Using PingOne for SSO with Showpad Updated January 09, 2025 09:49 What's in it for you Showpad offers a SAML-based Single Sign-On (SSO) service that allows users to use their organization’s credentials to access Showpad. It eases your users' lives with fewer usernames and passwords, as there's only one account to remember. This article describes how you can set up SSO for Showpad using PingOne as the Identity Provider (IDP). PingOne users are mapped to Showpad users by email address. Key features Users can access Showpad with their PingOne account Auto-provision & assign users to the right groups in Showpad Reduce security threats to sensitive data loss Centralized user, password, and authorization management You need this to succeed Platform Enterprise on Showpad Available as an add-on on the Showpad Plus pricing plan Administrator access on both Showpad's Online Platform and PingOne Some PingOne knowledge can be useful Add some unique users on PingOne The quick way to awesomeness Create a new SAML 2.0 app in PingOne Copy the PingOne IDP Metadata URL Map PingOne and Showpad attributes Add SSO Configuration in Showpad Add PingOne Metadata Verify attribute mappings Do this step by step PingOne Begin by adding a new SAML application in PingOne. As an administrator, you may see a shortcut to add a new SAML application when you first log in. You can also access this screen by choosing the Connections icon on the left-side menu and clicking the plus sign beside Applications. Provide a name, a description, and an optional icon for your application. Under Application Type, select SAML Application, and then click Configure. On the SAML Configuration page, select Manually Enter and add the following information: ACS URL - This is the URL of your Showpad domain with "/sso/acs" added to the end. This is a temporary placeholder that will be replaced with Showpad's dynamically generated URL once the configuration is created on the Showpad side. Entity ID- This is the URL of your Showpad domain. Click Save. This opens the application's details on the Overview tab. Select the Configuration tab and copy the IDP Metadata URL. Note: Alternatively, you can download the metadata in an XML file by clicking the Download Metadata button. Next, you'll define which PingOne attributes correspond to Showpad attributes. Select the Attribute Mappings tab and click the pencil icon. Define the PingOne attributes that correspond to Showpad. In addition to the saml_subject attribute, the email, firstname, and lastname Showpad attributes are mandatory. Click the +Add button to add additional attributes. In Showpad, users are identified by their username, which is always an email address. If this is not the case for your setup, be sure to select a different attribute (like Email Address) that is formatted as an email but still uniquely identifies the user to use for the saml_subject attribute.You can create new PingOne attributes and then build an Advanced Expression for the following Showpad attributes: Showpad Attribute Available Values Description Role Field tablet or admin If an unrecognized value is presented to Showpad, the default value of tablet will be used. This constitutes a normal user. Group Assignment Field Showpad expects the value of this attribute to be a comma-separated list of group names. This is used to automatically provision users into Showpad groups. During sign-on, Showpad will assign the user to the given list of groups. If the group does not exist, Showpad will create it. Note that the name of the attribute will be specific to your setup. Click the Save button. Showpad Open Admin Settings, select Sign-On, and click Add Configuration. Add a new SAML 2.0 configuration, name it, and click Next. Define the following settings for your configuration. Identity Provider - This information allows Showpad to identify PingOne: Metadata Source - Select URL. If you downloaded the XML file from PingOne, select XML for the Metadata Source and paste the file's contents in the Metadata XML box. Metadata URL - Enter the URL copied from PingOne Hash algorithm - Select SHA-256 Auto-Provisioning - Select this if you want to enable auto-provisioning. Verify the mappings performed in Step 8 of the previous PingOne section. Click Save. Finally, click on the information icon for the PingOne SAML connection and copy the Assertion Consumer Service Endpoint. In the next step, you'll use this to replace the placeholder ASC in PingOne. PingOne Open your Showpad application, click on the pencil icon, and paste the Assertion Consumer Service Endpoint from Showpad into ACS URLS: Click Save. Don't forget to enable the application. Related articles Guide to connecting Salesforce and Showpad instances General approach for SSO and Showpad Using OneLogin for SSO with Showpad Configure Coach reporting in Salesforce Using Entra ID for SSO with Showpad