Single Sign-On (SSO): Setup Guide

SSO is a convenient authentication service that allows users to access multiple applications with just one set of login credentials. With SSO, there's no need to log in again every time you open a new application.

How to set up SSO with Showell

SSO, also known as Single Sign-On or Custom Domain, is a convenient authentication service that allows users to access multiple applications with just one set of login credentials. In other words, these users don't need a separate username and password for Showell.

Setting up SSO requires a certain level of expertise in IT, so we recommend that you only proceed with this setup if your company has dedicated IT personnel who can handle the process effectively.

➡️ Before you get started, please reach out to your Showell contact person or Showell Support to receive the Redirect URLs necessary during the installation.


1. Choose a SSO platform that supports the 'OpenID Connect' protocol. Some examples of supported SSO platforms are:

2. Once you have selected and configured your preferred SSO platform, it should provide you with instructions on how to implement the 'OpenID Connect' protocol.

  • We provide the following instructions for setting up Azure/Entra ID SSO. Other SSO platforms might offer a similar way.

3. Once you are all set up on the SSO platform's side, you must provide your Showell contact person, in a secure way (for example with Keybase or Gmail confidential mode), with the following information to establish the connection:

  • client_id
  • client_secret
  • discovery document URI
  • test credentials: This is only required if you are using a testing environment and want to verify that everything is functioning correctly before making it available to a larger audience.

4. Showell will inform you once the connection has been established.

 



How to set up Google SSO with Showell

Please note that you will need to create an application for SSO on your system and configure the settings based on your security guidelines. Customizing the application allows you to specify which users from your organization can access it. Additionally, keep in mind that the OAuth consent page is specific to each project, so you will need to create a new project for this purpose.

➡️ Before you get started, please reach out to your Showell contact person or Showell Support to receive the Redirect URLs necessary during the installation.

1. Navigate to Google Console Cloud

2. Start by creating a new project for the SSO. You can find this option in the top right corner

  • With a new project, you will have to provide a name and location. The location depends on your environment

3. Select the created project and go to APIs & Services

4. Go to the OAuth consent screen:

  • User Type: Internal
  • App information: Enter the necessary details based on your company's information. These details will be visible to end users who will be using the SSO login. It should convey to the end user that the application is trustworthy and reliable.
    • Authorized domains: add showellapp.com here.
  • Scopes: add email, profile, and openid scopes
  • Test users: If you want to test the setup with a limited number of users, you have the option to set test users before fully implementing the Single Sign-On (SSO) connection.

5. Configure OAuth credentials: 

  • Navigate back to APIs & Services (as seen in point 1 to 3)
  • Choose Credentials > OAuth 2.0 Client IDs. This is where you define the redirect URI addresses.
    • Create Credentials > OAuth client ID
    • Application type: Web application
    • Name: Showell SSO

6. If no test users were added, go to the OAuth consent screen and publish the app. Otherwise, this can be done after the login has been tested.

7. Once you are all set up on the Google SSO platform's side, you must provide your Showell contact person, in a secure way (for example with Keybase or Gmail confidential mode), with the following information to establish the connection:

  • client_id
  • client_secret

8. Showell will inform you once the connection has been established.

 

💡 FAQ

 

How do I enable SSO with my Showell Workspace?

an SSO-connection is provided as a Showell Service. If you'd like to know more:

Do you provide alternative, secure login methods?

You and your users have the option to enhance the security of your Showell login by enabling Multifactor Authentication (MFA). MFA adds an extra layer of protection by requiring users to provide additional verification factors, such as a code sent to their mobile device. It's important to note that you cannot set up Showell's MFA in conjunction with SSO.

Showell