How to exclude specific users from SSO requirements?

Issue:

A user on the DocuSign account needs the ability to log in with both Single Sign On and a DocuSign Username and Password. This is often necessary when this user is attempting to use a third party integration with DocuSign that does not yet support Single Sign On.

Note: Most organizations require users to log on with their Identity Provider via SAML. In almost all cases, once SSO is turned on it replaces username/password as the method for the authentication. This disables the username/password login option in DocuSign.

However, there is an exception to this rule. There can be circumstances where certain users still retain a username/password within DocuSign that would be active even when SSO is enabled. Such scenarios could include giving the SSO administrator the ability to log on in the event that there is an SSO configuration problem or there might be a need for certain client integrations to have a username/password so it can work with DocuSign’s APIs. In general, there is a way to provide an exception to the SSO policy for certain users. However, it should only be done for highly privileged users since it creates an exception to your SSO policies.

Solution

The DocuSign Administrator for the organization will need to update the user's Login Policy. 

Steps

  1. Log into https://account.docusign.com/ as a DocuSign Administrator. 
  2. Select the waffle icon in the upper left corner.
  1. Select Admin.
  1. Select Users.
  2. Search an email address, or select Domain Users (for users whose email address is on a domain claimed by the organization) or Account Users (for users within an account linked to the organization) and click on the desired user's name.
  3. Select the Security tab.
  4. Click the Login Policy dropdown and select the desired value.

  • Default: The user is subject to the login policy set at the domain level.
  • Identity Provider only: The user may only login via SSO.
  • Identity Provider or Username / Password: The user may login via SSO or email/password.
  1. Select Save to confirm the change.

Learn More