Using Okta for SSO with Showpad Updated June 24, 2024 17:20 Showpad offers a SAML-based Single Sign-On (SSO) service that allows users to use their organization’s credentials to access Showpad. It eases your users' lives with fewer usernames and passwords, as there's only one account to remember. This article describes how you can set up SSO for Showpad using Okta as the Identity Provider (IDP). Okta users are mapped to Showpad users by email address. See how it looks Key features Users can access Showpad with their Okta account Auto-provision & assign users to the right groups in Showpad Reduce security threats to sensitive data loss Centralized user, password, and authorization management You can use a Showpad app for Okta that allows setting up SSO You need this to succeed Platform Enterprise on Showpad Available as an add-on on the Showpad Plus pricing plan Administrator access on both Showpad's Online Platform and Okta Okta knowledge can be useful Users added on Okta The quick way to awesomeness Using the Showpad app in Okta Install the Showpad app in Okta Open the Sign On tab Copy the URL that points to the Identity Provider metadata Open Showpad's Online Platform and add a new Single Sign-on configuration called Okta Select URL as Metadata Source and paste the Identity Provider metadata URL Enable auto-provisioning Copy the Showpad Entity ID and Assertion Consumer Service Endpoint values In Okta, paste them into the Advanced Sign-On Settings of the Showpad app Save and assign Showpad to the list of Okta users Do this step by step Configuring the Showpad app in Okta Search for the Showpad app from the Applications Catalog in Okta and click Add. Optional: Configure how your users will see the Showpad app on your company's login screen or mobile application and click Done. You will see Showpad under your list of applications when it is set up. Visit the Sign On tab. Next to Settings, click Edit. Copy the URL that points to the Identity Provider metadata. We will use this URL later to configure Okta in Showpad's Online Platform. Leave the Sign On window open in Okta and open a new tab in your browser. Go to Showpad's Online Platform and open Admin Settings. Open the Sign-On tab and click Add Configuration. Give your new configuration a name, preferably Okta, and select SAML 2.0 as the protocol. Select URL as Metadata Source and paste the Identity Provider metadata URL in this field. Use SHA-256 as Hash algorithm and select the NameID element as User Identity. Showpad supports the older SHA-1 format as well. You can enable auto-provisioning. This means that when a user signs in to Showpad for the first time using Okta credentials, the user will be automatically created in Showpad. Click Save. Open the information window of your new configuration. Make a copy of the Showpad Entity ID and Assertion Consumer Service Endpoint values, then click Ok. Go back to Okta, and open the Sign On tab of the Showpad app. In the Advanced Sign-On Settings, paste the information you copied from Showpad's Online Platform for the Showpad Entity ID and the Assertion Consumer Service Endpoint. Save the configuration. Assign the Showpad application to your Okta users. Open the Assignments tab, then click Assign. Choose to assign the Showpad app to People or Groups. Users will now be able to sign in using their Okta account. Using Showpad user groups and Okta Okta allows sending usergroups to Showpad based on a filter ("Starts with", "Contains", "Equals" or "Regex".) If we choose a regular expression (regex), we can send all usergroups from Okta for a specific user. We want to ignore the default "Everyone" usergroup from Okta because we would have the following duplicate-sounding usergroups in Showpad after auto-provisioning: "All users", "Everyone".The regex can be something this: ^(?!Everyone$).* to send every usergroup except the default Everyone okta usergroup, or use .* to send every usergroup. Note: While group creation can be done through Okta, if the group doesn't already exist, with experiences assigned to it, the new users won't see any content when they sign in. This means that when a user signs in, with a new user group, that group will not have any experiences associated with it by default. In the Showpad app on Okta, navigate to the Sign On tab and click Edit next to Settings. Toggle open the Attributes section. Add the Attribute Statements.The attribute statements are the data that is sent to Showpad.The attribute name (left) is the name we'll enter in Showpad to map to our data.The attribute values (right) are the values from Okta that we map to these attributes.We fill in the Okta user email address using user.email and map it to the email attribute. Attribute name Attribute value or filter firstname user.firstName lastname user.lastName email user.email role user.role usergroups Regex: ^(?!Everyone$).* Make a new attribute called User role, Variable name: role, with datatype string and required attribute checked. You can fill in the role. Values can be admin/tablet, for example, when you create a new user in Okta. If you want to manage the user role in Okta, you can create a new field in Okta by going to Directory, Profile editor, edit user, Add Attribute. Select that this is an internal app and click Finish. Related articles Using Entra ID for SSO with Showpad Okta user provisioning with SCIM Setting up Sending domains for Showpad Guide to using SSO and Showpad Subscribing to Showpad app updates