Back to Docusign.com
It seems circa, 2023… DS implemented a change in the way users are provisioned accross multiple regions.
It seems the intent of this change was to allow users to share the same ID (essentially - exactly the same user account settings) across different account regions in eSign/CLM. From a user management perspective - this greatly simplifies things - and means users have only 1 set of settings across all regions. (Previously, it seems, the same user email would have separate user Ids - user accounts for each region).
Unfortunately, something about how CLM SFTP authentication works has been broken by this change.
As soon as you add a second region to your user account - SFTP fails to connect to one or more of the regions.
This shortcoming does not appear to be documented.
Other than the above, no-one has as yet been able to explain why using the same private/public key sets across multiple regions can/should not work.
Maybe, I’m over simplifying, but the region is specified by the the SFTP URL and the user account ID is linked to email provided at login. Having multiple (legacy) user ids linked to the same email could be an issue - but I’m sure this could also be accommodated seeing as it was handled before.
Could we please get CLM SFTP access functional again?
It is particularly useful for system administrators to push update, ingestions and pull backups from an environment.
Then also for specific power users to have direct access to their repository.
The two current suggested workarounds by support/dev are not ideal:
1. Requiring a shared SFTP account:
Is less secure, not auditable and burns an additional license for no reason other than - something is broken, which has not yet been fixed.
2. Requiring a user to use a different email address for each region
- Requires closure and re-opening of multiple long running user accounts (likely all of a users current accounts)
- Is problematic for anyone wanting to use SSO or on a corporate network - it’s lot of unnecessary hoops to jump through to create additional email addresses, just for SFTP access (not all customers/corporates are on Gmail or are allowed to create aliases for access to IT systems with approval).
- Is against the intent of the original change that broke SFTP in the first place. The whole point was to simplify things so that each user (email) would be tied to only one ID (user account).