Aha! Ideas | Account SSO | OneLogin
OneLogin is a single sign-on provider that your Aha! account connects with through our SAML 2.0 support.
Click any of the following links to skip ahead:
This article is about configuring SSO for your Aha! Ideas account. Read these articles if you want to configure SSO for your ideas portal.
Configure OneLogin
Create a new App by going to the Apps tab in OneLogin and selecting Add App.
On the Find Applications page, search for Aha! and select it.
Select SAML 2.0 connector then Save.
Configure the subdomain in the Configuration section by setting it to your Aha! account subdomain.
Go to the SSO section. Copy the Issuer URL so you can finish the setup process in your Aha! account.
Configure your Aha! account
Now that OneLogin is set up, go to your Aha! account and navigate to Settings ⚙️ Account Security and Single Sign-On. You will need to be an administrator with account privileges to do this. In the Single Sign-On section, select SAML 2.0 as the Identity Provider.
Name the SSO configuration. This will be used throughout your Aha! account to help users identify how they are logging in.
Configure using the Metadata URL. Fill in the Metadata URL field with the Issuer URL copied from the OneLogin SSO page and hit Enable. After the metadata is fetched from OneLogin, your Aha! account will switch to Manual Settings. This lets you confirm that they match the info in OneLogin.
Log in with OneLogin
Go to your Aha! account login page. Your login page will now have an additional Login with OneLogin option available.
Click Login with OneLogin to authenticate with OneLogin. If you are already logged in, your browser will go right to Step 3 without showing you a login form.
You are now logged into your Aha! account.
New user SSO login experience
Users logging in with OneLogin are separate accounts from ones that log in with an email and password. If an email and password user exists that has a matching email address to the OneLogin user, it will be automatically converted to use OneLogin SSO. Otherwise, a new user will be automatically provisioned.
Auto-provisioned users are added with a permissions role of None for all workspaces or teams. They also fall under the same seat restrictions as any other user.
After a new user is added through SSO login, an Aha! administrator with account permissions will need to configure their user permissions. All SSO users will be specifically tagged for the SSO platform they are using on the administrator's Settings ⚙️ Account Users page.
Troubleshooting
We have created an article to help you troubleshoot common SSO configuration issues, complete with explanations and resolutions.
The best place to start in most of these situations is the Recent SSO events for your SSO configuration, at the bottom of the configuration page. Those messages will help diagnose and solve the problem.
If you get stuck, please reach out to our Customer Success team. Our team is made up entirely of product experts and responds fast.