• Link PingOne to an identity repository containing the users requiring application access.
  • Make sure DocuSign has a valid domain, an organization created, and is populated with at least one user to test access.
  • You must have administrative access to PingOne and DocuSign.
  1. Copy the PingOne values for the Supplied DocuSign Application.
    1. Sign on to PingOne for Enterprise, go to Applications > Application Catalog, and search for DocuSign.

      Screen capture of the Application Catalog in PingOne for Enterprise with a completed search for DocuSign in the Search Field. In the list of applications, the DocuSign 2.0 Production application name's expand button is highlighted in red.
    2. Expand the DocuSign 2.0 - Production entry and click the Setup icon.
    3. Copy the Issuer and IdP ID values.
    4. Download the Signing Certificate.

      Screen capture of the SSO Instructions Signing Certificate field with the download button highlighted in red, and the IdP ID and Issuer configuration parameter fields higlighted in red.
  2. Add the PingOne IdP Connection to DocuSign.
    1. Sign on to your DocuSign Admin organization as an administrator.
    2. In the left navigation pane, select Identity Providers, and then click Add Identity Provider.

      Screen capture of the DocuSign Admin portal open to the Identity Providers window with the Add Identity Provider button highlighted in red.
    3. Configure the following fields
      Field Value

      Name

      A name for the identity provider.

      Identity Provider Issuer

      Enter the Issue value from PingID.

      Identity Provider Login URL

      https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<The PingOne IdP ID value>

      Send AuthN Request by

      Click POST.

      Select Send Logout Request by

      Click POST.

      Screen capture of the Add Identity Provider fields for SSO Protocol: SAML 2.0.. The Name, Identity Provider Issuer, and Identity Provider Login URL fields are required.
    4. In the Custom Attribute Mapping section, click Add New Mapping, and then:
      • In the Field list, select surname, then enter surname in the Attribute field.
      • In the Field list, select givenname, then enter givenname in the Attribute field.
      • In the Field list, select emailaddress, then enter emailaddress in the Attribute field.
    5. Click Save.
    6. Click Add New Certificate.

      Screen capture of the PingOne identity provider with no current valid certificate. The Add New Certificate button is highlighted in red.
    7. Click Add Certificate.

      Screen capture of the Identity Provider Certificates field with the Add Certificate button highlighted in red.
    8. Select the signing certificate that you downloaded from PingOne. Click Save.
    9. In the Actions list for the IdP that you created, select Endpoints.

      Screen capture of the Identity Providers list with the PingOne identity provider Actions menu expanded. The Endpoints option is highlighted in red.
    10. Copy the Service Provider Issuer URL and Service Provider Assertion Consumer Service URL values.

      Screen capture of the Service Provider Issuer URL and Service Provider Assertion Consumer Service URL fields highlighted in red.

    The DocuSign connection configuration is complete.

    Note:

    After testing, you can set the domain to require IP authentication to remove the DocuSign sign-on screen.

  3. Complete the DocuSign setup in PingOne:
    1. Continue editing the DocuSign entry in PingOne for Enterprise.
      Note:

      If the session has timed out, complete the initial steps to the point of clicking Setup.

    2. Click Continue to Next Step.
    3. Set the ACS URL to the DocuSign Service Provider Assertion Consumer Service URL value.
    4. Set the Entity ID to the DocuSign Service Provider Issuer URL value.

      Screen capture of the Connection Configuration section with the ACS URL and Entity ID fields filled in.
      Note:

      Do not just update the organization ID.

    5. Click Continue to Next Step.
    6. Map the required attributes to the corresponding attribute names in your environment.
      Note:

      The corresponding attribute names might not be an exact match.


      Screen capture of the Attribute Mapping section with the Identity Bridge Attribute or Literal Value fields highlighted in red for the SAML_SUBJECT, emailaddress, givenname, and surname application attributes.
    7. On the SAML_SUBJECT line, click Advanced, and change the name format you're sending to DocuSign to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.
    8. Click Continue to Next Step twice.
    9. Click Add for all user groups that should have access to DocuSign.

      Screen capture of the Group Access section with the list of user groups that should have access to the Docusign application.
    10. Click Continue to Next Step.
    11. Click Finish.
    PingOne configuration is complete.
  4. Test the PingOne IdP-initiated SSO integration.
    1. Go to your Ping desktop as a user with DocuSign access.
      Note:

      To find the Ping desktop URL in the Admin console, go to Setup > Dock > PingOne Dock URL.

    2. Complete the PingOne authentication.

      You're redirected to your DocuSign domain.


      Screen capture of the DocuSign domain.
  5. Test the PingOne SP-initiated SSO integration.
    1. Go to https://account.docusign.com.
    2. Enter your email address.
    3. Click Use Company Login.
    4. When you're redirected to PingOne, enter your PingOne username and password.

      Screen capture of the PingOne sign-on page.

    After successful authentication, you're redirected back to DocuSign.


    Screen capture of the DocuSign domain.