This site requires JavaScript to be enabled
External Customer KB > General > Configuring SAML for EchoSign
Configuring SAML for EchoSign
Article: KB0010324 Published: 06/06/2019 Last modified: 02/18/2020

This topic describes how to configure OneLogin to provide SSO for EchoSign using SAML. (If you want to set up SSO for EchoSign with form-based authentication, see Adding a Form-Based Application.)

Note. Adobe EchoSign changed its name to Adobe Document Cloud eSign services in 2015. In OneLogin documentation, we will refer to this app by its better known name, EchoSign.

  1. Log into OneLogin as an admin and go to Apps > Add Apps.

  2. Search for and select EchoSign.

    You should see the initial Configuration tab. Make sure that you have selected SAML2.0 - user provisioning in the Connectors section.

  3. Click Save to add the app to your Company Apps and display additional configuration tabs.

  4. Go to the Parameters tab and map EchoSign (eSign) attributes to OneLogin attributes.

    Ensure that Username is set to Email and Password is set to SSO Password. This will set users' EchoSign passwords to match their OneLogin passwords. Click Save if you made any changes on the Parameters tab.

  5. Go to the SSO tab to view the values that you'll copy into your EchoSign account to set up SAML SSO.

  6. Open a new browser tab and go to the EchoSign login page to access your EchoSign account and enter OneLogin's SAML SSO values.

    1. Go to the Account Settings > SAML Settings page.

    2. In the SAML Mode section, select SAML Allowed or SAML Mandatory.

      SAML Allowed lets users log in with either SSO or their standard credentials. SAML Mandatory forces users to use SSO and can be set to allow administrators to log in with their regular credentials. If you select SAML Mandatory, you can also check the Allow Adobe Document Cloud Account Administrators to log in using their Adobe Document Cloud Credentials box to allow only Systems Administrators to sign in using their regular credentials.

    3. If the Hostname field appears, enter a domain name.

      This will be your EchoSign dedicated hostname.

      https://your_domain.echosign.com

    4. In the User Creation section, select Automatically add users authenticated through SAML if you want to enable Just-In-Time Provisioning.

      Just-In-Time Provisioning creates a new user in EchoSign whenever a user is given access to EchoSign in OneLogin. EchoSign users are created using the OneLogin values mapped to the EchoSign Password and Username values on the Parameters tab in OneLogin. Just-In-Time Provisioning only creates new users; if you want OneLogin to update existing users in EchoSign, you must using the API-based provisioning described in Provisioning Users to EchoSign.

    5. Scroll down to the Identity Provider (IdP) Configuration section.

      EchoSign <strong>SAML Configuration</strong> tab

    6. Go back to the OneLogin SSO tab and copy the SAML values from the OneLogin SSO tab to the analogous EchoSign fields.

      Copy this OneLogin SSO field value: To this EchoSign SAML settings field:

      Issuer URL

      IdP Entity ID

      SAML 2.0 Endpoint (HTTP)

      IdP Login URL

      https://app.onelogin.com/client/apps

      IdP Logout URL

      X.509 Certificate

      To get the X.509 Certificate, click View Details to open the certificate page. Copy the entire X.509 Certificate, including "----BEGIN CERTIFICATE----" and "----END CERTIFICATE----."

      IdP Certificate

      Paste the entire X.509 Certificate into the IdP Certificate field

  7. In OneLogin, go to the Configuration tab and enter your EchoSign hostname into the Subdomain field and choose your Environment from the Environment drop down.

    Screen_Shot_2018-01-29_at_1.48.53_PM.png

    This value tells OneLogin where to send the SAML message.

  8. On the OneLogin Access tab, assign the OneLogin roles that should have access to EchoSign and provide any app security policy that you want to apply to EchoSign.

    You can also go to Users > All Users to add the app to individual user accounts.

  9. Test the SAML connection.

    1. Create a test account -- or user your own account -- in EchoSign and OneLogin that shares the same email address.

    2. Make sure you are logged out of EchoSign.

    3. Give yourself access to the EchoSign app in OneLogin. (See step 8 above)

    4. Log in to OneLogin.

    5. Click the EchoSign icon on your OneLogin dashboard.

      If you are able to access EchoSign, then SAML works.


Expand/Collapse Comments
:     
Was this helpful?
YesYesNoNo