Hi ​@Samran 

Thanks for reaching out to the Docusign Community — we're glad to have you here!

From what I understand, you're encountering a login issue after configuring SAML SSO using IdP PingFederate in Demo environment. We apologize, and we're here to provide guidance to help you move forward. 

May you confirm if the email address you are using here in the Community is the same as the email address associated with your Docusign Administrator account?

We look forward to your update. Here if you need us!

Regards,

Melanie | Docusign Community Moderator
If this helped clarify things, feel free to Like👍and click "Best Answer"

Thank you, Melanie, for your response. 

The process I followed:

1. Imported the metadata from the IdP (PingFederate).

2. Pasted the required URL into the SP (DocuSign).

3. Mapped the attributes in the contract as follows: surname, givenName, emailAddress, SAML_NAME_FORMAT. The SAML Name Format was mapped to this value (as text) in PingFederate:
   urn:oasis:names:tc:SAML:2.0:nameid-format:persistent.

4. Extended the same attributes in the IdP (PingFederate).

5. Imported the certificate used in the IdP and exported it into DocuSign. After exporting, it also showed as active.

6. Lastly, tested the IdP URL.

Alternatively, I also tried fully importing the metadata directly into the IdP using XML, but it still threw the same error.

Yes, the email is the same as the one I am using. Actually, my client does not have much knowledge on the SSO side, and since this is only the PROD environment, I am testing it in the Trial account from my side. We also have the UAT environment.

I have checked the certificate multiple times; however, I want to mention that this is a self-signed certificate from the IdP (PingFederate) side.