Skip to main content

NDAs - Ironclad

An overview of the Ironclad NDA Integration

Written by Matt Szczurek

Overview

This integration helps SafeBase customers who want to leverage Ironclad for the NDA signing process configure their Ironclad workflow to be compatible with the SafeBase Ironclad integration.

The Ironclad integration is available for customers on the Advanced or Enterprise plans.

Note: Currently, SafeBase only supports connecting to Ironclad's North America (NA) region. If your Ironclad account is hosted in their EU region (you will see eu1 at the beginning of the URL when logged into Ironclad), you will not be able to integrate with SafeBase.

Ironclad Workflow Requirements

Before setting up the integration, take note of the following requirements:

  • Customers must have the API add-on package enabled in Ironclad. This integration will not work if that package is not enabled.

    To check, navigate to Ironclad and view the Company Settings page.
    Verify there is an item called “API”.

    If the API option is not found, then the Ironclad license must be upgraded to use this integration.

  • Our Ironclad integration supports many variations of Ironclad workflows.
    However, there are Ironclad workflow requirements that must be met to ensure that the integration will work.

    • The workflow must be an Internal Workflow

      • i.e. launched by an organization user from within Ironclad

    • Cannot be a Public Workflow

      • i.e. able to be launched from a public URL

    • The Launch Form, under the "Create" step, must contain the following three required fields:

      • Counterparty Name

      • Counterparty Signer Email

      • Counterparty Signer Name

    • The Launch Form cannot have any other required fields.

    • If there is other information that needs to collect from the counterparty, use an Additional Form to collect it.

    • The Trust Center organization user configuring the integration must be the owner for the Ironclad workflow that is used for the integration.

Recommended Ironclad Workflow Configuration

The Trust Center Ironclad integration is built to work with the vast majority of Ironclad workflow configurations, provided they meet the requirements for Ironclad workflows listed above.

Follow the below instructions to configure the recommended Ironclad workflow.

This workflow will:

  • Automatically send an NDA to the counterparty

  • Collect their signature

  • Archive the contract in Ironclad

  • Provide the counterparty with post-NDA access to the Trust Center.

Note: If a new workflow is needed, or to use an existing workflow with different settings, please reach out to our Support team to help ensure it is appropriately configured and test it before going live.

Configure Ironclad Workflow

  • In Ironclad, navigate to Workflow Designer > Create new or Edit existing workflow

Ensure required fields are set

  • The following fields are required to be present in the workflow. Drag these tags into the document itself to prepopulate their values. SafeBase will collect these values on the Access Request form.

    • Counterparty Name

    • Counterparty Signer Email

    • Counterparty Signer Name

  • Ensure only one paper source is chosen (from the three dot icon at the far upper right -> Manage paper source)

  • Choosing both paper sources will force paper source as a required field, and it cannot be made optional. This will prevent the Trust Center from triggering the workflow.

Note: There can be additional fields in the launch form but they cannot be required.

Configure Launch Form

  • Ensure that the three required fields are listed on the launch form.

  • The field (display) names must match the tag names exactly.

  • Additional fields can be included, but they cannot be required for launching the workflow. If more required fields are needed, use the "Additional Forms" option in the "Create" step.

Configure Approval steps

  • Adding an approver will require manual approval before the NDA document is sent to the recipient.

    • If the NDA needs to be sent automatically when someone requests access to the Trust Center, this step will need to be removed.

Configure Signature Steps

  • To enable automatic sending of the NDA, navigate to:

    • Sign > Settings > eSignature > More Settings > eSignature request trigger

    • Select "Automatically sent after last approval"

    • Optional: To allow the person requesting access to the Trust Center to be able to forward the NDA to another user within their company, toggle the "Allow reassignment" setting on.

Archive Steps

SafeBase requires the workflow to be completed and archived in order to satisfy the NDA requirement and grant access to the account member.

  • In order to auto-archive the contract and trigger the workflow completion step, set "Auto-Archive" to "Always" and remove the "Archiver."

Save and Publish

  • Save the workflow.

  • Ensure all errors are resolved - this most often requires removing fields (tags) that are not being used from the Document and Create steps.

  • There may also be a need to remove tags from the workflow's settings (gear icon to the right of the workflow name).

  • Publish the workflow.

  • The Trust Center integration cannot trigger unpublished workflows.

Connect SafeBase & Ironclad

  • In the Trust Center, navigate to the Settings, Accounts & NDA Tab, NDAs.

  • Find Ironclad and click Connect.

  • Users will be redirected to Ironclad’s authentication page, which will prompt to sign in to connect the Trust Center to Ironclad and select the Ironclad environment.

Note: The person setting up the connection must be the Ironclad Workflow Owner. Add the Trust Center administrator as a workflow owner in Ironclad, or add the Ironclad workflow owner as an admin in the Trust Center.

If the latter is chosen, if needed, suspend Trust Center admin user after the connection has been made.

Configure settings in SafeBase

  • Set the workflow owner's email.

    • This is a user within Ironclad who has permission to launch the given workflow.

    • The email will default to the currently logged-in Trust Center user, but it does not have to be the same email address, per the note above.

    • Ensure this email is the Ironclad workflow owner.

  • Select the workflow using the dropdown.

  • Optionally set the toggle for "Choose workflow per account" if send different workflows to different access requesters is needed.

  • Optionally check the box for "Set this Ironclad as the default NDA."

    • This by adjusted in the default NDA provider Trust Center Settings

  • The Trust Center will check the Ironclad workflow settings to ensure the three required fields are set, and that the display names for those fields match the tag names exactly.

  • An error message will show if one of the required fields is missing or incorrectly named.

  • After the workflow's required fields are adjusted and the workflow is republished, it will check again and the error message will disappear.

Access Request Flow

  • When an access request is submitted to the Trust Center, it can be approved manually or bia automated rules.

  • As part of the manual approval step, users will assign the requester to an existing Account or a new one.

  • When creating the Account, set the NDA provider to Ironclad.

  • When setting up the integration, if the "Choose workflow per account" setting was set to, choose the specific workflow for this Account.

  • Click "Create account & approve request."

  • Users will be returned to the Accounts page.

  • Click into the new Account

  • It will show that the Trust Center has triggered the Ironclad workflow.

  • The status will move from "Creating" to "Launched."

  • If needed, click the "Refresh" button to ensure Trust Center is getting the latest workflow status from Ironclad.

  • Click the "Open Ironclad" button to view the current state of the workflow.

  • The Account Member will receive an email from Ironclad indicating they must sign the NDA.

  • When the Account Member submits their signature, the integration will check that the workflow has been completed and archived.

  • Depending on the Ironclad workflow settings, users may need to complete additional review and/or archiving steps.

  • Once the workflow is archived, the Account status will move to "Complete."

Troubleshooting

If the Trust Center is unable to trigger the workflow, an error message will show, saying, "Something went wrong."

Common causes include, but are not limited to:

  • Additional required fields beyond the three mentioned above are included on the launch form

  • The workflow is unpublished or deleted

  • Other fields or settings are misconfigured

  • The integration user in the Trust Center is not the workflow owner in Ironclad

Inspect and remediate these issues in Ironclad if necessary.
Click the "Try Again" button in SafeBase to retrigger the workflow.

It may be necessary to disconnect the integration in the Trust Center and remove the OAuth app from Ironclad, basically starting over.

This will be indicated is inside the connection's configuration menu.

  • Go to the Ironclad Settings in the Accounts & NDAs tab of the Trust Center settings.

  • Click the gear icon to the right of the Ironclad integration

  • Click Configure Ironclad

  • Observe that "Workflow" is in red font and the message "You do not have any Ironclad workflows available. Please create an NDA workflow in your Ironclad dashboard in order to proceed." shows even though a workflow has been previously specified

Note: Users will be required to choose a different default NDA provider before the Ironclad integration can be disconnected

  • In the same settings section, Click the "Disconnect integration" button.

  • In Ironclad, click your avatar in the upper right corner of any screen, and choose "Manage my account."

  • In the Personal section in the left sidebar, choose "My Integrations."

  • Find the "SafeBase NDA Integration" listing. Click "Remove access." Click "Remove access" again in the modal.

NDA Bypass

For Enterprise customers, it is possible to use Custom Rules to allow the visitor to bypass the NDA requirement that would otherwise be enforced through an Ironclad workflow.

  • These rules can check the status of Ironclad workflows that may or may not have been completed by the email address coming in the access request.

  • These rules can also query Salesforce and check the status of Ironclad objects. Please check out this article on Rules Engine capabilities and reach out to a Drata CSM to learn more.

To set up an NDA bypass rule using the Ironclad integration

  • The workflow template ID(s) (can be one or more) to be checked

  • Which workflow field(s) should be checked to confirm the NDA is signed, from one or more of the following fields:

    • step (string) - Current step in the workflow process (e.g., "review", "complete")

    • status (string) - Current status of the workflow (e.g., "active", "completed")

    • isCancelled (boolean) - Whether the workflow has been cancelled

    • isComplete (boolean) - Whether the workflow has been completed

  • approvals (object) - Approval information

    • state (string) - State of approvals ("not_started", "in_progress", "completed", "not_applicable")

    • url (string) - URL for the approval process

  • signatures (object) - Signature information

    • state (string) - State of signatures ("not_started", "in_progress", "completed", "not_applicable")

Related Articles
Integration - Docusign
NDAs - Clickwrap
NDAs - Signed Outside SafeBase & No NDA Options
Trust Center - NDA Settings and Configuration
Integration - Salesforce (SFDC), Hubspot, and Microsoft Dynamics + Rules Engine Guide
Did this answer your question?