Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Protecting DocuSign with Access for SaaS

This guide covers how to protect your DocuSign account with Access for SaaS.

​​ Prerequisites

​​ 1. Create the Access for SaaS application

  1. In Zero Trust, go to Access > Applications.

  2. Select Add an Application.

  3. Select SaaS.

  4. Use the following configuration:

    • Set the Application to DocuSign.
    • Put placeholder values in EntityID and Assertion Consumer Service URL (e.g. https://example.com). We’ll come back and update these.
    • Set Name ID Format to: Unique ID.
  5. DocuSign requires SAML attributes to do Just In Time user provisioning. Ensure you are collecting SAML attributes from your IdP:

    • Group
    • username
    • department
    • firstName
    • lastName
    • phone
  6. These IdP SAML values can then be mapped to the following DocuSign SAML attributes:

    • Email
    • Surname
    • Givenname
  7. Set an Access policy (for example, create a policy based on Emails ending in @example.com).

  8. Copy and save SSO Endpoint, Entity ID and Public Key.

​​ 2. Configure your DocuSign SSO instance

  1. Ensure you have a domain claimed in Zendesk.

  2. From the DocuSign Admin dashboard, select Identity Providers.

  3. On the Identity Providers page, select ADD IDENTITY PROVIDER. Use the following mappings from the saved Access Application values:

    • Name: Pick your desired name.
    • Identity Provider Issuer: Entity ID.
    • Identity Provider Login URL: Assertion Consumer Service URL.
  4. Save the Identity Provider.

  5. Upload your certificate to the DocuSign Identity Provider menu.

  6. Configure your SAML Attribute mappings. The Attribute Names should match the values in IdP Value in your Access application.

  7. Go back to the Identity Provider’s screen and select Actions > Endpoints. Copy and save the following:

    • Service Provider Issuer URL.
    • Service Provider Assertion Consumer Service URL.

​​ 3. Finalize your Cloudflare configuration

  1. Go back to your DocuSign application under Access > Applications.
  2. Select Edit.
  3. Use the following mappings:
    • EntityID->Service Provider Issuer URL.
    • Assertion Consumer Service URL -> Service Provider Assertion Consumer Service URL.
  4. Save the application.

When ready, enable the SSO for your DocuSign account and you will be able to login to DocuSign via Cloudflare SSO and your Identity Provider.