General approach for SSO and Showpad Updated November 29, 2024 15:04 Note: This article is about the new beta Admin App, which is still in development. Changes may occur. Please provide feedback directly in the beta app. You can activate Single Sign-On (SSO) in Showpad and delegate authentication to an external Identity Provider (IdP). If you can't find your Identity Provider in our guide, use this article to see a general approach to how SSO works with Showpad. Note: The SHA-256 Hash Algorithm is the recommended setting for all SSO integrations. See how it looks Key features Use your company’s identity provider to authenticate users in Showpad Seamlessly integrate Showpad into your enterprise security policies Auto-provision & assign users to the right groups in Showpad Reduce password-related support requests Reduce security threats to sensitive data loss by severing access Centralized user, password, and authorization management You need this to succeed The beta Admin App enabled Platform Enterprise on Showpad Available as an add-on on Showpad Plus pricing plan Administrator account on both Showpad and the Identity Provider An Identity Provider (IdP) service Some SAML and HTTP-REDIRECT binding knowledge can be useful We highly recommend using HTTPS in all communication Users on the iOS platform will need iOS version 10.1 or higher if you still use HTTP communication SAML metadata in the Showpad configuration has to include the HTTP-REDIRECT binding The quick way Sign up for an Identity Provider (IdP) and obtain its metadata Create your users and groups on the IdP Enable SSO in Showpad Set up your SAML-based relation between the IdP service and Showpad Define the mapping between the IdP users and the Showpad users Set up auto-provisioning Do this step by step Sign up for an Identity Provider. Create your users and groups on the IdP. To link your Single Sign-On (SSO) Identity Provider to Showpad, you will need your Identity Provider's metadata in the standard XML format. This XML file will be different for each IdP as each has its entityID, public key, and Assertion Consumer Service (ASC) endpoints.Below is an example of a valid XML metadata file. To enable SSO on Showpad's Admin App, click the gear icon to open Settings. Select the Sign On tab from the left panel, and click the Add Configuration button. Give it a name, and select SAML 2.0 if that's the service you're using. Click Next. Select XML as your metadata source. Copy and paste the XML metadata from your created file or the information you received from your IdP. If you have an online location for this metadata, select URL and paste the link below. This allows you to update your settings online instead of uploading updated XML metadata when the configuration changes. You can enable logout from the IdP when logging out of Showpad, by checking the relevant box. By default, we will use the recommended SHA-256 hash algorithm, but Showpad supports the older SHA-1 format as well. Select the relevant User Identity: Identity resides in the NameID element of the subject Identity resides in the Attribute element: by selecting this option, you need to enter the Element Name below. You can also set up auto-provisioning to automatically allow new users to be created when they log in successfully for the first time, by checking the relevant box. Map the corresponding fields for your users, available in your IdP. For example, the Email Field in Showpad will be mapped to the field email of the IdP. There are two types of roles you can enter in the Role Field: Admin will give administrator rights after the first login. Standard will create a regular user in Showpad. The Group Assignment Field will automatically add the user to selected groups. Separate the groups with commas. Content License Type Field and Coach License Type Field will be available when Partner licenses are enabled for the corresponding offering. If this field is left blank, the user will not get a license. Click Save when ready. Once the connection is configured, click the information icon to get your Showpad entity ID, ACS endpoint, and logout URL. Learn how this feature works on the current Online Platform. Related articles General approach for SSO and Showpad Using OneLogin for SSO with Showpad Create a Selector Experience to customize presentations in real time Using ADFS for SSO with Showpad