This article discusses functionality that is included in the Aha! Ideas Advanced plan. Please contact us if you would like a live demo or want to try using it in your account.
Every organization wants better ideas, but it’s tough to actually capture ideas from customers, employees, and others in a manageable way.
Single sign-on (SSO) allows your users to log in to your ideas portal using OneLogin. With SSO, you can increase engagement of your idea portals as employees and customers no longer need to keep track of yet another email and password. This allows you to tightly integrate your idea management system with the roadmapping process.
If you have multiple ideas portals and want to use a single SAML 2.0 identity provider configuration between all of them, you may be interested in the Ideas Advanced plan.
Click any of the following links to skip ahead:
Add the app in OneLogin
Go to Add App and search for SAML Test Connector (IdP w/attr).
Select SAML Test Connector (IdP w/attr) and save the configuration.
Go to the SSO tab, where you'll need to copy the URL for the SAML 2.0 Endpoint (HTTP).
On the SSO tab, click on View Details which appears under the X.509 Certificate field. On this page, copy the SHA Fingerprint string.
You will need both the SAML 2.0 Endpoint and SHA Fingerprint to enable SSO for your ideas portal.
Enable SSO for your Aha! Roadmaps ideas portal
To do this, you will need to open your ideas portal settings. Navigate to Settings ⚙️ → Account → Ideas -> Ideas portals or Ideas → Overview. You will need to be an administrator with customizations permissions to configure an ideas portal.
From your account settings, click the name of the ideas portal whose settings you wish to edit.
From Ideas → Overview, click the Pencil icon by the name of the ideas portal whose settings you wish to edit.
Once your ideas portal settings are open, navigate to Users → SSO.
Click Add new provider.
Choose SAML as your identity provider Type. Click Save.
The SAML 2.0 configuration will display.
Select Manual Settings from Settings using.
Paste the SAML 2.0 Endpoint link from OneLogin into the Aha! Roadmaps Single Sign-On endpoint field.
Paste the SHA Fingerprint field from OneLogin into the Certificate Fingerprint field in Aha! Roadmaps.
Click Enable SSO to enable the configuration.
Complete configuration in OneLogin
In OneLogin, paste the SAML consumer URL into the ACS (Consumer) URL field. You can copy it from the Aha! Roadmaps ideas portal SSO settings by navigating to Users SSO. The SAML consumer URL should contain saml_callback.
(Option) If you have chosen to define the Audience in OneLogin, paste the SAML entity ID from Aha! Roadmaps into that field. You can copy it from the Aha! Roadmaps ideas portal SSO settings by navigating to Users → SSO.
Share your SSO configuration between portals (Aha! Ideas Advanced plan)
If you have added Ideas Advanced functionality to your Aha! Roadmaps account, the process to create and assign an identity provider looks a little different.
Follow the same steps to enable SSO for your ideas portal listed above.
-
Navigate to Settings ⚙️→ Account → Ideas -> Ideas portals or Ideas → Overview. You will need to be an administrator with customizations permissions to configure an ideas portal.
From your account settings, click the name of the ideas portal you wish to edit.
From Ideas → Overview, click the pencil icon by the name of the ideas portal you wish to edit.
Once you have your portal settings open, navigate to the Users tab, then the SSO section.
-
Select Add new provider from the Identify Provider dropdown.
Name: Name your identity provider.
Note: We recommend that you name your provider something easily recognizable to the different portals that might want to use it, like Employees, or Customers.Type: Choose SAML as your identity provider type.
Click Save and continue in Aha!
Enter the remaining fields following the SAML 2.0 configuration instructions.
Click Enable SSO to enable your identity provider.
To share your identity provider configuration between multiple ideas portals:
Open each portal's settings.
Once you have your portal settings open, navigate to the Users tab, then the SSO section.
Select the identity provider you just created from the Identity provider dropdown.
Congratulations! You just shared your configuration with another portal.
Repeat these steps for each portal you wish to use the shared Identity provider configuration.
You can manage your identity provider configuration — and the portals that use it — from the Identity providers tab in Settings ⚙️→ Account → Ideas portals.
Ideas portal user experience
When a user authenticates to the ideas portal, they will be presented with the option to authenticate to the portal via SSO only. If they are already logged in to the SSO provider, they will automatically be logged in to your portal without any additional actions.
Public portal: Once SSO is configured, users will be prompted to log in before posting or voting ideas. Anyone can view ideas, regardless of whether they are logged in.
Private portal: In order to access the portal, users will be prompted to log in via SSO. If SSO is configured, any user with the SSO account will be able to access the ideas portal, regardless of email domain.
Note: It is possible to invite an ideas portal user from your ideas portal settings who has not been configured with the identity provider your portal is using. The user will not be able to log in to the ideas portal until they can be authenticated by the identity provider.
Troubleshooting
We have created an article to help you troubleshoot common SSO configuration issues, complete with explanations and resolutions.
The best place to start in most of these situations is the Recent SSO events for your SSO configuration, at the bottom of the configuration page. Those messages will help diagnose and solve the problem.
It is possible to invite an ideas portal user from your ideas portal settings who has not been configured with the identity provider your portal is using. The user will not be able to log in to the ideas portal until they can be authenticated by the identity provider.
If you get stuck, please reach out to our Customer Success team. Our team is made up entirely of product experts and responds fast.