Ideas portal single sign-on: SAML 2.0

Every organization wants better ideas, but it’s tough to actually capture ideas from customers, employees, and others in a manageable way. 

Single Sign-On (SSO) allows your users to log in to your ideas portal using their existing SAML-enabled ID provider, such as Active Directory, OneLogin, PingIdentity, Okta and many more. With SSO, you can increase engagement of your idea portals as employees and customers no longer need to keep track of yet another email and password. This allows you to tightly integrate your idea management system with the roadmapping process.

Note: Aha! also supports SSO for the Aha! application itself.

This article will provide information on how to set up SSO for your public and private idea portals. Click any of the following links to skip ahead: 

How it works

When a user authenticates to the ideas portal, they will be presented with the option to authenticate to the portal via SSO only. If they are already logged in to the SSO provider, they will automatically be logged in to your portal without any additional actions.

  • Public portal: Once SSO is configured, users will be prompted to log in before posting or voting ideas. Anyone can view ideas, regardless of whether they are logged in.
  • Private portal: In order to access the portal, users will be prompted to log in via SSO. If SSO is configured, any user with the SSO account will be able to access the ideas portal, regardless of email domain.

Note: It is possible to invite an ideas portal user from your ideas portal settings who has not been configured with the identity provider your portal is using. The user will not be able to log in to the ideas portal until they can be authenticated by the identity provider. 


Enable SSO for any ideas portal

Aha! provides the flexibility to set up SSO for each idea portal. To get started, go to Settings ⚙️> Account > Configure ideas portals. You will need to be an administrator with customization permissions to do so. 

  1. Select the idea portal where you would like to set up SSO.
  2. Click the Single Sign-On link.
  3. Select SAML from the Identify Provider dropdown. The SAML 2.0 configuration will display.

The SAML 2.0 configuration will differ based on the SAML provider that you've selected. Learn more about SAML 2.0 configurations and instructions to set up OneLogin for your ideas portal.

For those who prefer a JWT Single Sign-on process, Aha! also provides this capability.


Existing Aha! user accounts and SSO

Aha! idea portals prompt the user for their email address to determine if they already have an Aha! login. If the email entered is not registered in Aha! they will be redirected to SSO based upon your configuration. If their email address is registered in Aha! they will be re-directed to login via Aha! to ensure they do not have two separate logins.

This setting is selected by default, and can be disabled by unchecking the box Access for Aha! users.

When using SSO, email addresses should be managed within the identity provider system.  If an email address is modified within Aha!, the email address will be reset to the value in the identity provider system.

Note: Disabling this option on custom CNAME portals will prevent Aha! users from accessing the portal.


Configure your SAML identity provider to send the information that Aha! needs

The last step in configuring your ideas portal for SAML 2.0 SSO is to configure your identity provider so that it will send Aha! the right information. Particularly, you should ensure that the identity provider is sending the required user attributes to Aha! 

  • EmailAddress
  • FirstName
  • LastName
  • NameID
    Note: We recommend using a persistent, unique identifier in this field, rather than the user's email address.

Aha! uses these attributes to identify users and match them to users in your Aha! account or ideas portal.


Was this article helpful?
3 out of 3 found this helpful