Using Azure AD for SSO with Showpad

What's in it for you

Showpad offers a SAML-based single Sign-On (SSO) service that allows users to use their organization’s credentials to access Showpad. It eases your users' lives with fewer usernames and passwords, as there's only one account to remember.
This article describes how you can set up SSO for Showpad using Azure AD as the Identity Provider (IDP).

Key features

• Use your company’s Azure AD to authenticate users in Showpad
• Seamlessly integrate Showpad into your enterprise security policies
• Auto-provision & assign users to the right groups in Showpad
• Reduce password-related support requests
• Reduce security threats to sensitive data loss by severing access
• Centralized user, password and authorization management

You need this to succeed

• Platform Enterprise on Showpad
• Available as an add-on on Showpad Plus pricing plan
• Administrator access on both Showpad's Online Platform and Azure AD
• Some SAML and HTTP-REDIRECT binding knowledge can be useful
• We highly recommend using HTTPS in all communication
• Users on the iOS platform will need iOS version 10.1 or higher if you still use HTTP communication
• SAML metadata in the Showpad configuration has to include the HTTP-REDIRECT binding

Do this step by step

Installing Showpad in Azure Portal

1. With an Admin Account, go to your Azure Portal.
2. Go to the Azure Active Directories menu.
3. Click Enterprise Applications and click New Application. Search for Showpad.
4. Next, add the application to your Azure AD by clicking Add.

Configure the Showpad AD app in your Azure Portal

1. Click Configure Single Sign-on and select SAML Based Sign-on.
2. New fields will show up, where you can fill in the values and download the XML needed for configuration in Showpad.
3. First, fill in the basic SAML Configuration with your organization's details. You will be asked to test the configuration, but we need to set up the connection in Showpad first.
4. Download the XML file.
5. Open the file in a text editor and copy the content of the file.

Push the Azure Configurations into Showpad

1. Sign in to Showpad's Online Platform.
2. Go to the Admin section, click Sign-On, Add Configuration. Select SAML 2.0.
3. Fill out a name for your Identity Provider and make sure XML has been selected as Metadata Source.
4. Paste the XML data you copied from the file in the text editor into the Metadata XML field.
5. Select Identity resides in the NameID element of the subject under the User Identity pane.
6. Select the checkbox Auto-Provision Accounts for new users when they log in. Using auto-provisioning, all AD users will have a new Showpad user created in the system.     
7. You can retrieve these values in your Azure configuration, the first three are mandatory. You can find them when you click the checkbox View and edit all other user attributes.
   

   Note: If you are mapping an attribute element as the identity instead of using the subject NameID, you may need to fill out the full namespace along with the element name in Showpad. For example, instead of "emailAddress" as the named element, you may need to use something like "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" instead.

8. By default, we will use the recommended SHA-256 hash algorithm, but Showpad supports the older SHA-1 format as well.
9. Go back to Showpad and Save your changes. Click the information icon to download the Showpad Metatada XML.
10. Upload the metadata file to Azure AD. Click Add and the connection should now be enabled.
11. Log out of the application and return to the login page. You should now be able to log in to Showpad using Azure AD credentials.