How do I update users email addresses on an SSO enabled account?

Issue

Need to change the email address of one of the existing users on a Single Sign On (SSO) enabled account. Assuming the email domain is configured by the DocuSign Organization Administrator.

Solution

There are two potential options to change the email address for a user who is subject to SSO, depending on how your Identity Provider (IdP) defines the NameID value. 
  • If your Identity Provider is configured to use an immutable value for the NameID (such as employee ID), then all you need to do is update the user's email address attribute in the IdP. Upon their next login via SSO, DocuSign will update the user's email address to match the attribute received in the SAML Response.
  • If your Identity Provider is configured to use the email address as the NameID, follow the instructions below:
    1. Update the user's email address in the Identity Provider
    2. In DocuSign, navigate to Org Admin > Users and search for the user by their current email address
    3. Navigate to the Profile tab and update the current email to the new email.
      • Note: The new email address must be on a domain managed by your Organization.
    4. Navigate to the Security tab and reset the user's Federated ID
    5. Click Save at the bottom of the page
The user should now be able to log in successfully using the new email address.
 

Learn More