Single Sign-On (SSO) Now Available for Aha!
February 4, 2015

Single Sign-On (SSO) Now Available for Aha!

by Keith Brown

Integrating the tools your product teams use daily with Aha! is a great way to focus the team on what matters most — building better products. Currently, there are more than 15 integrations as well as the ability to add additional tools using our API or Webhook capabilities. Today, we’re excited to add another category to our integrations, Single Sign-On (SSO). Our first single sign-on integration supports SAML 2.0

More than 10,000 users trust Aha! for product roadmapping, and many of them already utilize an identity provider for SSO. This is one more way we help teams build better software and be happy doing it.

Single sign-on allows users of your Aha! account to log in using your existing SAML enabled identity provider such as OneLogin, Okta, PingIdentity, and many more. This means users don’t have to keep track of yet another email and password. More importantly, it grants admins the ability to add and revoke user access centrally using your existing identity management tool.

How SAML works

SAML (Security Assertion Markup Language) is a standard protocol that provides identity providers a secure way to let a service provider, such as Aha!, know who a user is. It does this by sending Aha! a cryptographically signed XML document asserting the user is who they say along with some basic user information.

Once configured users can authenticate with the following process:

  1. Aha! presents the user with an additional login option, “Login with {name of your provider}”

  2. The identity provider authenticates the user

  3. User is granted access to Aha!

Supported identity providers

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

OneLogin simplifies identity management with secure, one-click access, for employees, customers and partners, through all device types, to all enterprise cloud and on-premises applications.

Once OneLogin is setup your login page will have an additional “Login with OneLogin” option available. Clicking Login with OneLogin will send your browser to https://app.onelogin.com/login to authenticate with OneLogin. If you are already logged in your browser will go right to step 3 without showing you a login form.

You are now logged in to Aha! Users logging in with OneLogin are separate accounts from ones that login with an email & password. This is true even if the email addresses are the same. This means that permissions will also need to be configured separately as described in the next section.

Learn more about how to use OneLogin for SSO.

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

Okta is an integrated identity management and mobility management service that securely and simply connects people to their applications from any device, anywhere, at anytime.

Once Okta is setup your login page will have an additional “Login with Okta” option available. Clicking Login with Okta will send your browser to https://www.okta.com/login/ to authenticate with Okta. If you are already logged in your browser will go right to step 3 without showing you a login form.

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

You are now logged in to Aha! Users logging in with Okta are separate accounts from ones that login with an email & password. This is true even if the email addresses are the same. This means that permissions will also need to be configured separately as described in the next section.