Attention: DocuSign System or Security Administrator

Please update the DocuSign Single Sign On certificate in your identity provider system.

Hello,

We are informing you that the Single Sign On certificate provided by DocuSign will expire on April 16, 2024. You may have utilized this certificate for the DocuSign SSO configuration with your Identity Provider. If so, you will need to update it with the updated certificate, which is now available on our Trust Site and the Customer Support Center.

Details on the certificate that is expiring 

·Thumbprint: d74721e6a2db63b0c087a992677146223633dfd6

·Issuer: sso.docusign.com

·Expiration Date: ‎Wednesday, ‎May ‎1, ‎2024 21:03:09 GMT

If you have configured your Identity Provider with the above certificate, you will need to take action to implement our new certificate located on our Trust Site and the Customer Support Center.

This certificate enables your Identity Provider to validate signatures of SAML authentication requests from DocuSign and optionally encrypt the SAML response sent back to DocuSign. Failure to update the DocuSign certificate in your Identity Provider may result in an inability to log in to DocuSign via SSO. Please note that this is a different certificate than the certificate used by your Identity Provider to sign SAML token responses to DocuSign.

You can disregard this notice if: 

1. Your Identity Provider does not validate signatures of SAML authentication requests from DocuSign or encrypt SAML responses sent back to DocuSign; 

2. Your identity provider leverages the DocuSign Service Provider metadata URL; OR

3. You have already taken action to update your Single Sign On certificate. 

Review this Support Article for more details on how to determine whether action is needed.

Using SSO is a security best practice, and DocuSign is committed to ensuring that protection remains active and users continue to log in via SSO.

What action is required?

Customers that are relying on the above certificate for signing or encrypting SSO logins need to take action to maintain access to DocuSign via SSO. 

As the process for updating the certificate differs for each identity provider, please review your identity provider's documentation. Contact your IT Team, Identity Provider, or SSO Administrator for assistance updating the certificate in your SSO configurations.

Why am I receiving this message?

This message is sent to any contact listed as a DocuSign Administrator or marked for technical communications on an account that may be affected by this change. Our records currently have you listed as this type of contact for your account. If you feel you’re not the right person for this message, please forward it to your internal DocuSign Administrator or IT Department. Please open a case in the DocuSign Support Center if you need assistance in updating your contact records.

PROD change schedule:

Feb 5th, 2024, through April 16th, 2024 - DocuSign will support SAML responses encrypted with either the new or old and current  SSO certificates.

April 2nd, 2024 at 12:00 PM Pacific Daylight Time(PDT) - DocuSign will start signing SAML requests using the new certificate.  If your Identity Provider receives signed SAML requests, it must be configured to accept requests signed with the new certificate on or before this date.

April 16th, 2024 - DocuSign will stop accepting SAML responses encrypted using the old certificate.  DocuSign login via SSO will deny these login requests using the old certificate.

The new DocuSign SSO certificate is self-signed and valid until April 20th, 2026. 

If you have questions on this, please log a case with the Customer Support team.


Best regards, 
DocuSign