An APEX email error is received when trying to utilize the "Send With DocuSign" URL button on the contract object in Salesforce. This button was just created to meet the requirements to move from a JavaScript button. The button does not trigger an error in Sandbox, works as expected. But I can not replicate in production without getting the error shown below. Any idea on how to get this resolved?
Developer script exception from Franklin Madison Group : DocuSignAPICredentials : Please verify that you have been granted access to DocuSign, your account settings are correct and that you have responded to all activation emails.
Apex script unhandled exception by user/organization: 0053n000007GFbq/00D70000000Je65
Visualforce Page: /apex/dsfs__docusign_editenvelope
caused by: dsfs.UnauthorizedException: Please verify that you have been granted access to DocuSign, your account settings are correct and that you have responded to all activation emails.
Class.dsfs.DocuSignAPICredentials.getInstance: line 71, column 1
Class.dsfs.DocuSignAPICredentials.getInstance: line 56, column 1
Class.dsfs.AccountFeatures.getInstance: line 139, column 1
Class.dsfs.EnvelopeController.loadEnvelope: line 164, column 1
Cause
Common causes for the issue are listed below,
The DocuSign user associated with the Salesforce user sending the envelope is not active
The Salesforce user has not been added to the DocuSign users list in DocuSign Setup settings (in Salesforce)
You are attempting to use Salesforce Login Access on behalf of a user "not yet Authorized DocuSign eSignature for Salesforce (DAL)"
Note: If the user hasn't authorized already, please refer to Step 4 in this article
Solution
Before continuing, ensure that you are on the most recent version of DocuSign eSignature for Salesforce (DAL). If you are on an outdated version, some of these steps will be unavailable.
To resolve this error, you’ll need to verify both issues that cause this error has been addressed.
First, you’ll need to verify that this Salesforce user has been added to DocuSign.
To verify if a Salesforce user has been added properly:
Navigate to DocuSign Setup.
Select User Management, then select Add User.
Enter the name of the user in the Value box. When they appear in the search results, select the checkbox next to their name and select Continue.
Assign the appropriate permissions to the user and select Apply. If your package is up to date and a DocuSign user already exists for this user, the Salesforce user will be mapped to their existing DocuSign user.
Click Done to finish.
Second, verify that the DocuSign user associated with this Salesforce account is active.
To check if a user is active in DocuSign:
Navigate to the DocuSign web app and select Settings.
Navigate to Users and search for the user in question.
If the user is not active, select Actions > Resend Invitation to send the invite to the user again.
To activate a user:
The User will need to navigate to their email client and open the invitation email.
Click the link in the email to activate.
Create a password and security question.
Once the user is active, have the user attempt to send an envelope from Salesforce to confirm the issue is resolved.
Additional Troubleshooting
If the DAL Admin and all users are noticing the same error, try to disconnect and reconnect.
Steps to Disconnect [Note: Disconnecting accounts will remove the DocuSign Gen and DocuSign Negotiate permissions for the Salesforce users that were given access under the old connection. You have to re-add DocuSign users and permissions in your organization.]
Steps to Reconnect
If the Salesforce Administrator attempting to make this change is unable to access the DocuSign Setup object, ensure that they have the correct permission set assignment to access the object.
To view permission set assignments in Salesforce:
Navigate to Setup, select Users.
Navigate to the user in question and open their profile.
Navigate to Permission Set Assignments, if the DocuSign permissions are missing, edit the section and add DocuSign Administrator.
Note: If you are running both DocuSign Apps Launcher and legacy DocuSign eSignature for Salesforce, you will see duplicate permission sets with similar names. Add both to ensure correct permissions are applied to the user.
Retest to see if the user can access DocuSign Setup. If it’s still failing, follow the steps in this article to navigate to the DocuSign Troubleshooting page and select Delete DocuSign Credentials. You should then be able to navigate to DocuSign Setup and reestablish the connection between DocuSign and Salesforce.
Related
I'm sure I am missing something here but...
I have an angular application that allows users to fill out forms. The application calls a backend NODEJS service that has a responsibility of building the HTML envelope and document to sign. This back-end service does not have access to a browser.
I have 2 options for flow:
User fills out form -> clicks sign button -> back-end service called to gather the url for the user to redirect to in order to get a code back (consent) -> USER DOES NOT LOGIN TO DOCUSIGN -> redirect back to application -> get token with users code -> prepare envelope on BEHALF of the user -> send application the ceremony URL -> user redirects to ceremony -> signs document -> redirect back to application.
*User fills out form -> clicks sign button -> back-end service called to create envelope and tell DOCUSIGN to send an EMAIL to the user which I don't want to sign up for DOCUSIGN. (Effectively removing the need for them to create an account with DOCUSIGN because I am sending an email and they can authenticate him by knowing he is coming from his own email). -> user signs document through email -> (Would be nice for application to get redirected back to but not necessary)
All examples and chats I have seen discuss only having to login one time. Well in flow 1, I don't want the USER, signing the document, to login or have to make an account for this one signing. And in flow 2, I can't seem to grasp how to keep the back-end service authenticated if it is a BACK-END service. It's headless. No Browser.
These guys are so large that I figure it's something I'm not grasping here.
I understand to impersonate the user, I would need his consent. And possibly... because they don't KNOW the user without him signing up for an account to verify his email, they can't offer consent to a user they can't verify email with. So if that is the case, I would want to authenticate my BACK-END user to send emails so they can just click the email, it MIGHT verify in DOCUSIGN without having to sign up for account, and offer the contract to the user to sign on the spot from the email WITHOUT asking for credentials or NEW account.
If you are going to answer this with a link back to DOCUSIGN authentication examples. Or suggest use a JWT to authenticate from BACK-END services... please explain in detail the steps to authenticate my BACK-END user and keep him authenticated without using a web-browser or how to use the users consent from a redirect from DOCUSIGN without the user having to EVER create an account.
I have tried sending the user to the redirect URL with success if they already have their credentials cached in browser or already have a DOCUSIGN user. The flow works fine there. I get the users code, exchange it for token, create envelope, redirect user to ceremony, redirect back to application after signing complete.
I have read a bunch of articles that all point back to DOCUSIGN help with authenticating 1 of 3 ways with a browser. I need no browser login, or a better understanding of how to avoid the user creating a DOCUSIGN account.
Thank you so much!
Signer, user that signs, does NOT need to have a DocuSign account. They do not need to log in to DocuSign in order to sign. They can sign via email or embedded in your app, but they do NOT need to have an account or log in.
Your app's back end needs an access token to make API calls. This doesn't change the headless nature or the fact that it's back end. A token is a long string that your app uses to authenticate. This authentication is tied to a user in DocuSign that has an account. That is NOT the user that signs, but the user that make the API call. You have to have a user that makes an API call.
You can get a token using JWT authentication and your back end can generate it using the Node.js SDK (npm package) without the need for UI or for anyone to log in.
I have github enterprise configured. I use keycloak for authentication.
Sign up/ login flow is like this,
Users click sign in with SAML from github enterprise.
Then they are redirected to keycloak login page.
Where they can choose github.com for signup.
After successful authentication from github.com users are redirected to github
enterprise.
Now a new user has been created in keycloak with username as of github.com username and email as of github.com email.
But in github enterprise, user's username is created by parsing the first part before the # of email id and user's email id is not getting updated in github enterprise user account even though github enterprise is receiving email id from keycloak.
Users get the following notification, saying them to add one email address.
If an user don't add their email, they don't get email for events like organization invitation, password reset.
This not what i want. I also not what the users to manually add email id to their account.
I want get github enterprise user's username and email to be the same as of keycloak.
How can i achieve this ?
We have extracted saml response from keycloak to ghe by inspecting the /consume request in browser network. When SAML response is decoded (using samltool.io), we identified that keycloak is not sending email attribute to ghe.
Github used the following attributes for updating profile information. So keycloak needs to send attribute in variable specified in this field.
We have found that there is some builtin "Mappers" available in client which can be used for sending some specified predetermined attributes to client applications.
Select your client -> Mappers -> Add builtin. Select the required mappers and click Add.
Open x500 Email and set "SAML Attribute Name" to the variable same as the variable name set on github. Provide some Property and Friendly Name.
Now you will get email address in user's account.
Using the Bot Channels Registration created a Bot app, was provisioned successfully. I require the App ID and the Pwd so navigated to the Bot Resource , clicked on settings and then Manage next tp the App ID and gives ,me the following error.
Following the help on https://learn.microsoft.com/en-us/azure/bot-service/bot-service-quickstart-registration?view=azure-bot-service-3.0
Get Registration Password - Step 4 results in the error. any help much appreciated.
error 404 on clicking Manage App Id
This can be resolved by two steps :
1. When you click on manage, just add “/true” in the end of the URL that is opened and you will be able to access the page
2. Alternatively you can go to Azure active directory and click on app registration, then search in the personal account with your client ID/ Application id you will be able to access the page
Reason :
this issue happens because the bot is created using personal account, so when we click on Manage button the flow go and search the app registered from owned account. We can make use of above workarounds.
We are doing Office 365 with asp.net mvc , in this example working fine for local system,(we are using VS2015), when i publish to azure web application its successfully published.
After open the URL click the Email button go to login page and enter the credentials its successfully logged and redirect to mail page now it showing some error message, but local working fine everything.
Please let me know anything required after publish.
Oops you've reached an error!
We weren't able to process the action you requested. This was caused by an exception in the below table:
Exception Cause Action
AdalException This exception is thrown when either you have a stale O365 access token that can cause authentication errors, or you attempted to access a resource that you don't have permissions to access.
You'll may need to refresh the access token. Try signing out and signing back in to the app again, or refreshing the session Click here.
Make sure the app is configured with the correct service permissions in the Services Manager menu. If any of these permissions are not configured, or configured incorrectly, some parts of the app may throw an error. For example Right click the project, select Connected Service..., and ensure the following permissions are set for this app:
(Calendar) – Have full access to users’ calendar and Read users' calendar
(Contacts) – Have full access to users’ contacts and Read users' contacts
(Mail) - Send mail as a user, Read and write access to users' mail, and Read users' mail
(Users and Groups) – Enable sign-on and read users’ profiles.
Thanks,
hemanth
I am using the following project: https://github.com/OfficeDev/O365-ASPNETMVC-Start
I set the configurations as requested in the documentation but I am receiving an error after sign in.
Cause Action
AdalException This exception is thrown when either you have a stale O365 access token that can cause authentication errors, or you attempted to access a resource that you don't have permissions to access.
Make sure the app is configured with the correct service permissions in the Services Manager menu. If any of these permissions are not configured, or configured incorrectly, some parts of the app may throw an error. For example Right click the project, select Connected Service..., and ensure the following permissions are set for this app:
(Calendar) – Have full access to users’ calendar and Read users' calendar
(Contacts) – Have full access to users’ contacts and Read users' contacts
(Mail) - Send mail as a user, Read and write access to users' mail, and Read users' mail
(Users and Groups) – Enable sign-on and read users’ profiles.
The permissions are set correctly:
How can I solve this problem?
You are missing the Send permission under the Mail API.
I fixed the problem...I was logging with the developers account without an assigned license. You have to create a new user and ensure that it has the Microsoft Office 365 Developer set as Assigned license.
If not this error would occur:
When making a request as an account that does not have a mailbox, you must specify the mailbox primary SMTP address for any distinguished folder Ids.