How to exclude specific users from SSO requirements?

Issue:

A user on the DocuSign account needs the ability to log in with both Single Sign On and a DocuSign Username and Password. This is often necessary when this user is attempting to use a third party integration with DocuSign that does not yet support Single Sign On.

Note: Most organizations require users to log on with their Identity Provider via SAML. In almost all cases, once SSO is turned on it replaces username/password as the method for the authentication. This disables the username/password login option in DocuSign.

However, there is an exception to this rule. There can be circumstances where certain users still retain a username/password within DocuSign that would be active even when SSO is enabled. Such scenarios could include giving the SSO administrator the ability to log on in the event that there is an SSO configuration problem or there might be a need for certain client integrations to have a username/password so it can work with DocuSign’s APIs. In general, there is a way to provide an exception to the SSO policy for certain users. However, it should only be done for highly privileged users since it creates an exception to your SSO policies.

Solution

The DocuSign Organization Administrator on the DocuSign account will need to update this User's Login Policy. 

Steps

  1. Log into https://account.docusign.com/ as a DocuSign Organization Administrator. 
  2. Go to the Profile Menu | Go to Admin.
  3. Select Users.
  4. Search an email address, or select Domain Users (for users outside your account) or Account Users (for users within your account) and click on the desired user's name.
  5. On the left, select Security.
  6. Select dropdown Login Policy.

Login Policy

Related Links 

DocuSign Single Sign On Implementation Guide (PDF)

Manage Users - New DocuSign Experience

Keywords

SSO, Single Sign on, Login Policy, Password, Exclusion, Exclude