The DocuSign integration enables biometric passwordless authentication via SAML 2.0 using the 1Kosmos mobile app.
Integration type
SSO
Updated
Overview
1Kosmos integrates with DocuSign as a SAML 2.0 identity provider, enabling users to sign in to DocuSign using biometric passwordless authentication via the 1Kosmos mobile app.
This integration is configured through the DocuSign admin portal under Access Management → Identity Providers. Before configuring SSO, the organization's email domain must be claimed and verified in DocuSign.
DocuSign generates its SP Entity ID and ACS URL values after the identity provider configuration is saved. These values are found by navigating to the identity provider's ACTIONS menu and selecting Endpoints.
The SP Issuer URL becomes the Entity ID and the Service Provider Assertion Consumer Service URL becomes the ACS URL in AdminX. DocuSign supports just-in-time user provisioning, so users who authenticate through 1Kosmos for the first time will have DocuSign accounts created automatically.
Prerequisites
Active 1Kosmos tenant: Administrator access to the AdminX portal. Contact 1kosmos.com/contact if not yet provisioned.
DocuSign administrator access: Admin access to the DocuSign admin portal, including the ability to claim domains and configure identity providers under Access Management.
Verified email domain: The organization's email domain must be claimed and verified in the DocuSign admin portal before SSO can be configured. Navigate to the admin portal → Domains to complete domain verification.
1Kosmos mobile app installed: Users must have the app on iOS or Android with biometrics enrolled before testing.
Configuration values
Values to collect from 1Kosmos AdminX (IdP) for DocuSign:
Field | Where to find it |
|---|---|
IdP Entity ID (Identity Provider Issuer) | AdminX → Settings → IdP Configuration → Core Configuration |
IdP SSO URL (Identity Provider Login URL) | AdminX → Settings → IdP Configuration → Single SignOn Service URL |
Signing Certificate (PEM) | AdminX → Settings → IdP Configuration → View Certificate → Public Key |
Values to collect from DocuSign (SP) for AdminX (obtained after initial DocuSign IdP save):
Field | Where to find it |
|---|---|
SP Entity ID (Service Provider Issuer URL) | DocuSign admin portal → Access Management → Identity Providers → ACTIONS → Endpoints → Service Provider Issuer URL |
ACS URL (Service Provider Assertion Consumer Service URL) | Same Endpoints panel → Service Provider Assertion Consumer Service URL |
Integration steps
Step 1: Claim and verify your email domain in DocuSign
Log in to the DocuSign admin portal using administrator credentials.
Navigate to Domains and click Claim Domain.
Enter your organization's email domain and complete the DNS TXT record verification process. The domain must show as Active before proceeding.
Step 2: Add 1Kosmos as an Identity Provider in DocuSign
In the DocuSign admin portal, navigate to Access Management → Identity Providers.
Click Add Identity Provider and enter a descriptive name (e.g., "1Kosmos").
In the Identity Provider Issuer field, paste the 1Kosmos IdP Entity ID.
In the Identity Provider Login URL field, paste the 1Kosmos SSO Login URL.
For Send Authn Request by, select POST.
In the Identity Provider Certificates section, click Add Certificate, upload the 1Kosmos signing certificate, and click Save.
After saving, navigate to ACTIONS → Endpoints and copy the Service Provider Issuer URL and Service Provider Assertion Consumer Service URL. You will need these for AdminX.
Step 3: Add DocuSign as a SAML application in AdminX
Log in to the AdminX portal and navigate to Applications → Add Application.
Scroll to Custom App, select SAML 2.0 Generic, and click Add integration.
Enter "DocuSign" as the Application Name, set Instance to Production, and enter your DocuSign URL as the Application Access URL. Click Next.
Set NameID Format to
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressand NameID Value toemail. Add claims foremail(Username),firstname(givenname), andlastname(surname). Click Next.Enter the DocuSign SP Entity ID (Service Provider Issuer URL) and ACS URL. Enable Assertion signing and click Save.
Step 4: Test the integration
Navigate to
https://account.docusign.com, enter your email address, and click Use Company Login.Confirm you are redirected to 1Kosmos. Authenticate biometrically using the 1Kosmos mobile app.
Confirm you are returned to DocuSign as an authenticated user.
Attribute mappings
Source (1Kosmos) | Target (DocuSign) | Description |
|---|---|---|
user.email | emailaddress (NameID) | Must match the user's DocuSign account email |
user.firstName | givenname | User first name |
user.lastName | surname | User last name |
Integration notes
DocuSign generates SP values (Entity ID and ACS URL) only after the identity provider configuration is first saved, which means you need to perform a partial save in DocuSign before completing the AdminX configuration.
Use placeholder values in AdminX for the first save, then update with the actual DocuSign SP values once they appear in the Endpoints panel.
DocuSign's Use Company Login flow triggers SSO based on email domain, so only users with email addresses on your verified domain will be redirected to 1Kosmos. Users on other domains will use standard DocuSign credentials.
