SSO is a convenient authentication service that allows users to access multiple applications with just one set of login credentials. With SSO, there's no need to log in again every time you open a new application.
How to set up SSO with Showell
SSO, also known as Single Sign-On or Custom Domain, is a convenient authentication service that allows users to access multiple applications with just one set of login credentials. In other words, these users don't need a separate username and password for Showell.
Setting up SSO requires a certain level of expertise in IT, so we recommend that you only proceed with this setup if your company has dedicated IT personnel who can handle the process effectively.
➡️ Before you get started, please reach out to your Showell contact person or Showell Support to receive the Redirect URLs necessary during the installation.
1. Choose a SSO platform that supports the 'OpenID Connect' protocol. Some examples of supported SSO platforms are:
- Azure/Entra ID (Microsoft)
- AWS Single Sign-On (Amazon)
- Authpoint (WatchGuard)
- Duo (Cisco)
- Okta
- OneLogin (One Identity)
- Enterprise SSO (Oracle)
- PingIdentify
2. Once you have selected and configured your preferred SSO platform, it should provide you with instructions on how to implement the 'OpenID Connect' protocol.
- We provide the following instructions for setting up Azure/Entra ID SSO. Other SSO platforms might offer a similar way.
3. Once you are all set up on the SSO platform's side, you must provide your Showell contact person, in a secure way (for example with Keybase or Gmail confidential mode), with the following information to establish the connection:
- client_id
- client_secret
- discovery document URI
- test credentials: This is only required if you are using a testing environment and want to verify that everything is functioning correctly before making it available to a larger audience.
4. Showell will inform you once the connection has been established.
How to set up Google SSO with Showell
➡️ Before you get started, please reach out to your Showell contact person or Showell Support to receive the Redirect URLs necessary during the installation.
1. Navigate to Google Console Cloud
2. Start by creating a new project for the SSO. You can find this option in the top right corner
- With a new project, you will have to provide a name and location. The location depends on your environment
3. Select the created project and go to APIs & Services
4. Go to the OAuth consent screen:
- User Type: Internal
- App information: Enter the necessary details based on your company's information. These details will be visible to end users who will be using the SSO login. It should convey to the end user that the application is trustworthy and reliable.
- Authorized domains: add showellapp.com here.
- Scopes: add email, profile, and openid scopes
- Test users: If you want to test the setup with a limited number of users, you have the option to set test users before fully implementing the Single Sign-On (SSO) connection.
5. Configure OAuth credentials:
- Navigate back to APIs & Services (as seen in point 1 to 3)
- Choose Credentials > OAuth 2.0 Client IDs. This is where you define the redirect URI addresses.
- Create Credentials > OAuth client ID
- Application type: Web application
- Name: Showell SSO
6. If no test users were added, go to the OAuth consent screen and publish the app. Otherwise, this can be done after the login has been tested.
7. Once you are all set up on the Google SSO platform's side, you must provide your Showell contact person, in a secure way (for example with Keybase or Gmail confidential mode), with the following information to establish the connection:
- client_id
- client_secret
8. Showell will inform you once the connection has been established.
Enable SSO invitations
Once SSO is set up in your organization, you can effortlessly invite users to join your Showell Workspace. This efficient process ensures that users can easily accept the invitation and be added to the relevant groups right from the beginning.
Enable SSO invitation in Showell:
1. Open the Showell App for Web
2. From the Side menu, click Admin > Workspace Settings > General Preferences
3. Under 'Experimental', enable SSO invitations.
Sending out the invitation:
1. First make sure you have added the users on the SSO side
2. Send out an invitation to those users
- You'll have to add your SSO Domain name when creating the invite
3. The users will receive an email with link. Opening the link allows them to sign in with their email and access the Workspace. This comes with the added benefit that you, the Admin, can see who has accepted the invite.
💡 FAQ
How do I enable SSO with my Showell Workspace?
an SSO-connection is provided as a Showell Service. If you'd like to know more:
Do you provide alternative, secure login methods?
You and your users have the option to enhance the security of your Showell login by enabling Multifactor Authentication (MFA). MFA adds an extra layer of protection by requiring users to provide additional verification factors, such as a code sent to their mobile device. It's important to note that you cannot set up Showell's MFA in conjunction with SSO.