Configure single sign-on for your ideas portal with G Suite by Google Cloud

Your ideas portal is the central place to capture feedback and promote the best ideas to your roadmap. Google G Suite single sign-on makes it easier to seamlessly capture ideas from across your company without requiring your users to remember an additional set of credentials.

Colleagues can add, vote, or comment without having to remember yet another user ID and password. And your team has a single place to manage all of the ideas — including the next big one.

Click any of the following links to skip ahead: 

How it Works

When a user authenticates to the ideas portal, they will be presented with the option to authenticate to the portal via SSO only. If they are already logged in to the SSO provider, they will automatically be logged in to your portal without any additional actions.

  • Public portal: Once SSO is configured, users will be prompted to log in before posting or voting ideas. Anyone can view ideas, regardless of whether they are logged in.
  • Private portal: In order to access the portal, users will be prompted to log in via SSO. If SSO is configured, any user with the SSO account will be able to access the ideas portal, regardless of email domain.

Note: It is possible to invite an ideas portal user from your ideas portal settings who has not been configured with the identity provider your portal is using. The user will not be able to log in to the ideas portal until they can be authenticated by the identity provider. 


Configuration in Aha!

To set up Google G Suite single sign-on you will need to be both an admin for your G Suite account as well as an admin for your Aha! account

  1. The first step is to create an idea portal in Aha! by navigating to Settings ⚙️ > Account > Ideas portals, or Ideas > Overview. From either page, click Add ideas portal to open the portal builder. 
  2. Once you create your portal, the portal settings will open in a new tab. Navigate to Users > SSO to add single sign-on to your portal.
  3. Choose SAML 2.0 from the Identity provider dropdown. 
  4. Select Metadata file from Settings using. You will generate a metadata file to use here shortly from within your Google G Suite account.


Configuration in Google G Suite

  1. Next, log into your Google G Suite account.
  2. Navigate to the Apps menu and select SAML Apps > Add a service/App to your domain > Setup my own custom App.Google_Apps_SSO_Setup.png
  3. Next you will be given the option to manually configure Google as your identity provider or to use a IDP metadata file. We recommend using the metadata file as you can upload it directly to Aha! to handle the Aha! side configuration. Click Download to download the metadata file.Download_metadata.png
  4. You will be prompted to enter a name for your app and provided the option to upload an image. You can name the app whatever you want.
  5. After naming your app you will be prompted to provide the ACS URL and the Entity ID. Both of these are located within your account on the single sign-on configuration page. You can also type them in directly as they will always be in the format of:

    • ACS URL:
    • Entity ID:

    Note: replace "yourdomain" with the domain of your Aha! ideas portal.
    You will also want to select EMAIL as the Name ID Format value on this page.SSO_Config.png
  6. After entering the ACS URL and Entity ID you will be prompted to set up attribute mapping. You want to define EmailAddress, FirstName and LastName as shown below. Those three values are required for Aha! SAML SSO.attribute_mapping.png


Enable the integration

  1. Back in Aha!, you will need to take the metadata file you downloaded from G Suite and upload it to the Metadata file field. This will allow you to upload the metadata file which will provide Aha! the information it needs to connect to your G Suite SSO configuration.
  2. Lastly, enable the app you created in G Suite by selecting the ON for everyone option.

    Note: New apps can take up to 24 hours to fully activate for all users in G Suite. Users attempting to log on prior to the app fully activating may be presented with a login error: "403 error app_not_configured_for_user." This should resolve itself within 24 hours.


Was this article helpful?
0 out of 0 found this helpful