Is it possible to define two (or more) Identity Providers for Organisation?

Userlevel 4
Badge +6

Technically it is possible, but for me it is not working.

My Customer use G-suite for Identity Management and SSO in G-suite works perfect. But they have some other Companies in group and not every of them uses G-suite.

I am quite new in IdP and have no idea how to help to Customer (and if there is any solution). We would like to open new account in Organisation for another Company in a group, but they are using Azure for IdP, then we should define the second IdP to use SSO for them.

I have tried to define two identity providers - Azure and G-suite.

Lets say I have two email addresses:

  1. MyName@domain1 registered in Azure
  2. MyName@domain2 registered in G-Suite

Case 1: I login using 1st address (Azure), on the second step I use "Use Company Login" button and the system ask me for Google account login (or to choose the account - I have two)

Case 2: login using 2nd address (G-suite) - same situation but in this case everything is ok, because I expected it will happen.

I tried to make tests with separate configurations - all configurations are ok. If Azure or G-suite is the only IdP SSO works perfect. If there is G-suite - only G-suite works.

I made next test. I registered 3rd IdP as Octa for another domain in email address. And then it works: G-suite first, then (after G-suite delete) Azure and Okta at the end (in case of Octa Application button for one click Docusign login always works perfect).

Any Idea?


Best answer by Community Expert 9 May 2020, 00:15

View Original

2 replies

Userlevel 1
Badge +12

Yes you can create multiple IdP setups in the Org Admin console but you'll need DocuSign's help in getting the right IdP associated with each domain.

When you claim a Domain in DocuSign's Org Admin, notice it never asks what IdP should be associated with that Domain. The first IdP you setup becomes your default on DocuSign's back end. Every domain added automatically uses that same IdP even if you've configured multiple IdP configurations.

You'll need to reach out to DocuSign Support to have them associate the correct IdP with each domain on their back end. It REALLY should be a front end Org Admin setting for you to manage, but it's not.

Userlevel 2

Thank You very much for this. It is exactly what i needed. In my opinion It is not true that the first IdP becomes default one. My test doesn't confirm it - as I wrote before G-suite is always default even if You setup it as a second. But it doesn't matter in this case. You've helped me very much. Thank You!