Note: This article discusses functionality that is included in Ideas Advanced. Please contact us if you would like a live demo or would like to try using it in your account.

Configure single sign-on for your Aha! Ideas portal with SAML 2.0

Every organization wants better ideas, but it’s tough to actually capture ideas from customers, employees, and others in a manageable way.

Single Sign-On (SSO) allows your users to log in to your ideas portal using their existing SAML-enabled ID provider, such as Active Directory, OneLogin, PingIdentity, Okta, and many more. With SSO, you can increase engagement of your idea portals as employees and customers no longer need to keep track of yet another email and password.

Note: If you have multiple ideas portals and want to use a single SAML 2.0 single sign-on configuration between all of them, you may be interested in the Ideas Advanced plan.

This article will provide information on how to set up SSO for your public and private ideas portals.

Click any of the following links to skip ahead:

How it works

When a user authenticates to the ideas portal, they will be presented with the option to authenticate to the portal via SSO only. If they are already logged in to the SSO provider, they will automatically be logged in to your portal without any additional actions.

  • Public portal: Once SSO is configured, users will be prompted to log in before posting or voting on ideas. Anyone can view ideas, regardless of whether they are logged in.

  • Private portal: In order to access the portal, users will be prompted to log in via SSO. If SSO is configured, any user with the SSO account will be able to access the ideas portal, regardless of email domain.

Note: It is possible to invite an ideas portal user from your ideas portal settings who has not been configured with the identity provider your portal is using. The user will not be able to log in to the ideas portal until they can be authenticated by the identity provider.

Top

Enable SSO for any ideas portal

There are two ways to enable SAML 2.0 SSO in for your ideas portals.

  1. Navigate to Settings ⚙️→ Account → Ideas portals or Ideas → Overview. You will need to be an administrator with customizations permissions to configure an ideas portal.

    1. From your account settings, click the name of the ideas portal you wish to edit.

    2. From Ideas → Overview, click the pencil icon by the name of the ideas portal you wish to edit.

  2. Once you have your portal settings open, navigate to the Users tab, and the SSO section.

  3. Click Add new provider.

  4. Choose SAML as your identity provider Type. Click Save.

  5. The SAML 2.0 configuration will display. Enter the remaining fields following the SAML 2.0 configuration instructions.
    Note: The SAML 2.0 configuration will differ based on the SAML provider that you've selected

  6. Click Enable SSO to complete the configuration.

Top

Configure your SAML identity provider

The last step in configuring your ideas portal for SAML 2.0 SSO is to configure your identity provider so that it will send Aha! Ideas the right information. Particularly, you should ensure that the identity provider is sending the required user attributes to Aha! Ideas.

  • EmailAddress

  • FirstName

  • LastName

  • NameID
    Note: We recommend using a persistent, unique identifier in this field, rather than the user's email address.

Aha! Ideas uses these attributes to identify users and match them to users in your Aha! Ideas account or ideas portal.

Top

Share your SSO configuration between portals (Advanced plan)

If you have added Ideas Advanced functionality to your Aha! account, the process to create and assign an identity provider looks a little different.

  1. Follow the same steps in Azure AD listed above.

  2. Navigate to Settings ⚙️→ Account → Ideas portals or Ideas → Overview. You will need to be an administrator with customizations permissions to configure an ideas portal.

    1. From your account settings, click the name of the ideas portal you wish to edit.

    2. From Ideas → Overview, click the pencil icon by the name of the ideas portal you wish to edit.

  3. Once you have your portal settings open, navigate to the Users tab, then the SSO section.

  4. Select Add new provider from the Identify Provider dropdown.

    1. Name: Name your identity provider.
      Note: We recommend that you name your provider something easily recognizable to the different portals that might want to use it, like Employees, or Customers.

    2. Type: Choose SAML as your identity provider type.

    3. Click Save and continue in Aha!

    4. Enter the remaining fields following the SAML 2.0 configuration instructions.

  5. Click Enable SSO to enable your identity provider.

To share your identity provider configuration between multiple ideas portals:

  1. Open each portal's settings.

  2. Once you have your portal settings open, navigate to the Users tab, then the SSO section.

  3. Select the identity provider you just created from the Identity provider dropdown.

  4. Congratulations! You just shared your configuration with another portal.

  5. Repeat these steps for each portal you wish to use the shared Identity provider configuration.

You can manage your identity provider configuration — and the portals that use it — from the Identity providers tab in Settings ⚙️→ Account → Ideas portals.

Top

Existing Aha! Ideas user accounts and SSO

Aha! idea portals prompt the user for their email address to determine if they already have an Aha! login. If the email entered is not registered in Aha!, they will be redirected to SSO based upon your configuration. If their email address is registered in Aha!, they will be redirected to login via Aha! to ensure they do not have two separate logins.

This setting is selected by default, and can be disabled by unchecking the box Access for Aha! users.

When using SSO, email addresses should be managed within the identity provider system. If an email address is modified within Aha!, the email address will be reset to the value in the identity provider system.

Note: Disabling this option on custom CNAME portals (available to Ideas Advanced users and Aha! Roadmaps accounts created before October 20, 2020) will prevent Aha! users from accessing the portal.

Top

Troubleshooting

If you run into trouble, we have gathered common SSO configuration issues into one article, along with common resolutions.

The best place to start in most of these situations is the integration log messages for your SSO configuration. Those messages will help diagnose and solve the problem.

Top

If you get stuck, please reach out to our Customer Success team. Our team is made up entirely of product experts and responds within two hours.

Aha! Roadmaps
Aha! Ideas
    Ideas
    Integrations
      Introduction to integrations
      Announcements
      © 2021 Aha! Labs Inc.All rights reserved