What's in it for you
Showpad offers a SAML-based Single Sign-On (SSO) service that allows users to use their organization’s credentials to access Showpad. It eases your users' lives with fewer usernames and passwords, as there's only one account to remember.
This article describes how you can set up SSO for Showpad using PingOne as the Identity Provider (IDP). PingOne users are mapped to Showpad users by email address.
- Users can access Showpad with their PingOne account
- Auto-provision & assign users to the right groups in Showpad
- Reduce security threats to sensitive data loss
- Centralized user, password and authorization management
You need this to succeed
- Platform Enterprise on Showpad
- Available as an add-on on Showpad Plus pricing plan
- Administrator access on both Showpad's Online Platform and PingOne
- Some PingOne knowledge can be useful
- Add some unique users on PingOne
The quick way to awesomeness
- Create a new SAML 2.0 app in PingOne
- Download the PingOne SAML metadata
- Enable SSO on Showpad's Online Platform
- Paste the XML metadata from PingOne in the Showpad SSO configuration
- Download the Showpad XML Metadata
- Import the XML Metadata in PingOne
- Log in with your PingOne account
Do this step by step
- Add a new SAML application in PingOne. As an administrator, go to the My Applications page of your PingOne account where you will find all your SSO applications. Click on Add Application and select New SAML Application.
- Provide a name, a description, and an optional icon for your application.
- Once all basic application details have been confirmed, you will need to download the PingOne SAML metadata to configure SSO on Showpad. Use the download link on the Application Configuration page.
Leave this window open while you continue to the next step.
- As an Administrator, go to Admin Settings, open the Sign-On tab and Add Configuration. Select SAML 2.0.
- Enter a name (e.g. PingOne) and select XML as your metadata source. Paste the XML metadata from the file you downloaded from the PingOne console.
If you have an online location for this metadata, you can provide the URL to the XML file. This allows you to update your settings online, instead of uploading updated XML metadata when the configuration changes.
In the User Identity section, make sure the "Identity resides in the NameID element of the subject" checkbox is checked. The NameID from PingOne is usually the email address, which meets Showpad's requirement that an identity should be mapped to a Showpad email address.
As a Hash algorithm, the default will be SHA-256, but Showpad does support the older SHA-1 as well.
- Once configured, download the Showpad XML Metadata to use it in the next step.
- Go back to the PingOne Application Configuration page and upload the Showpad XML Metadata you downloaded in the previous step. After uploading the Showpad XML metadata, most of the fields will be filled out. You can copy the URL from "Single Logout Endpoint" to "Single Logout Response Endpoint."
Change the signing algorithm to SHA-256.
- Click Continue. If you configured PingOne so that the NameID matches the email address, you can skip the Attribute Mapping step and Finish the setup.
- When visiting the Showpad login page, you'll notice an additional log in method, allowing you to log in with your PingOne account. If you get an "Invalid Credentials" error, this means that Showpad couldn't find a user with an email address that matches the user trying to log in.