IS Decisions logo

Single sign-on (SSO) for DocuSign

Learn how UserLock SSO for DocuSign allows you to extend authentication for your on-premises Active Directory identities to secure access to DocuSign.

Published February 5, 2025
Docusign SSO

For decades, enterprises conducted business using paper-based approvals, postal services and physical signatures. Document digitalization has transformed this. Today, physical signatures are becoming a rarity; almost every everyday business process is approved digitally, increasingly through dedicated digital transaction management (DTM) platforms such as DocuSign.

But, while software-as-a-service (SaaS) applications such as DocuSign take the hard work out of document signing, they require a subset of employees to have access to the correct credentials to access the service.

How SSO makes SaaS easier

Unfortunately managing this type of credential across an enterprise is not as easy as it once was. The biggest problem is they don’t scale easily for users. One credential is manageable, two credentials start to become difficult and anything beyond three quickly becomes a memory problem. As users look for shortcuts, this can also lead to a host of security problems such as weak passwords or hidden password re-use.

The simplest solution is usually to consolidate multiple SaaS credentials using single sign-on (SSO). SSO just makes life more manageable for everyone. Users only have one credential to use instead of lots of different ones across multiple services. Security teams also gain because they have only one credential to defend.

Is SSO a security risk?

The downside is that SSO creates a single point of failure which, if compromised, could give criminals access to multiple resources through one credential. That’s why SSO is always implemented with additional security layers such as strong password policies and multi-factor authentication (MFA) that greatly reduce the likelihood of a compromise.

SSO infrastructure pitfalls

Which infrastructure is required to make SSO a reality? If organizations aren’t careful, more than they expect.  The biggest decision is how to implement the SSO layer itself, which can be done using a cloud identity provider (IdP). This, of course, requires organizations to rely on an external service provider to integrate the authentication of multiple applications.

For some organizations, relying on an external provider for such an important security function isn’t ideal. This can also increase the cost of SSO implementation as well as additional protections such as MFA.

UserLock makes combining SSO with MFA simple

UserLock was designed to address this concern for organizations that would rather keep control over security on-premise. The philosophy behind UserLock is that these organizations already have what they need to make SSO a reality without paying for external platforms.

At the core of on-premises networks is Active Directory (AD), used to authenticate users when they log in. Implementing UserLock SSO allows organizations to continue using this directory service, simplifying the time and cost of any integration with a third-party platform.

Admins can configure SSO using UserLock SSO’s built-in tools and wizards, turning a potentially onerous setup into a manageable project.

Importantly, admins don’t have to go elsewhere to add essential security layers such as granular MFA and user access control, which are included as part of UserLock SSO out of the box.

Setting up UserLock’s SAML SSO with DocuSign

UserLock SSO allows admins to configure integration with a wide variety of applications, including DocuSign. 

  1. The service is set up initially in the DocuSign service’s admin console by adding UserLock as an identity provider via the https://sso.contoso.com/sso URL.

  2. The UserLock SAML 2.0 certificate, which contains a public key ensuring legitimacy, should be uploaded at this point.

  3. Within UserLock, admins should download the DocuSignSamlManager.dll plugin.

The UserLock SSO DocuSign configuration is similar to the procedure for other supported SaaS applications.

  1. Navigate to the SSO configuration in the UserLock console, selecting DocuSign as the provider to be configured.

  2. Configure SAML values identifying UserLock to DocuSign when users log in, including the ACS URL values (the DocuSign URL to which logins are directed).

  3. The service should be restarted to initiate DocuSign SSO.

Read more in our documentation on how to configure DocuSign for UserLock SSO.

UserLock SSO: A simple way to implement SSO for SaaS

SaaS applications such as DocuSign are now essential in many enterprises.  However, implementing this often requires using SSO so that users aren’t overburdened by lots of different credentials.

The challenge is that implementing SSO presents complex choices, especially for organizations committed to keeping their core security infrastructure on-premises. At worst, organizations could end up managing extra infrastructure and paying for additional IdP services. 

UserLock offers an alternative and simpler path to SSO. Organizations can continue using their existing AD infrastructure for authentication while at the same time protecting SSO access with MFA and user access control. 

XFacebookLinkedIn
francois-amigorena-headshot
François AmigorenaPresident and CEO of IS Decisions