Is there any account or method could read/download all documents within our corporate, not just those sent through API account?
or we have to add this API account as a copy recipient for all signing documents?
Your API user would have to have 'Account-Wide Rights' (the Administrator profile has this by default).
This setting would be under Users > 'API User' > Permissions
This will open up the access for that user to the entire accounts documents, not just the documents for that user.
Related
To give our app permission to update a user's envelopes, they need to go through the OAuth flow and after that, we need their user id.
For my developer account and my demo account, I can find this under Settings > Integrations > Apps and keys. But my client, who has a paying DocuSign account, doesn't have that menu. Is there another way to find the user id?
Thanks!
After the user logs in via oauth, use the userinfo endpoint to obtain their user id and the account IDs they have access to. See https://developers.docusign.com/platform/auth/reference/user-info/
The Permission Set option "Allow view and manage envelope rights through API" automatically gives the API user access to view all envelopes in the account regardless of who owns/sent the envelope. Is it possible to restrict the user to only access their own envelopes/folders?
We have multiple teams sharing a DocuSign account. One team wants to build an API integration but we can't allow them to access or view envelopes sent by other teams in the same account. Do we need to move this team with an API integration to a separate account?
Create a new Permission Set or do not assign any permission set to API user which has Allow view and manage envelope rights through API setting enabled. If a permission set assigned to an API user does not have Allow view and manage envelope rights through API setting enabled then that API user will not be able to see any other's envelopes.
I noticed very weird issue. If user has Microsoft Account and accept invitation, system remove permission to all shared documents.
upload document:
await _graphClient.Drives[_driveId].Root.ItemWithPath(itemWithPath)
.Content.Request()
.PutAsync<DriveItem>(fileStream)
create guest:
await _graphClient.Invitations.Request().AddAsync(new Invitation()
{
InvitedUserEmailAddress = email,
InvitedUserDisplayName = displayName,
SendInvitationMessage = false,
InviteRedirectUrl = NullableString.Parse(ConfigurationManager.AppSettings["AppAddress"])
});
add permission:
await _graphClient.Drives[_driveId].Items[driveItemId].Invite(
recipients,
requireSignIn: true,
roles: new[] { "write" },
sendInvitation: false
).Request().PostAsync();
In onedrive on document I see user is granted, but once user open url to document and accept invitation redemption to azure active directory see error, no access to document. In azure directory user first is marked (source) as Invited User than Microsoft User if accept terms.
If I repeat the same scenario once user accept invitation redemption than access stay as expected. So what is wrong? Why system are removing access?
It still does not works as I expected so I had to find different, less convenient way for my clients.
Solution:
1- create document
2- create invitation, but this time send message from Microsoft azure to b2b users
3- client need to accept privacy policy
4- after accept redirect to my system and add permission to document
Expected solution:
1- create document
2- create invitation, without message from azure
3- add permission to document for invited users b2b
4- if user open document have to accept privacy policy and Microsoft redirect to document
point 4 does not work. Once user accept privacy document user see Deny Access do document
I am using the DocuSign API to create envelopes. I have that working. The application I am writing is being used by an organization, with multiple people needing access to documents created within the organization. Each person accessing the application (and subsequently the DocuSign API) has their own DocuSign account, and has granted permission to the application to use their docusign account. When I create envelopes via the DocuSign API, I need the documents to be available to be managed by any user setup in the Orgniazation at DocuSign. As it is right now, every documents I create via the API is owned by the user who created the document, other users within the organization can view the envelope/documents if provided a link to navigate directly to at DocuSign, but can't do anything with those documents. Ex: If I create a draft as one user, I want to be able finish/send the draft as another user, and both of these users are part of the same organization.
Questions:
Can an organization own a document (instead of a user)? and how?
How can I share documents between all users within the organization, and allow all those other users permission to edit/manage those documents? The number of documents is constantly changing as multiple employees are creating and editing many documents each day.
Please find my response for both your queries:
Can an organization own a document (instead of a user)? and how?
Organization can never be the owner of the envelope, it has to be a user only.
How can I share documents between all users within the organization,
and allow all those other users permission to edit/manage those
documents? The number of documents is constantly changing as multiple
employees are creating and editing many documents each day.
Yes, you can share the envelopes among other users in your DocuSign account. Sharing is enabled and managed by your DocuSign administrator. If your account administrator has enabled sharing for you, you can view and help manage the envelopes that are shared with you. If you are not able to follow the procedures in this topic, check with your DocuSign account administrator to see if sharing is set up for you.
DocuSign Account's Admin has to follow steps as explained in this link to enable the sharing of the envelopes between different users in the accounts. Once it is correctly set, then you can view envelopes sent from other users in your DocuSign account.
I'm seeking a method of automatically provisioning an ‘active’ Yammer user account for a new O365 user account (and existing ones, as a once off), without requiring the user to ‘click the Yammer tile’ or otherwise login to Yammer.
The default process (as articulated in this post) is:
The Office 365 admin creates a user in Office 365 (or Azure AD).
The user logs on to Office 365 using the identity provider that is configured for the tenant.
The user clicks the Yammer tile in the app launcher to go to Yammer.
A new Yammer user is created for the Office 365 user.
The user's profile properties from Azure Active Directory are automatically populated in the user's Yammer profile.
We're building an employee app, which currently displays company news. We wish to add social functionality, leveraging the Yammer platform, via the REST API. We have developed a solution to impersonate existing users and like/comment on behalf their behalf.
However, most employees are ‘unsophisticated’ blue-collar workers, and it is anticipated that they will not complete steps 2, 3 & 4 above to ‘create/activate’ their Yammer user account (the activation steps).
Methods considered or explored so far:
Using the REST API to create a new user – this creates a user in the ‘pending’ state, which remains pending until the activation steps are completed.
Using the Bulk Update Users to create new users from a CSV:
a) If a password is set, then a new ‘active’ user is successfully created (great!). However, that user account appears to be entirely disconnected from the corresponding O365 user account (meaning changes to user profile properties will not sync to/from Azure AD, passwords may be different, and users who are deleted/suspended in AAD will not sync to Yammer). These accounts are only linked if/when the activation steps are completed.
b) If a password is not set, then the new user is created in a ‘pending’ state, much the same as using the REST API.
Questions:
Is there any other way to create an 'active' user in Yammer, which is linked to the user’s O365 account?
Could a provider hosted app be used to impersonate a user and complete the activation steps on their behalf?
Not that it solves the problem, but does the REST API allow you to update a user’s state from 'pending' to 'active' (or create an 'active' user in the first place)?
Your steps about the default process are pretty acurate but I would add that once a user is created in AD users can simply go to Yammer.com (either on web or on iphone/android) and sign in through there. Iphone and Android use an Azure Authentication library that will find the users Office account.
Is there any other way to create an 'active' user in Yammer, which is linked to the user’s O365 account?
There isn't at this time.
Could a provider hosted app be used to impersonate a user and complete the activation steps on their behalf?
This isn't supported at this time.
Not that it solves the problem, but does the REST API allow you to update a user’s state from 'pending' to 'active' (or create an 'active' user in the first place)?
There is not an api for this.