Aha! Roadmaps | Portal SSO | Link portal users to organizations (Advanced plan)
Portal SSO provides your customers with a seamless portal login experience. It also enables you add portal user's name and email. If you have Ideas Advanced, you can use portal SSO to link portal users to the organizations they belong to.
Click any of the following links to skip ahead:
If you are using Salesforce community as your SAML identity provider
You will need to update your SAML configuration within Salesforce to include specific attributes.
organization_ids
: This should be set to the 18-character Salesforceaccount_id
that users belong to. These can be multiple account_ids separated by a semicolon.salesforce_integration_id
: Use the Aha! ID you use for your Salesforce integration.
With this configured, users who log in to your portal through SSO will be assigned to the organization in Aha! Ideas that is linked to the matching Salesforce account ID.
If the portal user is already connected to a different Aha! organization, the new organization assignment from SSO will override it.
If an organization with a matching account ID does not already exist in Aha! Ideas, a new one will be created and linked to Salesforce.
You may need to update attributes in an Apex plugin class for your SAML connected app. You can read Salesforce's instructions on adding custom attributes to a connected app or use the following code snippet to add the AccountID to SAML attributes for community users:
global class MyConnectedAppPlugin extends Auth.ConnectedAppPlugin {
global override Map<String,String> customAttributes(Id userId, Id connectedAppId, Map<String,String>
formulaDefinedAttributes, Auth.InvocationContext context) {
// Get the user's associated contact
User u = [SELECT Id, ContactId FROM User WHERE Id = :userId];
if(u.ContactId != null){
Contact c = [SELECT AccountId FROM Contact WHERE Id = :u.ContactId];
// Add the AccountId to your custom attributes map
formulaDefinedAttributes.put('organization_ids', c.AccountId);
}
formulaDefinedAttributes.put('salesforce_integration_id', 'SALESFORCE_INTEGRATION_ID');
return formulaDefinedAttributes;
}
}
If you are using another tool as your SAML identity provider
You will need to add a custom field to your organizations custom layout to store the unique ID for the organization in your system.
Navigate to Settings āļø Account Customizations Custom layouts. Select the Organizations tab and click the layout you want to update. Then add a custom text field for the external organization ID. Then set the API key for the custom field you just added to
external_id
.
Within the tool you are using as your SAML identity provider, update your SAML configuration to include the attribute:
organization_ids
: This should be set to the unique id for the account that the user belongs to. These can be multiple ID's separated by a semicolon.
With this configured, users who log in to your portal through SSO will be assigned to the organization in Aha! Ideas where the external_id
field matches the organization_id
that was passed in.
If the portal user is already connected to a different Aha! organization, the new organization assignment from SSO will override it.
If an organization with a matching
external_id
does not already exist in Aha! Ideas, a new one will be created. The name of the organization will be set to "External organization #[external_id
]". You can update the organization name manually, with a CSV import, or through the Aha! REST API.
If you get stuck, please reach out to our Customer Success team. Our team is made up entirely of product experts and responds fast.