DocuSign cloud application

You must be signed in as a super administrator for this task.

Using Security Assertion Markup Language (SAML), your users can use their Google Cloud credentials to sign in to enterprise-cloud applications.

Set up SSO via SAML for DocuSign

Here's how to set up single sign-on (SSO) via SAML for the DocuSign® application.  

Step 1: Set up DocuSign as a SAML 2.0 service provider (SP)

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Security and then Set up single sign-on (SSO).

    To see Security, you might have to click More controls at the bottom. 

  3. Click the Download button to download the Google IdP metadata and the X.509 Certificate.
  4. In a new browser tab, go to the Domains page in DocuSign Admin.
    Note: You must have SSO enabled on your account by your DocuSign Account Manager in order to access both the Domains and Identity Providers screen in DocuSign.
  5. Click Claim Domain, and add the domain for your Google service.
  6. Add the Google TXT token you configured with your DNS records.
  7. Click Identity Providers > Add Identity Provider.
  8. Paste the SSO URL from the Google Admin console into the Identity Provider Login URL field in DocuSign.
  9. Paste the Entity ID from the Google Admin console into the Identity Provider Issuer​ field in DocuSign.
  10. Click Add New Certificate​. You'll find it next to your new Identity Provider listing.
  11. Click the Add Certificate button at the bottom of the page.
  12. Upload the Google X.509 certificate you downloaded in Step 3.
  13. Click Save to exit.
  14. Click the Actions​ button next to your new, valid listing, and select Endpoints.
  15. Copy and save the four values shown. 
  16. Proceed to the next section to set up Google as a SAML identity provider (IdP).

Step 2: Set up Google as a SAML identity provider (IdP)

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Apps and then SAML Apps.

    To see Apps on the Home page, you might have to click More controls at the bottom. 

  3. Click the plus (+) icon at bottom right.
  4. Locate and click DocuSign in the application list. The values on the Google IDP Information page automatically populate.
  5. Click Next.

    The Basic information window shows the Application name and Description seen by users

  6. Click Next.
Step 3: Enter service provider details in Google Admin console
  1. In the Service Provider Details section, enter the following URLs into the Entity IDACS URL, and Start URL fields:
            ACS URL:  Enter the value for Service Provider Assertion Consumer Service URL​ from step 15 of Set up DocuSign as a SAML 2.0 service provider (SP).
            Entity ID:   Enter the value for Service Provider Issuer URL​ from step 15 of Set up DocuSign as a SAML 2.0 service provider (SP).
            Start URL: Enter the value for Service Provider Login URL​ from step 15 of Set up DocuSign as a SAML 2.0 service provider (SP).
  2. Check Signed Response.
    When the Signed Response checkbox is unchecked, only the assertion is signed. When the Signed Response checkbox is checked, the entire response is signed.
  3. The default Name ID is the primary email. Multi-value input is not supported. You can change the Name ID mapping as per your requirement. Custom attributes of the user schema can also be used after creating them via Google Admin SDK APIs. The custom attributes for the user schema need to be created prior to setting up the DocuSign SAML application. 
  4. Click Next.
  5. Click Add new mapping and map the attribute value "emailAddress" to Basic Information > Primary Email and the attribute value "name" to Basic Information > First Name.
  6. In the drop-down list, map the attribute from the Google profile by first selecting the Category and then choosing a User attribute.
  7. Click Add new mapping​ and add a new attribute value "surname".
  8. Map attribute value "surname" to Basic Information > Last Name​. 
  9. Click Add new mapping​ and add a new attribute value "givenname".
  10. Map attribute value "givenname" to Basic Information > First Name​. 
  11. Click Finish.
Step 4: Enable the DocuSign app
  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Apps and then SAML Apps.

    To see Apps on the Home page, you might have to click More controls at the bottom. 

  3. Select DocuSign.
  4. At the top right of the gray box, click Edit Service Compose.

  5. To apply settings to all organizations, click On for everyone or Off for everyone, and then click Save

  6. To apply settings to individual organizational units, do the following: 

    • At the left, select the organizational unit that contains the users whose settings you want to change.
    • To change the setting, select On or Off.
    • To keep the setting the same, even if the parent setting changes, click Override.
    • If the organization's status is already Overridden, choose an option:
      Inherit—Reverts to the same setting as its parent.
      Save—Saves your new setting (even if the parent setting changes).

    Learn more about the organizational structure.

  7. Ensure that your DocuSign user account email IDs match those in the domain for your Google service.
Step 5: Verify that the SSO is working
  1. Open https://www.docusign.net, enter your G Suite email address and click Continue​. Do not enter your password on the next screen. Click Use Company Login​ instead. You should be automatically redirected to the Google sign in page.
  2. Enter your sign in credentials.
  3. After your sign in credentials are authenticated you're automatically redirected back to DocuSign.

For more detailed information on configuring DocuSign SSO, see the DocuSign SSO Implementation Guide.

Step 6: Set up user provisioning

As a super administrator, you can automatically provision users in the DocuSign application.

Was this article helpful?
How can we improve it?