How to properly use activateMembership to fully reactivate a closed user's membership?

Question

How do we reactivate a closed user's membership through Admin API to make them fully active without triggering any emails from DocuSign?

The longer story.

I have been successfully using DocuSign API to create users with memberships, add their permission profiles and close their memberships. Our domain setup is configured for mandatory SSO and we are creating users with autoactivate flag set. Everything works fine so far, users are immediately active.

But the problems start when we want to anonymize the data of a user that has been closed for some time (for example, for GDPR reasons). It is impossible to fully update the user's data for closed membership because we get a partial update and a warning from DocuSign API: username_language_changes_ignored_warning, and indeed user's full name does not get changed.

So I thought of a workaround. I temporarily reactivate the membership of the closed user, then do the anonymization, and then close the membership again. But reactivation does not work.

I'm sending the following command to DocuSign Admin API:

var resp = await usersApi.ActivateMembershipAsync(options.OrganizationId, user.Id, membership.AccountId, new ForceActivateMembershipRequest
{
    SiteId = user.SiteId
});

but DocuSign replies with

"error":"unauthorized","error_description":"Not Authorized"

It does not make much sense because we have user_write permission (otherwise we couldn't have created and closed the user in the first place). Actually, DocuSign API seems to often return unauthorized for cases when the actual problem is not authorization, which makes things confusing. Only when calling batch APIs, DocuSign usually returns more meaningful information.

One thing that I'm not sure of is membership.AccountId. We are using it as membershipId parameter because I could not find any other membershipId. Membership object from GetUserProfiles does not have any other id except AccountId, and GetUsers returns MembershipId=null. So it seemed reasonable to assume that membership id is the same as account id for that membership, especially since I have been successfully using account id also for CloseMemberships API request.

Another thing I found is that, when we attempt to reactivate the user through DocuSign Admin UI webpage, it asks to assign the permission profile. So, DocuSign seems to remove the permission profile we have set when creating the person and there is no way to assign the permission profile through ActivateMembership API. That might be the reason for "error":"unauthorized" - DocuSign does not know what permissions to restore for the reactivated user and so it throws the meaningless authorization error.

And one more thing - when reactivating the user manually through DocuSign Admin UI webpage, it suddenly has status Pending, although we have auto-activation for the domain set up and working when we create new users. This is a huge roadblock to the idea for the "reactivate - anonymize - close" workaround. We don't want users to receive any pending DocuSign activation emails when we have reactivated them for a second to be able to anonymize data and then close them again.

What is the solution to this? How do we reactivate users? Or how do we completely anonymize closed users without reactivation?

Answer 1

We appreciate your post, we'll address the different parts.

You should be able to update a user's details regardless of their status. If you are getting a language error, make sure you input a valid language code, you can find the list here: https://developers.docusign.com/docs/admin-api/reference/usermanagement/esignusermanagement/updateuser/

To update a user's email you have to use "updateemailaddress" and it has to be an email with a claimed domain in DocuSign, to anonymize set it to anonym@yourcompany.com. https://developers.docusign.com/docs/admin-api/reference/usermanagement/users/updateemailaddress/

To reactivate a user using the DocuSign Admin API you have to take two steps, Here is the process:

How to reactivate a user in the Admin API

0. Generate an auth token with user_write and user_read permissions

1. Find the user/membership in question. In order to do so, you must make the GetUsers call with the account_id parameter and page through to find the user in question and capture the membership ID https://developers.docusign.com/docs/admin-api/reference/users/users/getusers/

   Example Call: GET /organizations/[[Org_Id]]/users?account_id=[[AccountId]]&take=20&start=0

Response includes:

`{
            "id": "9672a992-xxxx-xxxx-xxxx-8fb5c4b6d325",
            "user_name": "Example User"
            "first_name": "Example",
            "last_name": "User",
            "membership_status": "closed",
            "email": "user@example.com",
            "membership_created_on": "2021-01-1T10:10:10.10",
            "membership_id": "b5283dfb-xxxx-xxxx-xxxx-eb0aeac16b8c"
        }`

,

• to page, look at the "paging" : { "next" } parameter to see the start / take values to use for the repeat call
• At time of writing, getUsers with the Email Address parameter does NOT return the membership ID for the user's memberships
• Furthermore, getUsers by email does not list closed memberships

2. use UpdateUser call to set user to Pending Documentation: https://developers.docusign.com/docs/admin-api/reference/users/users/updateuser/

Example Call: POST /organizations/[[Org_Id]]/users/profiles

{
    "users": [
        {
            "id": "9672a992-xxxx-xxxx-xxxx-8fb5c4b6d325",
            "site_id": 1,
            "memberships": [
                {
                    "account_id": "182e8dd4-xxxx-xxxx-xxxx-594834882eab",
                    "send_activation": true
                }
            ]
        }
    ]
}

3. Active user's membership using the membership ID Documentation: https://developers.docusign.com/docs/admin-api/reference/users/users/activatemembership/ POST /organizations/[[org_id]]/users/[[user_id]]/memberships/[[membership_id]] { "site_id":"1" }

We hope this helps.

Adrian DocuSign Developer Support