DocuSign error "The Federated identifier for single sign-on does not match what has been enabled for this user"

Follow
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises
  • Version Affected:  All

    Description:  

    Saml integrated DocuSign occasionally gives an error "The Federated identifier for single sign-on does not match what has been enabled for this user" this typically happens most via the DocuSign app.

    Cause:  

    DocuSign stores the NameID as "The Federated identifier" the first time you login. This is case sensitive so can be affected by how the User types in their username. 

    Eg, if they login via a Browser, and type user1 but then login via their phone and this automatically capitalises the first letter to User1 - DocuSign then throws this error. 

     

    Resolution:  

    The easiest way to keep this consistent and remove the human element is to change the user ID Mapping on the Post Auth tab to use SamAccountName taken from the DataStore instead of what the user has typed in. 

    1. On the Data Tab, pick an empty AuxID and set it to SamAccountName

    2. On the Post Auth tab, set the UserID Mapping to the AuxID used in Step1. 

     

    This could also be solved using the Transformation Engine. 

     

    Special Considerations :  

    Using this technique will ensure that the same Federated identifier is set each time. However, it may be different to what some of the Users have already been registered with in DocuSign so you'll need to perform a one time action on the docusign side to reset their Federated identifer.

    Please see their KB on how to do this

    https://support.docusign.com/en/articles/DocuSign-SSO-I-am-experiencing-the-error-The-federated-identifier-for-single-sign-on-does-not-match-what-has-been-enabled-for-this-user-Please-contact-your-DocuSign-administrator

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.