DocuSign SSO Authentication using SAML / AD

0
votes

Within our application we provide a DocuSign integration which uses DocuSign.eSign.dll from DocuSign C# Client.

We currently use the Legacy Header Authentication to authenticate.

One of our customers, would like to enable single sign on using Azure Active Directory. They have set up their account as described on Tutorial: Azure Active Directory integration with DocuSign already (for the DocuSign App).

How do we change our integration to allow Single Sign On using SAML? What API methods do we use? Does the DocuSign C# Client support this?

2
docusignapi

2 Answers

1
votes

Legacy Header does not support SSO Authentication. For legacy header to work, users must have a password.

You will either need to grant a Login Policy Exception (to allow them to bypass SSO) to each user that needs to authenticate via the API, or you will need to implement OAuth token authentication.

An example of OAuth token authentication in C# is available on GitHub: https://github.com/docusign/eg-03-csharp-auth-code-grant-core

1
votes

Once SSO is implemented by your client and has enabled mandatory SSO in their DocuSign configuration, then you should use OAUTH either using Authorization Code Grant-User Application or JSON Web Token Grant-System Integration to generate AccessToken for your Client API user. JSON Web Token Grant is normally used when System Integration is happening in your Integration with DocuSign. In Either way, you need to ask Client API user to provide User Consent to your IntegratorKey, so that your IntegratorKey can generate AccessToken on Client API User's behalf. Obtaining Consent explains how to get User Consent for Either User Application or System Integration. In Providing the consent to your Integrator, Customers will login to DocuSign via their SSO setup, in the same way how they login to DocuSign to access DocuSign WebApp.