Skip to main content

I need to do an integration between Azure Active directory and Docusign for user provisioning. I need that once a user is provisioned in AD, AD should directly provision user in Docusign. It is different from Just in time provisioning. Is there a documentation where that is explained ?

Hi,

Thank you for reaching out here in the DocuSign Community. 

Just-in-Time Provisioning automatically creates a user membership if the user in question tries to access DocuSign and has the appropriate permissions in their Identity Provider's permission profile.

For more details on how to work with SSO and Just in Time Provisioning, see:

How do I utilize just-in-time provisioning as a DocuSign Administrator?

At the moment this is the only automated user creation workflow offered as part of DocuSign eSignature Admin, any other solution would require a custom integration to be developed or purchased.

In order to understand how your use case differs from that of Just in Time provisioning, please include more details on the goal behind your business need in this scenario.

Feel free to let us know if you need further assistance with this. 

Thank you for using DocuSign, we hope you have a wonderful rest of your day! 

Best regards, 

Alejandro R. | DocuSign Community Moderator 

"Select as Bestbelow if you find the answer a valid solution to your issue! 


Actually for Just in time we are stuck for advanced provisioning because our Azure Admin should find a way to pass permission to Docusign via SAML response. He is struggling because this may require him to use custom fields at Azure level and it may creates an issue on synchronisation between Azure and Local AD.

Instead of that our Azure admin recommended automatic provisioning from Azure directly as explained here Tutorial: Configure DocuSign for automatic user provisioning with Azure Active Directory - Microsoft Entra | Microsoft Learn

Now i am struggling to know how to create an account at Docusign and the step to follow at Docusign to enable that integration since i don t find any documentation


Hi,

Thank you for following up.

The guide you reference is actually leading you through the setup needed within Azure in order to use Just-in-Time Provisioning with DocuSign eSignature.

The general idea outlined in the article is how to set user "Assignments"/Permissions, in order to trigger Just in Time Provisioning in DocuSign.

Regarding the DocuSign account that you should connect to Azure, this is referring to your company's paid DocuSign account. Mainly because SSO is a feature only available to our corporate contracts.

From a DocuSign point of view, you would be missing the SSO setup in your Organization in order to be able to integrate with Azure AD.

These would be the steps to follow in order to configure SSO access in your DocuSing Organization:

  1. Claiming your domain.
  2. Setting up your ID provider. // (Azure config)
  3. Testing SSO access.
  4. Setting up security requirements for account login (SSO mandatory or not and for whom)

You can find the whole SSO configuration guide, here:

DocuSign Single Sign-On Overview

Please don't hesitate in letting me know if you have any other questions or concerns and I will address them as soon as possible. 

Best regards, 

Alejandro R. | DocuSign Community Moderator 

"Select as Bestbelow if you find the answer a valid solution to your issue! 


It seems like i have to create a provisioning account for Azure on Docusign.


Hi,

Thank you for reaching back.

Yes, it is necessary for you to have a paid production account with an enterprise plan or equivalent setup, in order to be able to use Azure for your SSO integration.

Please don't hesitate in letting me know if you have any other questions or concerns and I will address them as soon as possible. 

Best regards, 

Alejandro R. | DocuSign Community Moderator 

"Select as Bestbelow if you find the answer a valid solution to your issue! 


Hi,​ 

If I may add a question, as I think I face a very similar challenge as Steve Kitio.

We have actually already SSO incl. just-in time provisioning enabled. I wanted now to further improve this, with also having an automated de-provisioning of users that left the company. I came across the same article from MS that was mentioned earlier, as it states: The objective of this tutorial is to show you the steps you need to perform in DocuSign and Azure AD to automatically provision and de-provision user accounts from Azure AD to DocuSign.

If I understand you right, you are saying that this info is wrong and that automated de-provisioning is currently not available and needs a custom built integration. Is that correct?

I am actually a bit more than surprised if that is the case and DocuSign does not support an out-of-the box solution for automated provisioning AND de-provisioning of users via Azure AD.

Thanks a lot for your feedback!

Best regards

Steven


Hi,

I appreciate you sharing your concern. The configuration mentioned in the Azure AD documentation provided applies for both provisioning and de-provisioning users.

The general idea is that once you have configured your SSO connection between Azure and DocuSign the user access management process is done directly on Azure's side of things.

If you provide the user with access to DocuSign in Azure it will create a membership the first time the user attempts to access DocuSign, and if you remove access then the membership should be deactivated without the need for a custom API workflow, as Azure does have implemented it in their own configuration.

It is important to note that Azure doesn't have the power to edit existing users, or to force activation on pending users. All it can do is close existing ones and create new ones.

Please let me know if you have any other questions or concerns and I'll look into them as soon as possible.

Thank you for using DocuSign, we hope you have a wonderful rest of your day! 

Best regards, 

Alejandro R. | DocuSign Community Moderator 

"Select as Bestbelow if you find the answer a valid solution to your issue! 


Hi,

Thanks a lot for your quick reply and the info, which is very helpful!

Then actually my main concern should be feasible, which is the closing of user accounts that have already left the company. I will check again with our Azure Admin. So far he had some issues on the setup, but in my view this is something we need to raise with MS.

Thanks again for your great help!

Best regards

Steven


Hi,

Thank you for sharing your experience. 

  

I am glad to hear that you found the resources I shared useful, please take into consideration selecting the comment as the "Best Answer" if you find that it helped you solve your issue. 

  

And, please don't hesitate in letting me know if there is anything else I can do to help and I'll gladly lend a hand as soon as possible.  

  

Best regards,  

Alejandro R. | DocuSign Community Moderator  

  

"Select as Best" below if you find the answer a valid solution to your issue!  


Reply