Explore  

Microsoft Azure Active Directory Services (Azure AD)

You can use Microsoft Azure Active Directory Services (Azure AD) as an identity provider for your Aha! account based on SAML 2.0. You will need to be an administrator in your Aha! account and in Azure AD to configure SSO.

User permissions

  • Account administrator to configure SSO

  • Billing administrator to manage users

  • Customizations administrator to add custom attributes

Troubleshooting

Further reading

SSO

Account management

User permissions

Click any of the following links to skip ahead:

In Azure AD

  1. Log in to Azure AD. If you have not already done so, select the Azure Active Directory service from the left sidebar.

  2. Click Enterprise applications.

  3. Select All applications from the Application type dropdown.

  4. If you do not see Aha! as one of your available applications, you may need to add it. Click New application.

    1. Scroll or search for the Aha! application, then select it.

    2. Click Create.

    3. In the getting started form, Name your application, then move on to the SAML SSO configuration quick start guide.

  5. Otherwise, on the Aha! application integration page, find the Manage section and select Single sign-on.

  6. On the Select a Single sign-on method page, select SAML.

  7. On the Set up Single Sign-On with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.

  8. On the Basic SAML Configuration section, perform the following steps:

    1. In the Sign on URL text box, type a URL using the following pattern: https://<customdomain>.aha.io/session/new

    2. In the Identifier (Entity ID) text box, type a URL using the following pattern: https://<customdomain>.aha.io

  9. On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, find Federation Metadata XML and select Download to download the certificate and save it on your computer.

  10. On the Set up Aha! section, copy the appropriate URL(s) based on your requirement.

Under Attributes & Claims, the default value for the Unique User Identifier will not work. Instead of user.userprincipalname, please use user.employeeID or user.objectID. The attributes available will depend on your Azure AD account configuration.

Top

In your Aha! account

  1. Log into your Aha! account and go to Settings ⚙️ Account Security and single sign-on Single sign-on.

  2. Select SAML 2.0 as your Identity provider.

  3. Name your configuration.

  4. The SAML 2.0 configuration will display. Change Settings using to Metadata File.

  5. Upload the Federation Metadata XML that your downloaded from Azure AD.

  6. Enter the remaining fields following the SAML 2.0 configuration instructions.

Top

Configure custom attributes

This is an optional step but a useful one. You can provision your Aha! users with user and hierarchy permissions. This makes it easier for new users to engage with your Aha! account, and saves you time managing users individually.

To do this:

  1. Go to the enterprise application in Azure AD.

  2. Select Single Sign-On where SAML should be configured.

  3. Edit attributes and claims. Add one or two new claims.

ProductPrefix

The ProductPrefix role grants a user access to specific Aha! workspaces, workspace lines, or teams.

You can find a list of workspace prefixes by navigating to:

  • Aha! Roadmaps and Aha! Ideas: Settings ⚙️ Account Workspaces

  • Aha! Develop: Settings ⚙️ Account Teams

You will need to be an administrator with customization permissions to access these pages.

The workspace or team you select with ProductPrefix is added to the user only at the time that they are first provisioned, and will not update if you change this attribute later. This attribute is very handy for giving new users a default workspace or team when they first join your account. For advanced hierarchy permissions, navigate to

  • Settings ⚙️ Account Users

You will need to be an administrator with billing permissions to do this.

If you set the ProductPrefix attribute, you also need to set the ProductRole attribute.

To do this in Azure AD:

  1. Name the claim ProductPrefix.

  2. Expand the Claim conditions section.

  3. Select User Type as Any.

  4. Select the Azure AD Group to which you want to assign access to this ProductPrefix.

  5. Set the Source as Attribute.

  6. Under Value, enter the appropriate Aha! workspace, workspace line, or team Prefix.

    Although this appears to be a dropdown to select a value from, you will need to manually enter a prefix here. ProductPrefix is the short code prefix of the hierarchy element, not the element's full name. The prefix is used to code records in that workspace, line, or team. For example, a workspace named Mobile might have a ProductPrefix MBL.

ProductRole

The ProductRole attribute works in conjunction with the ProductPrefix attribute and allows you to specify which level of access a user should have.

ProductPrefix is only used when a user is initially provisioned. Values match with Aha! user permission roles and must be one of the following:

  • product_owner

  • contributor

  • reviewer

  • viewer

  • none

To do this in Azure AD:

  1. Name the claim ProductRole.

  2. Expand the Claim conditions section.

  3. Select User Type as Any.

  4. Select the Azure AD Group to which you want to assign access to this ProductRole.

  5. Set the Source as Attribute.

  6. Set the Value to the appropriate user permission role.

Top

If you get stuck, please reach out to our Customer Success team. Our team is made up entirely of product experts and responds fast.

Suite overview
    Aha! Roadmaps
    Aha! Ideas
    Aha! Whiteboards
    Aha! Develop
    Release notes