Integrate DocuSign with UserLock Single Sign-On
Allow your users to access DocuSign with their corporate credentials through UserLock SSO, while ensuring every signature request follows your security policies.
This guide explains how to integrate DocuSign with UserLock Single Sign-On (SSO) using the SAML 2.0 protocol.
Once integrated, DocuSign logins are authenticated by UserLock against Active Directory. This provides a smooth sign-in experience for users and allows administrators to enforce UserLock access policies (MFA, time, machine, or location restrictions) on SSO sessions.
🚩️ Before starting:
You need a DocuSign account with an approved domain.
UserLock SSO must already be installed and configured.
Open the DocuSign Admin console:
In the eSignature console, go to Settings.
Click SWITCH TO, then select DOCUSIGN ADMIN.
In the top menu, click Identity Providers.
Click ADD IDENTITY PROVIDER.
Enter the following values, using your UserLock SSO URL (visible in UserLock console ▸⚙️ Server settings ▸ Single Sign-On).
Example withhttps://sso.contoso.com
Save the settings.
Add a certificate:
Go to UserLock console ▸ ⚙️ Server settings ▸ Single Sign-On
Click on Download ▸ SAML certificate.
In DocuSign Admin, click Add certificate and upload the file.
In the UserLock console, go to ⚙️ Server settings ▸ Single Sign-On.
Click on the DocuSign row.
Fill in the fields with information from DocuSign Admin:
Settings
Values
Email domain
The domain used for DocuSign logins (e.g. contoso.com).
Issuer
Available in DocuSign Admin ▸ Identity Providers ▸ Endpoints (Actions menu).
ACS URL
Available in the same Endpoints section.
Certificate
In DocuSign Admin ▸ Identity Providers, open the Endpoints view (Actions ▸ Endpoints) and download the metadata. Copy the X.509 certificate from this metadata file and paste it here.
Save the profile.
When you renew the SAML certificate in UserLock (see Renew the SAML certificate), you must also update the configuration in DocuSign:
In the UserLock console, go to ⚙️ Server settings ▸ Single Sign-On.
Click Download ▸ SAML certificate and save the file.
Open the certificate in a text editor (Notepad) and copy the full contents.
In DocuSign Admin, go to Identity Providers and select your IdP.
Replace the existing IdP certificate with the new file.
Save the configuration.
DocuSign will now trust the renewed UserLock certificate for SSO logins.
For common issues, see Troubleshooting SSO.
If the problem persists, please contact IS Decisions Support.
You can extend the security of SSO sessions by applying UserLock access policies in addition to authentication.
Apply MFA on SaaS connections to require stronger authentication.
Hour restrictions: define when users are allowed to connect.
Geolocation rules: enforce access policies based on user location.
Session limits: allow or deny SaaS logins entirely for specific users.