category list, select a category.

    For information about creating custom application categories, see Creating a custom application category.

Next steps

Click Continue to Next Step.

DocuSign Group Access

About this task

The Group Access tab shows every user group that you have created.

For more information about creating user groups, see Add user groups.

Steps

  • To add a group’s access to the application, on the line for that group, click Add.

  • To remove a group’s access, on the line for that group, click Remove.

  • When you’re finished assigning groups, click Continue to Next Step.

Next steps

On the Review Setup tab, review your configuration, and click Finish to add the application to your PingOne Dock.

DocuSign SAML connection

About this task

Keep the PingOne for Enterprise Review Setup tab open. You will need values from the Review Setup tab to complete your configuration in DocuSign.

Steps

  1. In a separate tab or window, sign on to the DocuSign administrative console.

  2. From the DocuSign dashboard, click Identity Providers, then click Add Identity Provider.

  3. In the Identity Provider Settings form, enter the following information:

    Field Value

    Name

    Enter a name for this connection.

    Identity Provider Issuer

    Issuer

    Identity Provider Login URL

    https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<idpid>

    Replace <idpid> with the idpid value.

    Optional: Identity Provider Logout URL

    Single Logout Endpoint

    Optional: Identity Provider Metadata URL

    SAML Metadata URL

  4. In PingOne for Enterprise, click Download to download the Signing Certificate.

  5. In DocuSign, click Add Certificate and upload the PingOne for Enterprise signing certificate you downloaded.

  6. Click Save.