Aha! Ideas | Portal SSO | SAML 2.0
Every organization wants better ideas, but it’s tough to actually capture ideas from customers, employees, and others in a manageable way.
Single Sign-On (SSO) allows your users to log in to your ideas portal using their existing SAML-enabled ID provider, such as Active Directory, OneLogin, PingIdentity, Okta, and many more. With SSO, you can increase engagement of your idea portals as employees and customers no longer need to keep track of yet another email and password.
Note: If you have multiple ideas portals and want to use a single SAML 2.0 single sign-on configuration between all of them, you may be interested in the Ideas Advanced plan.
This article is about configuring SSO for your ideas portal. Read these articles if you want to configure SSO for your Aha! Ideas account.
Click any of the following links to skip ahead:
How it works
When a user authenticates to the ideas portal, they will be presented with the option to authenticate to the portal via SSO only. If they are already logged in to the SSO provider, they will automatically be logged in to your portal without any additional actions.
Public portal: Once SSO is configured, users will be prompted to log in before posting or voting on ideas. Anyone can view ideas, regardless of whether they are logged in.
Private portal: In order to access the portal, users will be prompted to log in via SSO. If SSO is configured, any user with the SSO account will be able to access the ideas portal, regardless of email domain.
Note: It is possible to invite an ideas portal user from your ideas portal settings who has not been configured with the identity provider your portal is using. The user will not be able to log in to the ideas portal until they can be authenticated by the identity provider.
Enable SSO for any ideas portal
There are two ways to enable SAML 2.0 SSO in for your ideas portals.
Navigate to Settings ⚙️ Account Ideas portals and organizations or Ideas Overview. You will need to be an administrator with customizations permissions to configure an ideas portal.
From your account settings, click the name of the ideas portal you wish to edit.
From Ideas Overview, click the pencil icon by the name of the ideas portal you wish to edit.
Once you have your portal settings open, navigate to the Users tab, and the SSO section.
Click Add new provider.
Choose SAML as your identity provider Type. Click Save.
The SAML 2.0 configuration will display. Enter the remaining fields following the SAML 2.0 configuration instructions in the next section. Note: The SAML 2.0 configuration will differ based on the SAML provider that you've selected.
Click Enable SSO to complete the configuration.
There are two additional advanced settings beneath Access for Aha! users. They are disabled by default, and most Aha! accounts will not need to use them — in fact, unless you configure these settings carefully, you can break your SSO configuration. If you need help configuring these options, you are welcome to reach out to our Customer Success team.
Enable CNAME for SSO URLs: This option is rarely needed and will break SSO if not carefully configured. It may be useful if your customers have strict corporate networking policies. You must also enter a custom CNAME below to enable this feature.
CNAME: This must match an existing CNAME used in an active ideas portal in your Aha! account. After adding the CNAME click Update URLs and Save or Update SSO. If you have previously configured SSO the URLs must be updated in your external system.
Configure your SAML identity provider
The last step in configuring your ideas portal for SAML 2.0 SSO is to configure your identity provider so that it will send Aha! Ideas the right information. Particularly, you should ensure that the identity provider is sending the required user attributes to Aha! Ideas.
NameID Note: We recommend using a persistent, unique identifier in this field, rather than the user's email address.
Aha! Ideas uses these attributes to identify users and match them to users in your Aha! Ideas account or ideas portal.