- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
5 hours ago
Overview
Configuring Docusign in Contract Management Pro (CM Pro) requires setup across four areas: your Docusign account, the ServiceNow Docusign eSignature Spoke, CM Pro records, and your contract templates. All four need to be correct for signatures to work end-to-end.
This guide walks through each phase in order, with callouts at the steps most commonly missed or misconfigured.
Prerequisite: The Docusign eSignature Spoke must be installed in your ServiceNow instance via the ServiceNow Store before beginning.
Phase 1: Docusign Account Setup
Docusign account setup has two distinct parts: configuring your App (which provides the OAuth credentials ServiceNow uses to authenticate) and configuring Connect (the webhook that sends signature status updates back to ServiceNow). Both are required. For general Docusign developer documentation, refer to the Docusign developer platform guide.
Step 1.1: Create a Docusign App and Generate Credentials
Open the instructions to set up the Docusign eSignature spoke using either authorization code grant or JWT grant and complete the section Configure Docusign account.
⚠️ Watch out: The Redirect URI added to your app must exactly match:
https://<instance-name>.service-now.com/oauth_redirect.do. Even a trailing slash or capitalization difference will cause OAuth to fail.
Note on using JWT Grant
If you are setting up Docusign in a sandbox/demo environment first and then promoting to production, you must generate a new RSA key pair in the production Docusign account. The demo account's RSA key pair does not work with the production account.
In your Production Docusign account, navigate to Admin > Apps and Keys > Actions > Edit > Add RSA Keypair and generate a new pair. Update the corresponding credentials in ServiceNow before going live.
⚠️ Watch out: Using the wrong private key to sign the assertion is a common cause of authentication failures after promoting to production. If you see key-related errors after go-live, this is the first thing to check.
Step 1.2: Configure the Docusign Connect Webhook
The Connect webhook tells Docusign where to send status updates (signed, declined, completed) as signers act on envelopes. Without it, CM Pro will never learn that a contract has been signed and the request state will never update. For detailed webhook configuration steps, refer to the Docusign webhook setup documentation and the Docusign eSignature spoke documentation.
- In your DocuSign account, navigate to Admin > Integrations > Connect.
- On the Configurations tab, click Add Account Configuration > Custom.
- Under Listener Settings, configure the following:
- Status: Active
- Name: A descriptive name (e.g.,
YourInstance_connector) - URL to Publish:
https://<instance-name>.service-now.com/api/sn_docusign_spoke/docusign_webhook
⚠️ Watch out: The URL to Publish must use your exact ServiceNow instance hostname. A wrong URL means Docusign's webhook calls will fail silently — signatures will complete in Docusign but CM Pro will never receive the update.
- Under Event Settings, change Data Format to Legacy.
⚠️ Watch out: The default data format is not Legacy. Using a non-legacy format causes the webhook payload to be unreadable by the ServiceNow Docusign spoke. This is a commonly missed step.
- Scroll down to Trigger Events > Envelope and Recipients. Enable every checkbox under both Envelope Events and Recipient Events.
⚠️ Watch out: If only some events are checked, CM Pro will miss certain status transitions. For example, if "Completed" is not checked, the contract will never move to "Contract Signed" even after all parties sign.
- Scroll down to Include Data and check Document PDFs.
⚠️ Watch out: Without this, the signed PDF is never sent back to ServiceNow. The contract request may show as signed, but the executed document won't appear in the Contract Repository.
- Check Include Basic Authentication Header and input the ServiceNow username and password.
- Click Add Configuration to save.
Phase 2: ServiceNow Connection for Docusign eSignature Spoke
Go back to the instructions to set up the Docusign eSignature spoke using either authorization code grant or JWT grant.
Step 2.1: Configure the Docusign Connection
- For authorization code grant, open ServiceNow Workflow Studio and follow the instructions in section Configure the connection for Docusign eSignature spoke.
⚠️ Watch out: Double check the Connection URL, Authorization URL, and Token URL. When promoting from a dev or UAT instance to production, re-verify these URLs. They are not automatically updated during instance cloning and the wrong environment URLs will cause all signature attempts to fail.
Make sure to click Configure and Get OAuth Token (first time) or Edit and Get OAuth Token (if updating).
⚠️ Watch out: Simply saving the form does not complete the connection. You must click through the OAuth flow. A Docusign authentication pop-up will appear — complete it without closing the window. If the pop-up is blocked by your browser, allow pop-ups for your instance domain and try again. If you close the pop-up before approving access, the token is never issued.
- For JWT grant, follow the remaining instructions to:
- Generate the JKS certificate and attach it to the Docusign eSignature spoke
- Create a JWT signing key and a JWT provider
- Register Docusign as OAuth Provider and obtain consent
- Create Credential records and Connection records
⚠️ Watch out: Double check the Connection URL. When promoting from a dev or UAT instance to production, re-verify this URL. It is not automatically updated during instance cloning and the wrong environment URL will cause all signature attempts to fail.
Step 2.2: Retrieve Your Docusign Account
After completing the spoke connection, you must synchronize ServiceNow with your Docusign account. Refer to the Synchronize Docusign with ServiceNow documentation for full details.
- Navigate to All > Docusign > Accounts.
- Click Get Accounts under Related Links.
- Reload the page and confirm your Docusign account appears in the list. Note the account record — you'll need it in Phase 3.
⚠️ Watch out: If no account is returned after clicking Get Accounts, the connection in Step 2.1 may not have completed successfully. Go back and verify the token was retrieved before retrying.
Phase 3: CM Pro Settings
CM Pro requires its own Contract Integration record that tells it which provider to use, for which request table, and under what conditions. This step is commonly missed. If this record doesn't exist, the "Send for Signature" action will appear to do nothing.
Step 3.1: Create the Contract Integration Record
Follow the CM Pro e-signature integration documentation to create the Contract Integration record.
⚠️ Watch out: In the Attributes section, make sure there is an attribute for Host URL. It's used to open the Docusign console when clicking "Prepare for Signature." If it's wrong or missing, the console won't open. Remember to update this value when moving between sandbox and production environments — the URLs are different.
| Name | Value |
|---|---|
Host Url |
https://apps-d.docusign.com/send (sandbox) or https://app.docusign.com/send (production) |
Step 3.2: Choose Your Table and Be Consistent
The Table field on the Contract Integration record is also used on several other CM Pro configuration records. For a single use case, you must use the same table consistently across the Contract Template, Contract Template Rule, Contract Configuration, Internal Signatory Rule, and Contract Integration records.
CM Pro configuration supports using the Contract Request table[sn_cm_core_contract_request], a parent Business Unit table, or a table specific to your workspace. The correct BU table depends on your use case:
| Product | Parent BU Table |
|---|---|
| LSD | sn_lg_ops_contract_request |
| SPO | sn_shop_purchase_requisition, sn_shop_negotiation, sn_shop_purchase_line, or sn_shop_negotiation |
| SOM | sn_quote_mgmt_core_quote |
⚠️ Watch out: The Contract Request table (CMR) is the default in some areas of the UI, making it easy to end up with a mix. A mismatch — where some records use the BU table and others use the CMR table — will cause unpredictable signature failures that are difficult to diagnose. Decide which table you'll use before configuring and verify it on every record in the list above. Recheck any time you copy an out-of-box record as a starting point.
Step 3.3: Configure the Internal Signatory Rule
An Internal Signatory Rule tells CM Pro which internal user to assign as a signer for a given template. Without it, internal signers won't be automatically populated when a contract is sent for signature. This is not applicable for Third Party Paper use cases.
- Navigate to All > Contracts Core > Contract Administration > Internal Signatory Rules.
- Click New and fill in the fields, including the Template and Applies to condition if applicable.
- Right-click the header and click Save (do not click Submit yet).
- In the Signer Mapping related list, click New and select the internal signer.
- Click Submit, then Update.
Step 3.4: Enable the Audit Certificate (Optional)
If you require a certificate of completion from Docusign, enable it via system property:
sn_cm_core.enable_executed_contract_audit_certificate
Phase 4: Word Template — Signature Tags
Use the ServiceNow Contracts Word Add-in to insert internal and external signature blocks into your contract template. The Add-in creates content controls in the document that Docusign will recognize as signature placement points. Refer to the documentation on adding signature blocks to templates for full steps.
After inserting each signature or date tag:
- Select the content control in Word.
- Highlight the placeholder text inside the control.
- Set the font color to white (
#FFFFFF).
⚠️ Watch out: If the font color is not set to white, the tag placeholder text will appear as visible black text in the final generated contract document. This is one of the most common template issues reported. Don't skip this step — and re-verify it any time you re-upload and re-parse the template.
Pre-Go-Live Checklist
Phase 1: Docusign Account
- App created; Integration Key and Secret Key saved securely
- Redirect URI added and matches exactly:
https://<instance>.service-now.com/oauth_redirect.do - If using JWT Grant: new RSA key pair generated in production Docusign account and updated in ServiceNow
- Connect webhook URL set to:
https://<instance>.service-now.com/api/sn_docusign_spoke/docusign_webhook - Connect data format set to Legacy
- All Envelope Events and Recipient Events enabled
- Document PDFs included under Include Data
Phase 2: ServiceNow Settings
- Docusign connection configured
- Correct environment URLs used (demo vs. production)
- OAuth Token generated
- Docusign account retrieved via "Get Accounts"
Phase 3: CM Pro Settings
- Contract Integration record created with type: Electronic Signature
-
Host Urlattribute populated with correct value for your environment - All CM Pro configuration records use the same Table value:
- Contract Template
- Contract Template Rule
- Contract Configuration
- Internal Signatory Rule
- Contract Integration record
- Internal Signatory Rule created with correct template and signer mapped
-
sn_cm_core.enable_executed_contract_audit_certificateset totrueif required
Phase 4: Word Template
- Signature and date tags inserted using the ServiceNow Contracts Word Add-in
- Font color on all tag placeholder text set to white
- Template re-uploaded, parsed, and in Published state
Phase 5: End-to-End Test
- Contract request submitted
- Template
- Correct template auto-selected based on Template Rule
- Contract document generated
- "Send for Signature" triggers successfully
- Third Party Paper
- Document uploads
- "Prepare for Signature" triggers successfully
- Internal signer receives Docusign email
- External signer receives email after internal signer completes
- Signed PDF returned to ServiceNow and visible in the Contract Repository tab
- Contract request state updates to "Contract Signed"
Related Resources
- CM Pro Product Documentation
- Docusign eSignature Spoke Documentation
- Set Up Docusign eSignature Spoke Using Authorization Code Grant
- Set Up Docusign eSignature Spoke Using JWT grant
- Set Up a Bi-Directional Webhook for the Docusign eSignature Spoke
- CM Pro e-Signature Integration Documentation
- Adding Signature Blocks to Contract Templates
- Understanding and Customizing the "Send for Signature" Action in Contract Management Pro
- CM Pro Community Articles
Have questions or run into something not covered here? Drop it in the comments — we'll keep this article updated.
