My employer recently informed me that it has set up a Docusign account that is linked to my Active Directory (ADFS) account. I would login using the same login credentials as my employer’s active directory (Windows) username and password. My employer’s setup is similar to this Docusign set-up at UC Davis: https://ucdavisit.service-now.com/kb_view.do?sys_kb_id=ef73fadc4f553e0006a6650f0310c720 I would login at https://www.docusign.net/member/MemberLogin.aspx and enter my work email address. It would then take me to the ADFS login page that my employer has set-up.
Using the UC-Davis example, if someone worked at UC Davis, they would go to https://www.docusign.net/member/MemberLogin.aspx, enter their UC Davis work email address, and it would take them to the UC Davis ADFS login page https://adfs.ucdavis.edu/adfs/ls/ , then login in order to access the UC Davis Docusign services.
My question is could this new Docusign ADFS login page be a potential attack vector? Could an attacker try to use brute force login attempts at my employer’s new Docusign ADFS login webpage in order to obtain my Active directory login credentials? I am not familiar with ADFS so I don’t know how secure it is against attacks.
Thanks for any info.