Switching to OAuth Admin Consent for DocuSign Legacy Integrations

This article is for users who are currently using DocuSign with Nintex DocGen and want to switch their current DocuSign Legacy authentication method to the OAuth - Admin Consent option.

Why do I need to do this?

DocuSign is deprecating its basic authentication methods: Legacy Authentication and Send-On-Behalf-Of (SOBO). These authentication methods are available for our "DocuSign (Legacy)" integration, an integration that relies on DocuSign for Salesforce (DocuSign's legacy Salesforce app). In order to continue to this DocuSign (Legacy) integration in Nintex DocGen you will need to switch to one of the following integration methods: OAuth - Admin Consent, or OAuth - Individual Consent.

Who does this apply to?

  • Users with the DocuSign Legacy app integration

  • Users using one of the following two integration methods

    • Legacy Authentication

    • Send-On-Behalf-Of

The following how-to video provides step-by-step guidance on switching to OAuth - Admin Consent.

See the following table for more information on the currently available authorization methods.

Authorization Option Description
OAuth - Admin Consent

The standard authentication method for the DocuSign delivery option. Requires DocuSign Admin Tools to be able to claim a domain. May also ask for a for Admin Consent approval when adding this setting for the first time.

Allows for a single DocuSign Admin Tools administrator to authorize all users under a single DocuSign account. No action is required on the part of the end-users side once Admin Consent has been configured. Every call made to DocuSign is authorized by a single administrative user but with done in context of the user sending out the Document Package.
OAuth - Individual Consent

Allows a user to make a one-time authorization to DocuSign limited to that user's account. Each user that needs to run a DocuSign delivery option for a Document Package will need to authorize their account. During set up of OAuth - Individual Consent admins can send out a URL that user's can use to authorize their account prior to sending out a Document Package. User's can also authorize their account by clicking the Authorize and Send to DocuSign button. This authentication method is also available for the Legacy DocuSign delivery option.
Legacy Authentication (Legacy)

The standard authentication method for Legacy versions of DocuSign. DocuSign has since deprecated their legacy authentication options, and this option can no longer be used. If you were previously using this option you will need to switch to either OAuth - Admin Consent or OAuth - Individual Consent.

Send on behalf of (SOBO) (Legacy)

Used for prompting the user for a login to DocuSign, used for the Legacy versions of DocuSign. DocuSign has since deprecated their legacy authentication options, and this option can no longer be used. If you were previously using this option you will need to switch to either OAuth - Admin Consent or OAuth - Individual Consent.

Switch from basic DocuSign authentication to OAuth - Admin Consent option

After DocuSign deprecates their basic authentication options, you will need to choose one of the new authentication methods. For most users the option that will function most similar to what they currently have is the OAuth - Admin Consent option. The following steps provide you with guidance on what you need to do in order to start using the OAuth - Admin Consent as an integration method.

Note: The use of OAuth - Admin Consent requires a paid feature from DocuSign called DocuSign Admin Tools. If you do not want to use this option, then you can switch your authentication to OAuth - Individual Consent. For information on how to set up OAuth - Individual Consent refer to Switching to OAuth - Individual Consent.

1. Upgrade your Nintex DocGen package to 20.5.0 or above

In order for the OAuth - Admin Consent option to be available for use as an authentication method, you need to upgrade to the latest Nintex DocGen package release. It is always recommended to first upgrade a sandbox environment first before upgrading your production or live environment.

If you are on an older version of Nintex DocGen (version earlier than 18.10) you will need to perform a two-step upgrade in order to get to version 20.5 or higher. If you do not need to update to 18.10, then you can update to version 20.5 using the AppExchange

  1. First direct download version 18.10 using one of the following links depending on what type of environment you are trying to upgrade:

    1. If you are updating a Sandbox environment download version 18.10 from here: https://test.salesforce.com/?retURL=%2Fpackaging%2FinstallPackage.apexp%3Fp0%3D04t2E000003kYjxQAE

    2. If you are updating a Production environment download version 18.10 from here: https://login.salesforce.com/?retURL=%2Fpackaging%2FinstallPackage.apexp%3Fp0%3D04t2E000003kYjxQAE

  2. After updating to version 18.10 you can upgrade Nintex DocGen as usual using the AppExchange here: https://appexchange.salesforce.com/appxListingDetail?listingId=a0N300000016Zn3EAE

2. Purchase and configure DocuSign Admin Tools from DocuSign

In order to use OAuth - Admin Consent as an authentication method, DocuSign requires that you purchase and configure DocuSign Admin Tools.

You will need DocuSign Admin Tools to do the following:

How can I tell if DocuSign Admin Tools is purchased and available?

  1. Log into your DocuSign account.

  2. From your DocuSign portal, in the top-left corner click the Dots menu to expand the menu and see the available options. You should see two options to select: eSignature and Admin.

  3. If you do not see the Admin option then that means DocuSign Admin Tools needs to be purchased.

    1. Click the link to find more information on how to purchase Admin Tools
    2. If you believe you have already purchased DocuSign Admin Tools and should be seeing the Admin option please contact DocuSign support to troubleshoot this issue.

How do I claim my domain using DocuSign Admin Tools?

In order for OAuth - Admin Consent to function properly with DocuSign you need to complete claiming a domain in your DocuSign account portal.

To check your domain settings:

  1. From your DocuSign portal click the Admin option as referenced in the above screenshot.

  2. From the Organization menu select the Domains option. You should now see a screen like the screenshot referenced below:

  3. If you do not see any domains on this screen you will need to add a domain.

    1. Follow guidance provided by DocuSign to set up and claim a domain.

    2. Updating the DNS record may require the help of your IT department.  Please reach out to your IT department for what you need to do to update your DNS record.

How can I check if my DocuSign account is being given administrator access to Admin Tools?

In order to eventually set up OAuth – Admin Consent for DocGen within Salesforce, you will need a DocuSign Organization Administrator account. After DocuSign Admin Tools has been purchased and a domain has been claimed, you can check to see if the account you are going to use to set up the OAuth - Admin Consent option is configured as a DocuSign Organization Administrator in DocuSign Admin Tools.

  1. From your DocuSign portal, select Admin.

  2. In the Admin screen, in the Users section select Users.

  3. In the Users screen, select the Administrators option. This list displays all of the accounts that are marked as Organization Administrators and can be used when setting up OAuth - Admin Consent in Nintex DocGen.

How can I check if my DocuSign developer or demo account is linked in Admin Tools?

After DocuSign Admin Tools has been purchased, a domain is claimed, and you have verified that the user who is going to set up OAuth - Admin Consent is a DocuSign Organization Administrator, you can confirm the linked accounts in DocuSign Admin Tools.

  1. From your DocuSign portal, select Admin.

  2. From the Admin screen, click on Accounts.

  3. This screen shows all of the DocuSign Accounts linked in DocuSign Admin Tools. If you intend to do testing of DocuSign functionality, it is common to have a production DocuSign account and a “Test” account linked here also. All Accounts listed here will use the Domain claimed in the previous steps. If an account is linked, you will see text in a bubble displaying as "Linked". That means that the account is linked to DocuSign Admin Tools and can be used to set up and test OAuth - Admin Consent.

3. Switch your integration option to OAuth - Admin Consent in Nintex Admin

After you have performed the upgrade to Nintex DocGen version 20.5.0, and Admin Tools have been purchased and configured you can set up OAuth - Admin Consent from the Integrations menu inside of Nintex Admin. All Accounts listed here will use the Domain claimed in the previous steps. If an account is linked, you will see text in a bubble displaying as "Linked". That means that the account is linked to DocuSign Admin Tools and can be used to set up and test OAuth - Admin Consent.

Important: After performing the upgrade to Nintex DocGen your previous DocuSign integration will now be called "DocuSign (Legacy)". This is the integration option you will be changing.

Important: The steps outlined below will need to be performed for any environment you need this to work in, such as a production, sandbox, or demo environment.

Switch to OAuth authentication

  1. Log into Salesforce using a Salesforce account that has administrative privileges.

  2. If necessary open Nintex DocGen from the Apps Launcher.

  3. Select the Nintex Admin tab.
  4. Under Configuration, select Integrations.

  5. Locate the Service Name that is called "DocuSign (Legacy)" and click Edit.

  6. In the Authentication to Use drop-down select, OAuth - Admin Consent.

  7. Click Save.

  8. After clicking Save you are going to be prompted to authorize the integration using a DocuSign account. The DocuSign account being used to authorize needs to be a DocuSign Organization Administrator account. If you attempt to use a DocuSign account that is not an Organization Administrator you will receive an authorization error. To confirm the DocuSign account is set up for Organization Administrator privileges refer to How can I check if my DocuSign account is being given administrator access to Admin Tools?

4. Re-authorize Nintex DocGen through Nintex Admin

After you have performed all of the previous steps, and set up the desired integration method, you need to re-authorize Nintex DocGen through Nintex Admin.

Re-authorize Nintex DocGen

  1. From the Nintex DocGen home screen, click the Nintex Admin tab.

  2. In Nintex Admin locate the Authorize Nintex DocGen section.

  3. Click Authorize Nintex DocGen.

  4. You may see a pop-up window asking for access to certain features. Click Allow.

Your DocuSign delivery options will continue to function as before.