Just in time provisioning - two domains on same Azure tenancy

Hello @TheWizard ,

Welcome to the DocuSign Community and thank you for posting your concerns!

I understand you are looking to configure your claimed domains to map to a specific account under your organization using a single Identity Provider.

Please note that domains cannot be mapped directly to a specific account.

You would need to use Advanced Just in Time (JIT) provisioning to handle this, but that would all be configured within the Identity Provider. You would have to configure the Identity Provider to send us the accountid and permissionprofileid in your SAML Requests. If you do that correctly, then JIT will provision the user into the account defined in that call, with the permission profile defined in that call: Just in Time Provisioning

Regarding the configuration of the above, we don’t really have any documentation as this is something that is configured in the Identity Provider (IdP) itself, and all IdP are different, so I would recommend you contact their support for assistance if needed.

Let us know if you need further assistance with this.

Best regards,

Nathaly | DocuSign Community Moderator
"Select as Best" below if you find the answer a valid solution to your issue!
 

@TheWizard -  The ability to differentiate users from different domains and assign them to different GUIDs during JIT provisioning largely depends on the capabilities of your Identity Provider (IdP) and the configuration options it provides. Some IdPs may allow you to set up rules or policies that can differentiate users based on their domain and assign them to different GUIDs or groups accordingly.

If your IdP supports such functionality, you could potentially set up JIT provisioning to differentiate users from Domain A and Domain B and assign them to different GUIDs. If not, you might need to explore other solutions or workarounds, such as manually managing the users from different domains until you are able to merge the domains and change all users’ emails.

It’s recommended to consult with your IdP’s support or documentation for specific instructions or guidance related to your scenario. If your current IdP doesn’t support this functionality, you might also consider whether switching to a different IdP that does support this functionality would be feasible for your organization.