Configure single sign-on for your Aha! account with Microsoft Active Directory Federation Services (ADFS)

You can use Microsoft Active Directory Federation Services (ADFS) as an identity provider for users in Aha! based on SAML 2.0. If you are curious about SAML 2.0, you can also read about our SAML 2.0 support in for Aha! accounts. You will need to be an administrator in Aha! and in ADFS to configure SSO.

Click any of the following links to skip ahead:

In ADFS

  1. In Server Manager, click Tools > AD FS Management.

  2. Click Add Relying Party Trust under Actions. This will open the Add Relying Party Trust Wizard.

  3. In the Welcome step, click Claims aware, then Start.

  4. In the Select Data Source step, choose Import data about the relying party, then enter your Aha! account URL in the Federation metadata address field. The URL should be in the following format: https://<accountname>.aha.io/auth/saml/metadata.

    Note: The metadata URL will only work once SAML authentication is enabled in your Aha! account.

  5. In the Specify Display Name step, name your relying party (e.g. "Aha!").

  6. The Configure Certificate step is optional. Click Next.

  7. The Configure URL step is optional. Click Next.

  8. In the Configure Identifiers step, enter your Aha! account URL in the following format: https://<accountname>.aha.io.

  9. In the Choose Access Control Policy step, choose to Permit everyone.

  10. Review your settings on the Ready to Add Trust step, then click Next.

  11. On the Finish step, press Close. This will open the Edit Claim Rules modal.

  12. On the Issuance Transform Rules tab, click Add Rule....

  13. Select the Send LDAP Attributes as Claims template.

  14. Click Next. Name your rule, select Active Directory as the attribute store, and then add the following mappings:

    LDAP Attribute

    Outgoing Claim Type

    E-Mail-Addresses

    E-Mail Address

    Given-Name

    Given Name

    Surname

    Surname

  15. Click OK.

  16. On the Issuance Transform Rules tab, click Add Rule... again.

  17. Select the Transform an Incoming Claim template, then click Next.

  18. Name the rule and make the following selections:
    • Incoming claim type: E-Mail Address
    • Outgoing claim type: Name ID
    • Outgoing name ID format: Email
    • Pass through all claim values

  19. Click OK.

In Aha!

  1. Log into Aha! and go to Settings ⚙️ → Account → Security and single sign-on → Single sign-on.

  2. Select SAML 2.0 as your Identity provider.

  3. Name your configuration.

  4. For the Metadata URL, enter the URL to the metadata xml listed in AD FS 2.0 console, e.g. https://adfs.<company>.com/FederationMetadata/2007-06/FederationMetadata.xml.

  5. Enter the remaining fields following the SAML 2.0 configuration instructions.

Top

Troubleshooting

Stuck? Contact our Customer Success team and we would be happy to help.

Top

Aha! Roadmaps
Strategic roadmaps
Integrations
    Aha! Ideas
    Announcements
    © 2020 Aha! Labs Inc.All rights reserved