General approach for SSO and Showpad

You can activate Single Sign-On (SSO) in Showpad and delegate authentication to an external Identity Provider (IdP). If you can't find your Identity Provider in our guide, use this article to see a general approach to how SSO works with Showpad. 

Note: The SHA-256 Hash Algorithm is the recommended setting for all SSO integrations.

Key features

• Use your company’s identity provider to authenticate users in Showpad
• Seamlessly integrate Showpad into your enterprise security policies
• Auto-provision & assign users to the right groups in Showpad
• Reduce password-related support requests
• Reduce security threats to sensitive data loss by severing access
• Centralized user, password, and authorization management

You need this to succeed

• Platform Enterprise on Showpad
• Available as an addon on Showpad Plus pricing plan
• Administrator access on both Showpad's Online Platform and the Identity Provider
• An Identity Provider (IdP) service
• Some SAML and HTTP-REDIRECT binding knowledge can be useful
• We highly recommend using HTTPS in all communication
• Users on the iOS platform will need iOS version 10.1 or higher if you still use HTTP communication
• SAML metadata in the Showpad configuration has to include the HTTP-REDIRECT binding

The quick way to awesomeness

• Sign up for an Identity Provider (IdP) and obtain its metadata
• Create your users and groups on the IdP
• Enable SSO in Showpad
• Set up your SAML-based relation between the IdP service and Showpad
• Define the mapping between the IdP users and the Showpad users
• Set up auto-provisioning

Do this step by step

1. Sign up for an Identity Provider.
2. Create your users and groups on the IdP.
3. To link your Single Sign-On (SSO) Identity Provider to Showpad, you will need your Identity Provider's metadata in the standard XML format. This XML file will be different for each IdP as each has its entityID, public key, and Assertion Consumer Service (ASC) endpoints.
   Below is an example of a valid XML metadata file.
   
4. Enable SSO on Showpad's Online Platform. Go to Admin Settings, select Sign On, and click Add Configuration. Select SAML 2.0 if that's the service you're using.
5. Enter a name and select XML as your metadata source. Simply copy and paste the XML metadata from your created file or the information you received from your IdP.
   If you have an online location for this metadata, you can provide the URL to the XML file. This allows you to update your settings online instead of uploading updated XML metadata when the configuration changes.
   It is possible to enable log out from the IdP when logging out of Showpad.
   
6. By default, we will use the recommended SHA-256 hash algorithm, but Showpad supports the older SHA-1 format as well.
   
7. You can also set up auto-provisioning to automatically allow new users to be created when they log in successfully for the first time.
   Map the corresponding fields for your users, available in your IdP. For example, the Email Field in Showpad will be mapped to the field email of the IdP.
   There are two types of roles you can enter in the Role Field: 
   - Admin will give administrator rights after the first login.
   - Standard will create a regular user in Showpad.
   The Group Assignment Field will automatically add the user to selected groups. You can separate the groups with commas.
   Content license type and Coach license type will be available fields when Partner licenses are enabled for the corresponding offering. If this field is left blank, the user will not get a license.
   
8. You can click the information icon once the connection is configured to get your Showpad entity ID, ACS endpoint, and logout URL.