Hi @NickAllan,
Thank you for reaching out to the Docusign Community.
Just in Time Provisioning is available by default in accounts where SSO is the mandatory log in authentication process, whenever a user attempts to log in for the first time through your Identity Provider a new membership will be created in the organization’s default account if there is no active user related to the credentials used to log in. If you are looking to create users within specific accounts, you may specify the target account ID in the user’s Identity Provider’s parameters in their SAML response. Detailed steps on how to work with Just in Time provisioning can be found, here:
How do I use Just-in-Time Provisioning as a Docusign Administrator?
Feel free to let us know if you need further assistance with this.
Best regards,
Alejandro R. | Docusign Community Moderator
Please click "Best Answer" below if you find my reply to be a valid solution to your issue!
Hi @NickAllan,
Thank you for reaching out to the Docusign Community.
Just in Time Provisioning is available by default in accounts where SSO is the mandatory log in authentication process, whenever a user attempts to log in for the first time through your Identity Provider a new membership will be created in the organization’s default account if there is no active user related to the credentials used to log in. If you are looking to create users within specific accounts, you may specify the target account ID in the user’s Identity Provider’s parameters in their SAML response. Detailed steps on how to work with Just in Time provisioning can be found, here:
How do I use Just-in-Time Provisioning as a Docusign Administrator?
Feel free to let us know if you need further assistance with this.
Best regards,
Alejandro R. | Docusign Community Moderator
Please click "Best Answer" below if you find my reply to be a valid solution to your issue!
Hi Alejandro,
We have followed this guide, I checked the SAML response and found that it was sending the expected permissionprofileid and accountid - however the accounts that are being created are still going to the default.
Now, this may suggest that the value’s we are sending are incorrect - we went through the Audit Logs in DocuSign to collect the desired permissionprofileid and accountid values.
Are you able to offer any other suggestions for how we can proceed? according to the sources from the linked paged, the SAML is sending everything required.
Any assistance would be greatly appreciated
Hi @NickAllan,
Thank you for following up.
If you have confirmed that the permissionprofileId and accountId parameters were filled with valid IDs in your user’s SSO SAML Response, then this wouldn't be expected behavior from eSignature.
Docusign Support can assist in escalating the situation, if needed. To start the process, please create a new support case and include your user’s SAML response as an attachment, you can find detailed steps on how to collect the logs needed, here:
How to View a SAML Response in Your Browser for Troubleshooting
To create a new support case, please fill out the form provided below:
https://support.docusign.com/en/contactSupport
If you can’t open the case on the same page, you should scroll down to More Support Options and select "I can't reset my password or don't have an account.", you will be able to fill out the form.
Please don't hesitate to let me know if you have any other questions or concerns and I will address them as soon as possible.
Best regards,
Alejandro R. | Docusign Community Moderator
Please click "Best Answer" below if you find my reply to be a valid solution to your issue!
Back to Docusign.com
