You are viewing limited content. For full access, please sign in.

Question

Question

Security best practices for the DocuSign integration in Cloud?

Laserfiche Cloud Web Client Integrations
Updated July 26, 2022
asked on July 25, 2022

From what I understand, the DocuSign integration in Cloud requires that the Everyone group have access to the folder it is saving the signed document to. Not sure if this has been updated, but if not, it is a security nightmare.

Wondering what everyone else is doing to lockdown this folder, while still giving access to the Everyone group?

0 0

Replies

replied on July 25, 2022

That sounds... not right. My recollection is that the DocuSign integration uses a specific service account to save signed documents back to the repository. I would sincerely hope the only permissions you need to set are for that specific account. When a signed document gets saved back by the integration, what account does its properties list under "Last Modified By"?

0 0
replied on July 26, 2022

Hi Samuel! The account is listed as DocuSign. I opened up a case not too long ago and was told that the Everyone group needed to have access to the folder it was saving to. 

0 0
replied on July 26, 2022

I've been informed that the "DocuSign" service account is not currently exposed by ACS and thus not a securable trustee on which you can set access rights. We're aware it's problematic and your post here helped raise visibility of the issue. For the time being, the guidance Support provided is accurate.

0 0
replied on July 26, 2022

Thanks Samuel. I suppose the best approach is to deny rights to the publicportaluser, and all other users that should not have the ability to see within this folder. 

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...