Docusign: Setup and Configuration

For a more comprehensive setup and configuration document, please download this PDF. 

Overview
Customers can integrate their docusign account with Welkin. The Docusign integration supports in person signing and the ability to send to patients for remote signing. Once signed, the docusign document is saved in Welkin’s Document Management.

Docusign Configuration

To start e-signing using Welkin, we need to complete the following 3 steps:

Step 1: Admin Portal Configuration

Step 2: Designer Portal Configuration

Step 3: Authorization

Initially, this configuration will be done using the Developer Docusign account of the customer. Once the Go-live process is completed, the above 3 steps must be done once again with the Production Docusign account of the customer, with minor changes specified in each step itself.

Note: The Docusign account’s name, email, and associated company name will all be patient facing. So it is suggested to use a common email rather than a person specific email. For example – if the customer name is Profilio, the Docusign user account can be named something like “Profilio DocuSign”, with the email docusign@profilio.com or support@profilio.com.

 

Admin Portal Configuration

Log in to Welkin’s Admin portal at https://admin.live.welkincloud.io & go to Integrations > Docusign.

Screenshot 1: Docusign Configuration in Welkin’s Admin Portal

Here we can set up a common configuration for all instances under Default Config. We can also configure Docusign for each instance separately under Instance Configs. Instance configuration is given priority over default configuration if both are populated. If the configuration is empty for any instance, then the default configuration is used.

Docusign configuration in Admin portal requires the following 6 values:

  1. Base URL: development value is account-d.docusign.com before the Go-Live process and production value is account.docusign.com after the Go-Live process is completed. Note: do not use na4.docusign.com or similar. Use the values as written here, no “https://”.
  2. Auth Token:  can be generated within the Admin portal by following these steps.
  3. API Username (User ID):
  4. API Account ID (Account ID): 
  5. Integration Key
  6. RSA Private Key (Private Key)
    1. Note: Include “—-BEGIN RSA PRIVATE KEY—-” and “—–END RSA PRIVATE KEY—-” and all content between these
    2. If this has an error, check the formatting (if you pasted in from some other program)

API Username, API Account ID, Integration Key and RSA Private Key can be obtained from Docusign Account.

Login to Docusign Developer account – https://account-d.docusign.com. If the Go-Live process is completed, then login to Docusign Production account instead – https://account.docusign.com. Once logged in, please follow these steps:

To obtain API Username & API Account ID

  1. Go to Settings > Integrations (in left panel) > Apps and Keys
  2. Copy API Username (a.k.a. userId) and API Account ID

To obtain Integration Key & Private Key

  1. After obtaining the above 2 values, create an app in Docusign (skip this step for Production Account, proceed to next step). See screenshot below:

Screenshot 2: Getting API Username & Account ID

 

App creation can only be done in the Developer Account. In the production account, once the Go-Live process is completed, the app will be already listed. 

  1. In the app creation form do the following (if using Production account, simply edit the existing app and it will open a similar form):

Screenshot 3: Creating/Editing an App

  1. Copy the Integration Key (a.k.a. clientId)
  2. Under Service Integration, generate RSA key pair & copy the value of private key

Screenshot 4: Obtaining private key

  1. Under Additional Settings > Redirect URIs field, add the URI of the care portal sign in page – https://care.live.welkincloud.io/signin. This will be needed in the authorization step later. 
  2. Save the form.

Now that we have obtained all 4 values, enter these in the Admin portal along with Auth Token and Base URL and save the configuration. Configuration for Admin Portal is complete.

Designer Portal Configuration

Login to Welkin’s Designer Portal – https://designer.dev.welkincloud.io for the instance where Docusign will be configured. Here we will enable permissions for users and add template IDs.

To enable permissions for user

For the user to be able to perform e-signing in Welkin’s Care Portal, we must enable Docusign permissions in the relevant security policy.

In Designer Portal, go to Access Control > Security Policies and open the security policy that concerns Docusign. If a security policy is not already present, one can be created for docusign:

  1. In the General Information tab, add doc-type-docusign under Docusign Types.

Screenshot 5: Configuring Security Policy for Docusign (1/2)

  1. In the Document tab, check all permissions for doc-type-docusign.

Screenshot 6: Configuring Security Policy for Docusign (2/2)

  1. Save changes and publish.

Please ensure this security policy is added to the relevant role of the users who will be performing e-signing.

How to Configure Docusign Template

In Docusign, we can add templates from a local machine or from the cloud, but only in the developer account. In the production account, while we can upload from a local machine, it only accepts .zip or .json files and not generic file formats like .pdf. 

As a workaround, we can download templates from the developer account and upload them in the production account. This can be done one-by-one as well as in bulk. Check this link for step-by-step instructions – Download and Upload Templates – DocuSign eSignature User Guide.

Note: After uploading templates in the production account, new template IDs will be assigned which are different from IDs in the developer account. Internal template configurations such as placeholders and the recipient role will be reset and need to be configured again.

Now, to create templates in the developer account, login to Docusign developer account and follow the steps below:

  1. Go to Templates tab & create a template by clicking on New > Create Template (upper left corner)

Screenshot 7: Creating template (1/3)

  1. In the create template form do the following:
    1. Give the template a name
    2. Under Add Documents, upload the template
    3. Under Add Recipients, enter Role as “patient” (all lowercase) and leave remaining fields (like name) blank
    4. Click Next to set placeholder for patient signature on the template

Screenshot 8: Creating template (2/3)

  1. Set the relevant placeholder, then save and close the template

Screenshot 9: Creating template (3/3)

  1. Once the template is created, to get the template ID:
    1. Open the template

Screenshot 10: Getting template ID (1/2)

  1. Click on the blue “Template ID” link
  2. A pop-up will display the template ID
  3. Copy this ID

Screenshot 11: Getting template ID (2/2)

Now to add this template Id in Designer, open designer and follow these steps:

  1. Go to Docusign Templates in the left panel 
  2. Click Create Docusign Template
  3. Enter template ID in Docusign Template ID field
  4. Enter other mandatory fields 
  5. You can also select whether you want this template to be signed over mail or in person. If not sure, select Any.
  6. Save changes and publish.

Screenshot 12: Adding Docusign Template in Designer

Authorization

Prerequisite: A redirect URI must be set in the integration app above.

We need to authorize our integration app to enable API access for performing signing operations. To do this, please follow these steps:

  • Login to Docusign developer account at https://account-d.docusign.com.
  • In another tab, paste the following link and replace integration_key with the actual integration key of the app:

https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=integration_key&redirect_uri=https://care.live.welkincloud.io/signin

If Go-Live process is completed, follow these steps instead:

  • Login to Docusign production account at https://account.docusign.com.
  • In another tab, paste the following link and replace integration_key with the actual integration key of the app:

https://account.docusign.com/oauth/auth?response_type=code&scope=signature%20impersonation&client_id=integration_key&redirect_uri=https://care.live.welkincloud.io/signin

Both workflows above will redirect to the authorization screen. Click “Accept”.

After this signing operations can be done.

Note: Authorization step needs to be done separately for Developer and Production Accounts.

Generating Auth Token

After the patient has signed the document, in order to receive the signed document in welkin, an auth token must be generated in the admin portal. To do that, follow the steps:

  1. In the admin portal, go to Integrations > Docusign
  2. Edit the configuration for the instance where docusign is being used.
  3. Click on the “Generate Token” button and a 36 digit token (a GUID) will be generated.
  4. Save the configuration.

Also advised to generate the token for “Default Config” of Docusign Integration, as well as for any other instances under Docusign Integration where docusign is configured.

Go-Live

Go Live is DocuSign’s process for migrating an integration created in the demo environment to the production environment. Go Live is necessary before you can perform real transactions in your integration through the DocuSign APIs.

For detailed information on how to Go-Live, check out these links:

Go-Live | DocuSign

How-To Go-Live in 3 Steps | DocuSign

Post Go-Live

We can verify whether our integration is live or not by:

  1. Logging into Docusign developer Account, go to Settings > Apps & Keys. The status of our integration should have changed to Live.
  2. Logging into Docusign production Account, go to Settings > Apps & Keys. A new integration should be seen in the list of integrations. This app, and the integration app in the developer account will have the same integration key.