Explore  

This article discusses functionality that is included in the Aha! Ideas Advanced plan. Please contact us if you would like a live demo or want to try using it in your account.

Aha! Ideas | Portal SSO | Salesforce

Salesforce has the ability to function as a single sign-on (SSO) identity provider for Aha! Ideas using SAML 2.0. It is a popular option among customers who have an active customer community being run through Salesforce already, and is commonly used to allow the Salesforce community users to authenticate into an Aha! Ideas portal using their Salesforce community credentials.

This article is about configuring SSO for your ideas portal. Read these articles if you want to configure SSO for your Aha! Ideas account.

Click any of the following links to skip ahead:


Prerequisites

Action

Permission level

Enable Salesforce as an identity provider

Customize Application permissions in Salesforce

Configure SSO for an ideas portal

Customization administrator permissions in Aha!


We do not recommend that you embed your ideas portal is Salesforce community. Instead, redirect users to your ideas portal.

Top

Enable Salesforce as an identity provider

Before you can configure portal SSO with Salesforce, you will need to enable Salesforce as an identify provider. Salesforce users with Customize Application permissions in your Salesforce account can do this. If Salesforce is not yet set up as an identity provider:

  • Log in to Salesforce.

  • Navigate to Setup and search for Identity provider in the top left Quick find search bar. Select Identity provider.

  • Click Enable Identity Provider.

  • Select a certificate from the dropdown and click Save.

    If you do not have a certificate, you will need to create one before enabling Salesforce as an identify provider.

Top

Configure Salesforce SSO in Aha! Ideas

With Salesforce set up as an identity provider, you can enable SSO for your ideas portal (or account). You will need access to settings in both your Aha! account and in Salesforce to to do this.

  1. In Salesforce, open your Identity Provider settings. Leave them open in browser tab — you will need access to them later.

  2. In your Aha! account, open your ideas portal settings and navigate to Users SSO.

  3. Click Add new provider.

  4. Choose SAML as your identity provider Type. Click Save.

  5. The SAML 2.0 configuration will display. Next to Settings using, select Metadata file.

  6. In Salesforce, click Download Metadata in your Identity provider settings. Leave your settings open in a tab — you will need this page when setting up Aha! as a service provider in Salesforce.

  7. Back in your Aha! account, click Choose file to upload the metadata file you just downloaded from Salesforce.

  8. Deselect the checkbox next to Access for Aha! users. This ensures that Salesforce users will authenticate directly to the ideas portal without being asked for a portal user's email address.

  9. Click Enable SSO. Do not close the window — you will need access to finish setting up SSO in Salesforce.

Aha! Ideas Advanced subscribers can assign one SSO configuration to multiple portals.

Top

Set up Aha! as a service provider in Salesforce

You will need to set up Aha! as a service provider in Salesforce before your SSO connection will begin authenticating Salesforce users to your ideas portal. Salesforce does this via Connected apps. You will need to create a new connected app to finish setting up SSO.

You will need the following details from the Salesforce SAML configuration you just set up in Aha! before getting started:

  • SAML entity ID

  • Consumer URL

  1. Back in your Identity provider settings in Salesforce, find the Service Providers section at the bottom of the page and click the link to create a connected app. This will open a setup screen for a new connected app.

  2. In the Basic information section, enter a Connected App Name, API Name, and Contact Email.

  3. In the Web App Settings, enter your ideas portal URL (Example: https://www.yourdomain.ideas.aha.io) in the Start URL field.

  4. Check the box next to Enable SAML.

  5. From your Aha! SAML configuration, copy the SAML Entity ID and paste it into the Entity ID in Salesforce.

  6. From Aha!, copy the SAML consumer URL and paste it into the ACS URL field.

  7. Click Save.

Apply the appropriate Salesforce Profiles or Permission Sets so the users assigned to those profiles and permission sets will be able to use the connected app to log in to our ideas portal. You can do this after your connected app is saved.

  1. Open the connected app from Apps Manage connected apps.

  2. Scroll down to Profiles and click Manage profiles, select the profile you want to add, and click Save.

  3. Repeat if necessary for Permission sets.

Top

Finalize setup

  • In Salesforce, navigate to Apps Manage apps and click the name of the connected app you created for your SSO configuration. Find the SAML Login Information section at the bottom and copy the URL next to SP-Initiated Redirect Endpoint. The URL should have the following format: https://customdomain.salesforce.com/idp/endpoint/HttpRedirect

  • In your Aha! account, navigate to your Salesforce SSO configuration and paste the URL you just copied in the field next to Single sign-on endpoint.

  • Click Update SSO.

Top

Aha! Ideas portal user experience

When a user authenticates to the ideas portal, they will be presented with the option to authenticate to the portal via SSO only. If they are already logged in to the SSO provider, they will automatically be logged in to your portal without any additional actions.

  • Public portal: Once SSO is configured, users will be prompted to log in before posting or voting ideas. Anyone can view ideas, regardless of whether they are logged in.

  • Private portal: In order to access the portal, users will be prompted to log in via SSO. If SSO is configured, any user with the SSO account will be able to access the ideas portal, regardless of email domain.

It is possible to invite an ideas portal user from your ideas portal settings who has not been configured with the identity provider your portal is using. The user will not be able to log in to the ideas portal until they can be authenticated by the identity provider.

Top

Troubleshooting

If you run into trouble, we have gathered common SSO configuration issues into one article, along with common resolutions.

The best place to start in most of these situations is the integration log messages for your SSO configuration. Those messages will help diagnose and solve the problem.

You can check your Identity Provider Event Log in Salesforce to see all login attempts, including errors and successes.

Top

Share your SSO configuration between portals

This section discusses functionality that is included in the Aha! Ideas Advanced plan. Please contact us if you would like a live demo or want to try using it in your account.

To share your identity provider configuration between multiple ideas portals:

  1. Open each portal's settings.

  2. Once you have your portal settings open, navigate to the Users tab, then the SSO section.

  3. Select the identity provider you just created from the Identity provider dropdown.

  4. Congratulations! You just shared your configuration with another portal.

  5. Repeat these steps for each portal you wish to use the shared Identity provider configuration.

You can manage your identity provider configuration — and the portals that use it — from the Identity providers tab in Settings ⚙️ Account Ideas portals.

Top

If you get stuck, please reach out to our Customer Success team. Our team is made up entirely of product experts and responds fast.

Suite overview
Aha! Roadmaps
    Overview
      Knowledge
      Integrations