Using PingOne for SSO with Showpad

What's in it for you

Showpad offers a SAML-based Single Sign-On (SSO) service that allows users to use their organization’s credentials to access Showpad. It eases your users' lives with fewer usernames and passwords, as there's only one account to remember.

This article describes how you can set up SSO for Showpad using PingOne as the Identity Provider (IDP). PingOne users are mapped to Showpad users by email address.

Key features

• Users can access Showpad with their PingOne account
• Auto-provision & assign users to the right groups in Showpad
• Reduce security threats to sensitive data loss
• Centralized user, password and authorization management

You need this to succeed

• Platform Enterprise on Showpad
• Available as an add-on on Showpad Plus pricing plan
• Administrator access on both Showpad's Online Platform and PingOne
• Some PingOne knowledge can be useful
• Add some unique users on PingOne

The quick way to awesomeness

1. Create a new SAML 2.0 app in PingOne
2. Download the PingOne SAML metadata
3. Enable SSO on Showpad's Online Platform
4. Paste the XML metadata from PingOne in the Showpad SSO configuration
5. Download the Showpad XML Metadata
6. Import the XML Metadata in PingOne
7. Log in with your PingOne account

Do this step by step

1. Begin by adding a new SAML application in PingOne. As an administrator, you may see a shortcut to add a new SAML application when you first log in. You can also access this screen by choosing the Connections icon on the left-side menu and clicking the plus sign beside Applications.
   
2. Provide a name, a description, and an optional icon for your application.
   
3. Under Choose Application Type, select SAML Application, and then click Configure.
   
4. On the lefthand column, under Identity Providers, select External IDPs. Choose Add Provider. 
   
5. Choose SAML from the menu of applications. 
   
6. Enter a name for your SAML application. This name will be on the login button for your application.  
   
   
   SAVE IF NEEDED:Enter a name (e.g. PingOne) and select XML as your metadata source. Paste the XML metadata from the file you downloaded from the PingOne console.
   
   If you have an online location for this metadata, you can provide the URL to the XML file. This allows you to update your settings online, instead of uploading updated XML metadata when the configuration changes.
   

   In the User Identity section, make sure the "Identity resides in the NameID element of the subject" checkbox is checked. The NameID from PingOne is usually the email address, which meets Showpad's requirement that an identity should be mapped to a Showpad email address.
   
   As a Hash algorithm, the default will be SHA-256, but Showpad does support the older SHA-1 as well.

   
7. Once configured, download the Showpad XML Metadata to use it in the next step.
   
8. Go back to the PingOne Application Configuration page and upload the Showpad XML Metadata you downloaded in the previous step. After uploading the Showpad XML metadata, most of the fields will be filled out. You can copy the URL from "Single Logout Endpoint" to "Single Logout Response Endpoint."
   Change the signing algorithm to SHA-256.
   
9. Click Continue. If you configured PingOne so that the NameID matches the email address, you can skip the Attribute Mapping step and Finish the setup.
   
10. When visiting the Showpad login page, you'll notice an additional log in method, allowing you to log in with your PingOne account. If you get an "Invalid Credentials" error, this means that Showpad couldn't find a user with an email address that matches the user trying to log in.