What's in it for you
Showpad offers a SAML-basedSingle Sign-On (SSO) service that allows users to use their organization’s credentials to access Showpad. It eases your users' lives with fewer usernames and passwords, as there's only one account to remember.
This article describes how you can set up SSO for Showpad using Azure AD as the Identity Provider (IDP).
- Use your company’s Azure AD to authenticate users in Showpad
- Seamlessly integrate Showpad into your enterprise security policies
- Auto-provision & assign users to the right groups in Showpad
- Reduce password-related support requests
- Reduce security threats to sensitive data loss by severing access
- Centralized user, password and authorization management
You need this to succeed
- Ultimate pricing plan on Showpad
- Available as an add-on on Showpad Plus pricing plan
- Administrator access on both Showpad's Online Platform and Azure AD
- Some SAML and HTTP-REDIRECT binding knowledge can be useful
- We highly recommend using HTTPS in all communication
- Users on the iOS platform will need iOS version 10.1 or higher if you still use HTTP communication
- SAML metadata in the Showpad configuration has to include the HTTP-REDIRECT binding
Do this step by step
Note: You can switch to the old experience in Azure AD to complete the following steps.
Installing Showpad in Azure Portal
- With an Admin Account, go to your Azure Portal.
- Go to the Azure Active Directories menu.
- Click Enterprise Applications and click New Application. Search for Showpad.
- Next, add the application to your Azure AD by clicking Add.
Configure the Showpad AD app in your Azure Portal
- Click Configure Single Sign-on.
- Select SAML Based Sign-on.
- New fields will show up, where you can fill in the values. Go to the second pane and fill out the Sign on URL and the Identifier.
Extract the XML file from Azure
- Go to the 4th pane and click Create new certificate. This is not necessary if you already have an active one.
- Click Save to receive your new certificate. Add a notification e-mail address as this is required.
- Click Metadata XML to download it.
- Open the file in a text editor and copy the content of the file.
Push the Azure Configurations into Showpad
- Sign in to Showpad's Online Platform.
- Go to the Admin section, click Sign-On, Add Configuration. Select SAML 2.0.
- Fill out a name for your Identity Provider and make sure XML has been selected as Metadata Source.
- Paste the XML data you copied from the file in the text editor into the Metadata XML field.
- Select Identity resides in the NameID element of the subject under the User Identity pane.
- Select the checkbox Auto-Provision Accounts for new users when they log in. Using auto-provisioning, all AD users will have a new Showpad user created in the system.
- You can retrieve these values in your Azure configuration, the first three are mandatory. You can find them when you click the checkbox View and edit all other user attributes.
Note: If you are mapping an attribute element as the identity instead of using the subject NameID, you may need to fill out the full name space along with the element name in Showpad. For example, instead of "emailAddress" as the named element, you may need to use something like "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" instead.
- By default, we will use the recommended SHA-256 hash algorithm, but Showpad supports the older SHA-1 format as well.
- Copy the full namespace. Click on it and a new form opens where you can change certain values.
- Go back to Showpad and Save your changes. The Azure AD connection should now be enabled.
- Log out of the application and return to the login page. You should now be able to log in to Showpad using Azure AD credentials.