How to make User silent Activation in DocuSign? - docusignapi

I need some guidelines or documents to make User silent Activation(directly activate the User without sending the email) through API or UI in DocuSign.

Silent Activation using API is deprecated now and DocuSign does not allow any DS Accounts to use this in their DS plan. There are two ways to activate the user without send the email, and both ways need that you should claim emaildomain in DocuSign and all the users should belong to this claimed email domain:
a. Using SSO, you claim your email domain in the DocuSign and configure your Identity provider with DocuSign, and once SSO is correctly configured then you can activate the user without any emails.
b. A new feature added recently, with this feature You need to claim your domain, create an Organization, then there is setting at the domain level (see below snapshot) which you can select to add a user within the claimed email domain without sending an email.

Related

Need to update Email template of MFA which is being sent to User

I am looking for solution/code/custom policy to customize/update email which is being sent over user email address when ever he is being instate MFA for his account login
SAMPLE FORMAT BELOW WHICH NEED TO BE UPDATED OVER EMAIL which is being sent to customer along with OTP
the subject and email format of the OTP for the customer onboarding process should be:
Subject of the email: XYZ Company registration - [OTP number] for authenticating user
Body of the email:
Thank you for initiating the process of registering to our XYZ company online. Please use the [OTP number] to validate your email address.
In case you have not raised this request, please contact our Customer Service Centre on 18000 077 or email Customer.Helpdesk#xyz.au and we will be more than happy to assist you.
Regards,
Use custom email in Azure Active Directory B2C (Azure AD B2C) to send customized email to users that sign up to use your applications. By using the third-party email provider SendGrid, you can use your own email template and From: address and subject, as well as support localization and custom one-time password (OTP) settings.
Custom email verification requires the use of a third-party email provider like SendGrid, Mailjet, or SparkPost, a custom REST API, or any HTTP-based email provider (including your own)
Note: Azure Active Directory B2C offers two methods to define how users interact with your applications: through predefined user flows or through fully configurable custom policies.
For more details refer this document:

Keycloak Change registration or activation flow

I use this Node.js library to register a user via POST /{realm}/users. That's working, but I have an issue with the user activation over an E-Mail. The scenario should be, that the user registers and directly gets an E-Mail with the activation link for his account. But this case is another in Keycloak. First you have to login with the new user once and after that you get the activation link and not right after the registration process. That's too late. So I trigger the API PUT /{realm}/users/{id}/send-verify-email to send the verification link as an E-Mail.
But the E-Mail text and template are another one. It's the same as from PUT /{realm}/users/{id}/execute-actions-email, which is confusing. It is also used for a update of user info etc. which is needed. So adjusting this E-Mail template isn't an option.
Is there a possibility in the Keycloak settings to send the correct E-Mail verification mail right after registering the user? Or can I add new E-Mail templates and assign them to the API?
I'm using the current version of Keycloak: 12.0.2

Salesforce Guest user access to Docusign Apex Toolkit to send an email

I am using the Docusign Apex Toolkit in Salesforce to send emails as outlined here:
https://developers.docusign.com/salesforce/code-examples/salesforce-sending-signing-template
The email is sent when a case field is updated to a specific value via a trigger.
This works perfectly if I am a signed in user. However, if the user doing this is a guest then the following error is thrown:
You must have DocuSign sender permissions to perform this operation
Class.dfsle.Permissions.verifyIsDocuSignSender: line 300, column 1↵Class.dfsle.Permissions.verifyIsDocuSignSender: line 295
As this is the guest user I am unable to assign the permission sets to them as there is no user.
I have given permissions to all dosusign objects and fields to the guest user profile.
How can I allow emails to be sent automatically via apex in a trigger for guest users?
DocuSign envelope can be created only by users who have DS Account and have atleast a Sender permission. It is like GMAIL, you will be able to send an email from GMAIL domain if you are a GMAIL user.
So in case of the Guest user, they will come to your App but your App should make DS API call to DocuSign with any System user credentials (like apiuser#system.com) who is a user in your DS Account. Auth Type Doc explains this type of flow.

Way to retrieve DocuSign account activation URL via API?

We're using the DocuSign API to integrate DocuSign functionality with our application. We are using the 21 CFR Part 11 compliance module, so we aren't able to do embedded signing.
During our process, we're creating a DocuSign account for the user based on the credentials they use to register for our application. However, currently they have to go outside of our system to their email to verify their DocuSign account, then they return to our app.
I'm curious if there's any way to retrieve that Account Activation URL for that specific user, so at least we could save them a trip to their email inbox and just show them the link so they could jump straight from our app to DocuSign to verify their account.
I'm thinking there may be some security holes there, so maybe this isn't even an option. Thank you.
I'm not sure if you can create a unique account activation URL for user (don't think that's possible) but what you CAN do is use a DocuSign Distributor that does not have the verify email option set.
A Distributor is basically a "package" that lets you span new DocuSign accounts that have whatever settings you want set. Within each distributor is an open that lets you skip the email verification part, that way you can create new users and accounts instantly and avoid the context-switch to email you're trying to avoid.
Only official DocuSign Partners have access to distributors (since a business relationship is required with DocuSign to span new accounts) but also for security reasons it's not available to all. You'll need to reach out to your DS Account Manager to have your distributor modified and/or have a new one created.

Provisioning limited DocuSign REST API Access

A 3rd party website is offering our service to their members. When they sign up, members have to agree to our contract. Currently this is handled manually, with envelopes being sent through email. We want to streamline this process allowing members to enter their information into the web site, and then immediately be presented with a contract to review and sign.
The 3rd party web site will collect the member information, then use the REST API to create a draft envelope based on a Template and information the the member enters on the website. The application will then display the contract in the web page so that the user can review and sign it. The document workflow will ensure that signed copies are routed to appropriate parties within our company via email for completion.
We want the 3rd party web site to have access to an account to which we can share templates. We want the 3rd party application to have very limited capabilities trhough the API:
Submit requests using a User ID and Integrator Key that we provide. These credentials need be different from other User Ids and Integrator Keys under our account
Create a draft envelope based on the templates we provide
Post a Recipient View allowing the application to display the document for review and siganture (in an IFrame)
Receive the signing status via the return URL provided in the Recipient View post
Possibly request status for an envelope
The external application should not have access to other templates, documents, or unnecessry API calls.
We want to be able to cancel the application's access at any time.
Question: Permissions and API Limitations
Is the above scenario feasible with respect to establishing limited access to the DocuSign REST API? How would we set this up?
Do account user permissions limit API use, if the API is enabled for the user? I found these settings in the user permissions section of the documentation. I can make guesses as to how to set them, but I need guidance on the actual implications of some settings.
Submit DocuSign API Requests: true
Manage Account: false
Send Envelope: true
Manage Templates: Use
DocuSign Desktop Client: false
Transfer Envelopes to User: false
Allow sender to set email language for recipients: false
I assume "Account-Wide Rights" should be false, but under that option in the documentation, it lists RequestStatus as one of calls covered. Will an application embedding the signing process still have sufficient permissions to complete the tasks listed above if "Account-Wide Rights" is false?
Are there other settings or issues I need to consider?
Firstly, thanks for using DocuSign. The answer to your question is in a few different parts. To clarify, I am answering assuming:
1.) You are a current customer (or about to be one) of DocuSign.
2.) You have a plan that is set up to allow integration (IE you aren't trying to do all of this with a personal plan, or something like that).
There are a couple of terms I will use... Sender and Recipient. In this scenario, the THird Party Website is "the sender" and they are Sending the documents through YOUR DocuSign account, using the API. The people who are signing up for your service are going to be Envelope Recipients.
Just like with the post office, someone has to send, and someone gets the envelope.
So far so good.
So what will happen is that the third party website will write some code that knows how to talk to the DocuSign API, and you will need to know:
-DocuSIgn Account ID (this is your DocuSign account)
-The Integrator Key (this is the key that you will need to certify before going live, which identifies all those API calls as coming from them)
-Credentials to access your account (this can be either the actual creds, or a token, etc).
Now, there are two ways to do it. You can either have the third party website make the and send all of the envelopes as if they all came from a single "user" in DocuSign (likely) or if you know that a particular user should send out things, you can do that too.
I am going to assume that all of the sign up packets will be sent as if they came from something like Signup#company.com.
So you will make sure you have a user in your DocuSIgn account with that Email address and name, and make sure that user has the ability to send via the API (there's a setting in DocuSign admin), and all envelopes will be sent as if that "person" sent them.
You will need the settings for that user (the one that will "send" all the envelopes), set as you showed above. You would need the Account Wide access if you wanted to send "on behalf of" a different user. But you aren't doing that, so you should be cool.
The last thing is that you will need to make sure you have an envelope based plan (as opposed to a seat based plan) because otherwise, that one mega-user will look suspicious (sending hundreds of envelopes in an automated fashion).
I hope this answers the question?
-Dan

Resources