We're trying to implement a Docusign integration for a multi-tenant cloud application (i.e. https://company1.app.com, https://company2.app.com, etc...).
The goal is to allow the tenant admin (our customer) to upload envelopes containing document templates for users to sign when they first login. Each tenant admin will have their own Docusign account/envelopes.
We've implemented a solution for this; however, it requires each tenant admin to create a separate Integration key and go through the process of promoting it to a live account. This is not scalable for us and some of our tenant admins are not tech people, so they have trouble setting this up.
Is there a way to implement the Docusign integration using a single Integration key (our key), but still have tenant admins login with their own Docusign account and upload their own envelopes?
I think you are building a Docusign User Application. You should use the OAuth2 auth flows instead of creating separate Integrator key for each tentant.
A user application is a client that authenticates every end user with DocuSign. These applications are typically web services, mobile applications, or desktop programs that authenticate individual users on the DocuSign platform. Once authenticated, users give consent for the application to display, send, or sign envelopes from their account. For user applications the OAuth2 auth flows are recommended.
A key issue that you may be missing is that your Integration Key works with any account. It is associated with your account just to manage it.
So as CodingDawg says, each of your customers can use your app by logging in with their own user credentials for their own account.
Related
I have followed the instructions on this page to add the ability to sign up / log in to my application using a Microsoft Account. Personal accounts seem to work fine, but organizational IDs do not. And if I type in an email address that is both an organizational ID as well as a personal account, at no point am I prompted to choose "Work or school account" vs. "Personal account". When I use the same email to log into Azure, I am prompted to pick one.
The configuration instructions talk specifically about enabling "Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com)." and I have confirmed that this option is set properly in my registered application.
Is there something else I need to do to enable sign up and log in with organizational IDs in my AADB2C application?
Although you registered an app with the type is Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com), it doesn't mean you have enabled sign-in for users from an Azure Active Directory (Azure AD) organization.
The configuration in this article is only for MSA. You define the account as a claims provider that Azure AD B2C can communicate with through an endpoint by adding a claims provider.
If you want to enable sign-in for Azure AD users, you should define Azure AD as a claims provider.
You should finish the configuration on this page.
Is it possible, using the 3-legged authentication workflow, to determine if a user is an Autodesk contract (or software) manager using the OAuth API?
I've noticed the account:read and account:write scopes. Would this allow me to tell if a user is a contract manager?
Unfortunately, the contract info is not part of the Forge platform, and there no API support querying such data for this purpose currently. However, BIM360 Account Admin API GET users supports telling the user role in these three types:
account_admin: user has BIM 360 account administration access
account_user : normal project user
project_admin: user has Project administration privileges at a service level
And commonly, the contact manager will be the account admin of that BIM360 account. Therefore, you could use this as a workaround. Hope it helps, cheers!
Note. Account Admin API only accepts two-legged access token.
I am trying to understand what is the intended use case for app auth and app users. Im basically thinking about building an app that would use Box to store data of users that would subscribe to our service. Our service would allow each user to access and view their data.
If I have an account that basically owns the data of all the subscribed users, can I use the enterprise access token as a base for authentication while using the user account token to restrict the user to only viewing the data from their specific sub directory. Or do I have to have a unique account with its own api key for every user?
I hope this makes sense. Any assistance would be appreciated.
Thanks.
App Auth and App Users -- which is officially called Box Platform -- is essentially a white-labeled version of Box. I think of it this way: "Box" as we know it is software-as-a-service. It offers a web app, mobile apps, and all the trimmings. Box Platform is the platform layer upon which the SaaS is built, providing API-based management of users/content/comments/collaborations/etc. With Box Platform you have a walled garden in which you can build apps that leverage all the features of the APIs, but are not otherwise "Box apps."
I'm basically thinking about building an app that would use Box to store data of users that would subscribe to our service. Our service would allow each user to access and view their data.
This is an appropriate use case. With Box Platform you will be the owner and administrator of a Box enterprise and all the accounts and data contained within.
If I have an account that basically owns the data of all the subscribed users, can I use the enterprise access token as a base for authentication while using the user account token to restrict the user to only viewing the data from their specific sub directory. Or do I have to have a unique account with its own api key for every user?
I think it's generally cleanest to create unique accounts for each user as opposed to giving users a special subdirectory in the admin account. From there you can use the App Auth workflow to get an access token specific to that user.
Is there any available SDK of Twilio or Authy to use for Two Factor Authentication with Cognito?
Or What are the best practices to do User Authentication via Cognito with Two Factor Authentication?
Basically how mobile app authenticate user with Two Factor Authentication by using Cognito for Identity Management?
One important clarification - Cognito doesn't manage users for you. Cognito leverages public providers (facebook, google, amazon, twitter, an existing external provider...etc.) to generate AWS credentials for whatever user 'signs in'. Additionally, there isn't a native MFA mechanism in Cognito as of now.
With that in mind, it should be possible to do it yourself, however you would need to build some additional mechanism. Say you were trying to log into facebook - the common flow would be to:
1) open up app
2) click sign in button
3) sign in to facebook
4) app validates login with facebook, gets generated token
5) app gives generated token to Cognito, gets an id and credentials.
To catch the login event, you would need some kind of back end that intercepts the login event and has some kind of mapping of login to means of authentication, then once that provider approves the login, you can trigger the auth text/push notification...etc.
Update: this is no longer true, the Cognito User Pools service does manage users for you and allows SMS MFA for authentication.
I am asked by my company to do a Proof-Of-Concept for our document management using Box. We have an enterprise account.
What I did is I added an app in my account - to get my api keys ("client_id" and "client_secret").
Then after this Using the Box Api for .net4.0, I manage to connect my MVC app with our box account using OAuth2.
I can now view files and folders as well as uploading files.
Now my problem is I need to restrict the files that can be viewed by the user logged.
I noticed that when changing the email that is use to log-in (we're using SSO)
The user info doesn't change.
I am using GetCurrentUserInformationAsync() method of the BoxApi V2.
Is it possible to perform user management using API?
(P.S. I am not the admin of our enterprise account)
Thanks
To change the email, you will be require the admin rights. First you need to create the email alias for that account and then you can replace the primary email address with your alias.