Skip to main content

Single Sign-on

    Using PingOne for SSO with Showpad

    • Updated

    Note: This article is no longer maintained. For updated information, please refer to the corresponding Admin App article. We recommend updating your links if you’ve linked to this article.

    What's in it for you

    Showpad offers a SAML-based Single Sign-On (SSO) service that allows users to use their organization’s credentials to access Showpad. It eases your users' lives with fewer usernames and passwords, as there's only one account to remember.

    This article describes how you can set up SSO for Showpad using PingOne as the Identity Provider (IDP). PingOne users are mapped to Showpad users by email address.

    Key features

    • Users can access Showpad with their PingOne account
    • Auto-provision & assign users to the right groups in Showpad
    • Reduce security threats to sensitive data loss
    • Centralized user, password, and authorization management

    You need this to succeed

    • Platform Enterprise on Showpad
    • Available as an add-on on the Showpad Plus pricing plan
    • Administrator access on both Showpad's Online Platform and PingOne
    • Some PingOne knowledge can be useful
    • Add some unique users on PingOne

    The quick way to awesomeness

    1. Create a new SAML 2.0 app in PingOne
    2. Copy the PingOne IDP Metadata URL 
    3. Map PingOne and Showpad attributes
    4. Add SSO Configuration in Showpad
    5. Add PingOne Metadata
    6. Verify attribute mappings

    Do this step by step

    PingOne

    1. Begin by adding a new SAML application in PingOne. As an administrator, you may see a shortcut to add a new SAML application when you first log in. You can also access this screen by choosing the Connections icon on the left-side menu and clicking the plus sign beside Applications.
      Start_a_New_Application.png
    2. Provide a name, a description, and an optional icon for your application.
      PingOne_Profile_Start.png
    3. Under Application Type, select SAML Application, and then click Configure.
      ping_appType.png
    4. On the SAML Configuration page, select Manually Enter and add the following information: ping_saml.png
      • ACS URL - This is the URL of your Showpad domain with "/sso/acs" added to the end. This is a temporary placeholder that will be replaced with Showpad's dynamically generated URL once the configuration is created on the Showpad side.
      • Entity ID- This is the URL of your Showpad domain.
    5. Click Save. This opens the application's details on the Overview tab.
    6. Select the Configuration tab and copy the IDP Metadata URL.ping_metadataURL.png

      Note: Alternatively, you can download the metadata in an XML file by clicking the Download Metadata button.

    7. Next, you'll define which PingOne attributes correspond to Showpad attributes. Select the Attribute Mappings tab and click the pencil icon.ping_mappings.png
    8. Define the PingOne attributes that correspond to Showpad. In addition to the saml_subject attribute, the email, firstname, and lastname Showpad attributes are mandatory. Click the +Add button to add additional attributes.ping_mappings.png In Showpad, users are identified by their username, which is always an email address. If this is not the case for your setup, be sure to select a different attribute (like Email Address) that is formatted as an email but still uniquely identifies the user to use for the saml_subject attribute.

      You can create new PingOne attributes and then build an Advanced Expression for the following Showpad attributes:
      Showpad Attribute Available Values Description
      Role Field tablet or admin If an unrecognized value is presented to Showpad, the default value of tablet will be used. This constitutes a normal user.
      Group Assignment Field Showpad expects the value of this attribute to be a comma-separated list of group names.

      This is used to automatically provision users into Showpad groups.

      During sign-on, Showpad will assign the user to the given list of groups. If the group does not exist, Showpad will create it.

      Note that the name of the attribute will be specific to your setup.
    9. Click the Save button.

    Showpad

    1. Open Admin Settings, select Sign-On, and click Add Configuration.OP-Add_Config.png
    2. Add a new SAML 2.0 configuration, name it, and click Next.ping_OPsso.png
    3. Define the following settings for your configuration.PingOne_SAML_OPconfig.png
      • Identity Provider - This information allows Showpad to identify PingOne:
          • Metadata Source - Select URL. If you downloaded the XML file from PingOne, select XML for the Metadata Source and paste the file's contents in the Metadata XML box.
          • Metadata URL - Enter the URL copied from PingOne
          • Hash algorithm - Select SHA-256
      • Auto-Provisioning - Select this if you want to enable auto-provisioning. Verify the mappings performed in Step 8 of the previous PingOne section.
    4. Click Save.
    5. Finally, click on the information icon for the PingOne SAML connection and copy the Assertion Consumer Service Endpoint. In the next step, you'll use this to replace the placeholder ASC in PingOne. OP-PingOne-Info.png

    PingOne

    1. Open your Showpad application, click on the pencil icon, and paste the Assertion Consumer Service Endpoint from Showpad into ACS URLS:
      ping_replaceACS.png
    2. Click Save.
    3. Don't forget to enable the application.ping_enable.png

    Related articles

    Get the latest apps and email integrations

    iOS App Store Google Play Store Microsoft Store