Skip to content
English
Sign in
Go to www.contractsafe.com
  • There are no suggestions because the search field is empty.

How to Add DocuSign Two-Way Integration

Want to send a document from ContractSafe to DocuSign for signing? This article explains how to enable DocuSign two-way integration after setting up the standard one-way integration.

This integration is featured on specific subscriptions. If you are unsure if this integration is part of your subscription, please contact your customer success manager or support@contractsafe.com.

How It Works

We call this DocuSign Two-Way Integration because it lets you start with agreements in ContractSafe and send them to DocuSign for e-signature.

You can store draft documents in ContractSafe and then send them out to DocuSign for signature. Just set up your signing process as you normally would in DocuSign. Once a document is fully executed, it returns to ContractSafe and replaces the draft document. The draft is stored in Related Documents for record-keeping. The contract is then also marked Fully Executed.

After completing the steps below, you will find the Send to DocuSign button on ContractSafe when you select Send on any contract.

Screen Shot 2022-05-24 at 5.19.48 PM

Setting a Default Account to Recieve Contracts from All Users

Step 1: Create a DocuSign Integration App

  1. Log in to the DocuSign eSignature admin portal.
  2. In the left sidebar, go to Integrations → Apps and Keys.
  3. Click Add App and Integration Key.
  4. Give the app a name (e.g., ContractSafe Integration) and click Create App.
  5. Note the Integration Key (Client ID) — you will need this later.

Step 2: Generate an RSA Key Pair

Still on the app detail page:
  1. Scroll to the Authentication section.
  2. Under Service Integration (JWT Grant), click Generate RSA.
  3. DocuSign will display a private key and a public key — this is the only time the private key is shown.
  4. Copy or download the private key immediately and store it securely. It will look like:
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA...
-----END RSA PRIVATE KEY-----


The public key is saved automatically in DocuSign. You do not need to store it separately.

Step 3: Create a Service User

This is the DocuSign account ContractSafe will impersonate. All envelopes sent through the integration will appear in this user’s drafts folder. If you already have an existing account you’d like to use, skip points 1 - 3 and continue at 4.
  1. In the DocuSign admin portal, go to Users.
  2. Click Add User and create a dedicated service account:
    • Name: Something descriptive, e.g., ContractSafe Integration
    • Email: A real, accessible email address (e.g., docusign-integration@yourcompany.com) — DocuSign will send a verification email
    • Permission Profile: Assign at minimum the DocuSign Sender permission profile
  3. Complete email verification for the new user account.
  4. Note the service user’s API Username (User ID / GUID):
    • Go to Users, find the service account, and click on it
    • Copy the user UUID

Step 4: Grant Consent for the Integration

The service user must explicitly grant your integration permission to impersonate it.


Option A: Admin Consent (requires Org Admin / Access Management feature)

If your DocuSign account has the Access Management feature and has claimed your email domain:

  1. In the admin portal, go to Settings → Connected Apps.
  2. Find your app and grant admin consent for the signature and impersonation scopes on behalf of your domain users.
  3. No individual user action is required.
Option B: Individual Consent URL
If Org Admin is not available, construct a consent URL and have the service account user visit it while logged in to DocuSign:
 
https://account.docusign.com/oauth/auth
 ?response_type=code
 &scope=signature%20impersonation
 &client_id=YOUR_INTEGRATION_KEY
 &redirect_uri=https://www.docusign.com
 
Replace YOUR_INTEGRATION_KEY with the Integration Key from Step 1. The user clicks Allow Access and consent is recorded.
To verify consent was granted, log in as the service account user, go to Manage Profile → Connected Apps, and confirm your app appears there.
 

Step 5: Configure ContractSafe

Once you have the credentials from the steps above, update the organization’s DocuSign settings in the ContractSafe
  1. Log in to ContractSafe
  2. Navigate to Settings → Security & Integrations → DocuSign Settings
  3. Update the following fields:
Field Value
Integration Key
Your Integration Key (Client ID) from Step 1
Service Account User UUID
The service account’s API Username (GUID) from Step 3
RSA Private Key
The RSA private key from Step 2 (full PEM block). This will never be viewable in ContractSafe
Docusign HMAC Key & DocuSign Connect URL
Leave unchanged or if setting up for the first time see our One-Way DocuSign Integration guide
Note: The RSA private key is stored encrypted. It will never be viewable in ContractSafe and we will never ask you for it.

Setting a Different Account to Recieve Contracts from Any User

Individual users can opt out of the org-level JWT integration and route their sends through their own DocuSign account instead. When the override is enabled, the user will be prompted to log into DocuSign when sending documents and thier envelopes will land in their personal Drafts folder rather than the organization’s service account.
 
This is configured per user in Personal Settings → Connections → DocuSign Settings.


Please reach out to support@contractsafe.com if you need further assistance.