The DocuSign provisioning or deprovisioning flow fails with one of the following errors visible in the Okta dashboard:

• Automatic provisioning of user <user> to app DocuSign failed: The credentials used to connect to the API were invalid; please check your configuration
• FAILURE: javax.ws.rs.BadRequestException: HTTP 400 Bad Request

Admins may also receive the following User Deactivation Summary Email:

The application account failed automatic deprovisioning and needs to be manually deprovisioned.

• DocuSign
• Okta Integration Network
• Provisioning
• Deprovisioning

1. Locate and record the DocuSign API account ID:

   1. Sign in to the DocuSign instance with administrator permissions.

   2. Select Settings on the top ribbon. If Settings is unavailable, click the menu and select eSignature.

   3. In the left menu below Integrations, click Apps and Keys.

   4. Copy the value in the API Account ID field.

2. Go to Okta Admin Console and navigate to Applications > Applications > DocuSign > Provisioning > Integration > Edit.

3. In the API Account ID field, enter the API account ID copied in Step 1.
   Ensure the API Account ID and DocuSign administrator credentials match to avoid authentication errors.

4. Generate the authentication token:

   1. Click Authenticate with DocuSign.

   2. Click Accept if a prompt appears.

   3. If required, enter the email address and click CONTINUE.

   4. If required, enter the password and click LOG IN.

5. A message confirming the successful authentication will appear on the Provisioning page in Okta. Click Save.
6. Afterward, attempt the user provisioning again. Navigate to Dashboard > Tasks. Any failed assignments should appear under Tasks.  
   • Confirm that the deprovisioning flow is functioning by assigning a test user and deprovisioning it.

7. After locating the failed task for the user that should be retried, click on Retry Selected.

Related References

• How to configure DocuSign