SSO integration between docusign to SAP BTP

Thanks Vinicius. 

Hi ​@praducg !

Unfortunately, I can't help you as I don't have access to the information needed to troubleshoot, nor provide private information through this channel. This information, including the reason for the failure, is restricted to specific teams (including Docusign Customer Support).

In this case, I would recommend that you open a ticket with the team so they can assist you in more detail. Let me know if you need help opening this ticket!

I'm sorry I couldn't help you more deeply with this issue!

Sure I am opening a separate support ticket.Thanks.

Hi there ​@praducg,

I hope you're doing well. I'm just checking in to see if the solution provided has been helpful in resolving your issue or at least pointed you in the right direction. If it has, could you please consider marking it as the Best Answer ✅? This will help others with similar questions find the solution more easily.

If there's anything else we can assist you with, please don't hesitate to let us know. We're here to help. Wishing you a smooth rest of your day! 

Regards,

Melanie | Docusign Community Moderator
If this helped, feel free to click "Best Answer"!

Hello ​@Vinicius.Rodrigues ​@Melanie.Panguito ,

Appreciate your followup and sorry for the late response . After doing further  research I am able to get the integration thing working . I have few generic question for you .

1. Does docusign support OIDC protocol for SSO?SAML I am able to get it working but OIDC is recommended over SAML hence checking.
2. SAP BTP uses IAS(Identity authenticaiton service) to authenticate users for all SAP systems .Post SSO , does docusign allows to access their api’s using the client token for example here if I generate our IAS token using client id and secrets  will I be able to access the docusign rest api’s since SSO is already integrated .i.e can I authorize users to docusign system using our token or docusign always needs a authorization code grant or jwt token etc to call the api’s. I believe you also might not have much idea on this but checking to see Incase if you have done  any other client integrations have a similar use case ,then please share some reference links .

Hi ​@praducg !
I did a quick search of our internal documents and public support articles, but I didn't find anything on this topic. What I did find is that this type of configuration is part of the client software (SAP) and needs to be configured with one of the authentication method options accepted by Docusign (see more information in Authenticate).

In this case, I would recommend contacting SAP support directly to review this topic. Typically, SAP provides the first level of support for its customers directly.

Sure ​@Vinicius.Rodrigues  I opened a support ticket .Will keep you posted but for #1 you have any insight ?

• Does docusign support OIDC protocol for SSO?SAML I am able to get it working but OIDC is recommended over SAML hence checking.

Hi ​@praducg !
Sorry if I wasn’t clear, but this was the question that I don’t know. I’ve tried to search by OpenID Connect (OIDC) on our Support Center and also on our Developer Center, but I found 0 answers.

Hello ​@praducg,

I hope you're doing well. I'm just checking in to see if the above solution/guidance provided has been helpful and pointed you in the right direction. If it has, could you please consider marking it as the Best Answer ✅? This will help other members with similar questions find the topic more easily.

Let us know if you need further assistance. 

Regards,

Melanie | Docusign Community Moderator
If this helped, feel free to click "Best Answer"

​@Vinicius.Rodrigues ​@Melanie.Panguito 

Thanks I am good for now.

​@Vinicius.Rodrigues ​@Melanie.Panguito ​@Inbar.Gazit 

I have another question on SSO integration 

We are working on a requirement which has integration to docusign .For this integration we have two major steps

 1) Auto User provisioning(Since docusign only supports SCIM for OKTA and Entra ,we are thinking of going with JIT for now)

 2) Calling docusign REST endpoints for e signature Process.

High level flow with SSO 

1) When a user logs into our SAP system with Single Sign-On (SSO) the user gets automatically created in DocuSign  using Just-in-Time (JIT) provisioning enabled.(I have already setup SSO from our SAP BTP to Docusign)

2) User talks to our eSignature backend (SAP) to initiate the e signature process .If the user don’t have the access  token in backend we will send them  DocuSign authorization URL(constructed based on the Authorization Code Grant flow).Basically our esignature backend will orchestrate interaction to docusign by managing the token lifecycle.

3) Upon successful exchange of the authorization code from browser, the eSignature backend(SAP) securely persists the DocuSign access token, along with associated expiration and security measures, in our database.

4) From this point onward, the user can perform eSignature operations such as creating envelopes, voiding documents, and other DocuSign functionality through our system.

Is there any option to avoid 2 and 3 and integrate with 1 as part of SSO integration?