I have two accounts for DocuSign, one for demo, and one for production. While implementing JWT Grant oAuth2 workflow, I created a DocuSign Admin (Organization), through demo account . Now, how can I link production account to the existing organization to enable oAuth for production account?
The developer (demo) environment is separate from the production environments.
You should connect your production account to a production DocuSign Organization. If you don't see the organization options, talk with your DocuSign sales person to have the option enabled.
After you have your production organization setup, you can claim the same DNS domain(s) that you claimed with your demo organization.
Because the demo organization is separate from the production organization, both can claim the same DNS domain.
Related
I'm experimenting with building an integration between my app and any DocuSign account.
If I create an integration key in my developer sandbox, go through the "go live" process will I be able to use that same integration key to authenticate on behalf of users of different DocuSign accounts?
That's right.
The Integration Key's account is the account that creates and manages it.
Any account in DocuSign (production accounts only after you go live) can use the IK.
Of course, users have to consent the first time they use a new IK in their account, but that's part of the OAuth process.
So no, nothing to worry about, the IK is global in the same environment and can be used by any account.
We are working on an integration to offer embedded document signing through customer websites we host. We want this to be a comprehensive solution, so envelopes should count against our quota, but will need to be under the user account provisioned through Docusign. We are using the JWT authentication method to impersonate the provisioned accounts and want to make sure we understand any requirements to gain consent.
When we request and provision accounts for our customers, is our integration key automatically granted consent on that account? Will we need to set up a service user account that can be impersonated on each customer account and grant consent individually? Thank you for any help you are able to provide.
If you (as an ISV) intend to purchase and provide the envelopes on behalf of your clients, you will need to be under an ISV License agreement with DocuSign. Architecturally, you would not be adding your clients are users in the accounts owned and managed by you. You would instead use a "system user" to represent each client organization. This works especially well for embedded signing integrations. As for consent, it would be a one-time consent that your configuration team would accomplish when onboarding the new client.
At this time we don't have these capabilities for ISVs.
Consent has to be given in the organization/account level (admin consent).
Which means if your customers are not in your organization, each of them would have to consent once.
Using administrator consent, your customers would only have to go through this process 1 time for your application.
Please free to send a feature request to partners#docusign.com or contact your partner account manager (make sure you're a DocuSign Partner).
Me and my team are facing an identity and management project where DocuSign should be integrated with IdentityIQ to manager its user accounts and permissions.
As you all know, DocuSign works as follows:
An organization
One or more accounts that belong to the organization
Users that belongs to organization
Our client needs users being able to request account permissions, but also organization admin role.
We are using the API to integrate DocuSign with IdentityIQ and handle its requirements, but we do not know, because it is not in the documentation, how Organization permissions can be assigned to users through API. Do you have any experience on this?
Thank you in advance,
Regards
At this time, Organization Admin functionality is not exposed in the DocuSign API.
I am creating a web api application that will be secured using Oauth for authentication. Can I set up the authentication to be a blend of individual accounts and organizational accounts?
Scenario: One set of users belongs to an organization that uses Office 365. Another set of users may not. The ultimate goal is to allow all the users to login, but in the case of the organizational users, I will also want to allow them to integrate with the Office365 apis that are tied to their organization.
Is there a solution design that would allow me to choose where to authenticate the user - either using the application's Azure AD or the subscribing organization's AD?
For just authenticating MSAs and AAD orgs, you can use the new Microsoft Graph (http://graph.microsoft.io) - it is the unified endpoint for all Microsoft identities and for requesting access to things like mail, calendar, etc. It uses the v2 AAD endpoint (mentioned below) and app registrations are universal, so you can sign in with org or personal accounts.
You can extend that with Azure B2C as the owning directory.
Add Microsoft Account as an identity provider, and
use the v2 endpoint
at which point users could sign in with a consumer account (Facebook, Microsoft, google, whatever). By extension, since, for MSAs it uses the new v2 endpoint you can prompt users to sign in with an MSA or an org cccount - users get a prompt like this below. Note 'work or school, or personal microsoft account.'
v2 has some limitations, however: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-compare so make sure you can do everything you want before diving in. Some of the reply URL and on-behalf-of flows (like you'd see in APIs) have some domain/audience restrictions.
I just signed up with Docusign for a enterprise account. When I view my API information, I see my Account ID, password and username. From there I went to demo.docusign.com and created a completely separate account to get an integrator key. However, the account ID, password and username for the demo account are completely different from my enterprise account. Should I use my enterprise credentials with the demo integrator key? Or use demo credentials with the demo integrator key?
I've already created several templates and document brands in my enterprise account- I would like to avoid replicating them in the demo account to test them in my application.
You need to setup your workflow in Demo and then go through API Certification to get your Integrator Key promoted to Production.
See the Go Live section for information regarding API Certification: Here
Your DocuSign Account Manager is the correct person to talk to for additional information about this.