Salesforce has the ability to function as a single sign-on (SSO) identity provider for Aha! Ideas using SAML 2.0. It is a popular option among customers who have an active customer community being run through Salesforce already, and is commonly used to allow the Salesforce community users to authenticate into an Aha! Ideas portal using their Salesforce community credentials.
This article is about configuring SSO for your ideas portal. Read these articles if you want to configure SSO for your Aha! Ideas account.
Click any of the following links to skip ahead:
Prerequisites
Action |
Permission level |
Enable Salesforce as an identity provider |
Customize Application permissions in Salesforce |
Configure SSO for an ideas portal |
Customization administrator permissions in Aha! |
We do not recommend that you embed your ideas portal is Salesforce community. Instead, redirect users to your ideas portal.
Enable Salesforce as an identity provider
Before you can configure portal SSO with Salesforce, you will need to enable Salesforce as an identify provider. Salesforce users with Customize Application permissions in your Salesforce account can do this. If Salesforce is not yet set up as an identity provider:
Log in to Salesforce.
Navigate to Setup and search for Identity provider in the top left Quick find search bar. Select Identity provider.
Click Enable Identity Provider.
-
Select a certificate from the dropdown and click Save.
If you do not have a certificate, you will need to create one before enabling Salesforce as an identify provider.
Configure Salesforce SSO in Aha! Ideas
With Salesforce set up as an identity provider, you can enable SSO for your ideas portal (or account). You will need access to settings in both your Aha! account and in Salesforce to to do this.
In Salesforce, open your Identity Provider settings. Leave them open in browser tab — you will need access to them later.
In your Aha! account, open your ideas portal settings and navigate to Users -> SSO.
Click Add new provider.
Choose SAML as your identity provider Type. Click Save.
The SAML 2.0 configuration will display. Next to Settings using, select Metadata file.
In Salesforce, click Download Metadata in your Identity provider settings. Leave your settings open in a tab — you will need this page when setting up Aha! as a service provider in Salesforce.
Back in your Aha! account, click Choose file to upload the metadata file you just downloaded from Salesforce.
Deselect the checkbox next to Access for Aha! users. This ensures that Salesforce users will authenticate directly to the ideas portal without being asked for a portal user's email address.
Click Enable SSO. Do not close the window — you will need access to finish setting up SSO in Salesforce.
Aha! Ideas Advanced subscribers can assign one SSO configuration to multiple portals.
Set up Aha! as a service provider in Salesforce
You will need to set up Aha! as a service provider in Salesforce before your SSO connection will begin authenticating Salesforce users to your ideas portal. Salesforce does this via Connected apps. You will need to create a new connected app to finish setting up SSO.
You will need the following details from the Salesforce SAML configuration you just set up in Aha! before getting started:
SAML entity ID
Consumer URL
Back in your Identity provider settings in Salesforce, find the Service Providers section at the bottom of the page and click the link to create a connected app. This will open a setup screen for a new connected app.
In the Basic information section, enter a Connected App Name, API Name, and Contact Email.
In the Web App Settings, enter your ideas portal URL (Example: https://www.yourdomain.ideas.aha.io) in the Start URL field.
Check the box next to Enable SAML.
From your Aha! SAML configuration, copy the SAML Entity ID and paste it into the Entity ID in Salesforce.
From Aha!, copy the SAML consumer URL and paste it into the ACS URL field.
Click Save.
Apply the appropriate Salesforce Profiles or Permission Sets so the users assigned to those profiles and permission sets will be able to use the connected app to log in to our ideas portal. You can do this after your connected app is saved.
Open the connected app from Apps -> Manage connected apps.
Scroll down to Profiles and click Manage profiles, select the profile you want to add, and click Save.
Repeat if necessary for Permission sets.
Finalize setup
In Salesforce, navigate to Apps -> Manage apps and click the name of the connected app you created for your SSO configuration. Find the SAML Login Information section at the bottom and copy the URL next to SP-Initiated Redirect Endpoint. The URL should have the following format: https://customdomain.salesforce.com/idp/endpoint/HttpRedirect
In your Aha! account, navigate to your Salesforce SSO configuration and paste the URL you just copied in the field next to Single sign-on endpoint.
Click Update SSO.
Aha! Ideas portal user experience
When a user authenticates to the ideas portal, they will be presented with the option to authenticate to the portal via SSO only. If they are already logged in to the SSO provider, they will automatically be logged in to your portal without any additional actions.
Public portal: Once SSO is configured, users will be prompted to log in before posting or voting ideas. Anyone can view ideas, regardless of whether they are logged in.
Private portal: In order to access the portal, users will be prompted to log in via SSO. If SSO is configured, any user with the SSO account will be able to access the ideas portal, regardless of email domain.
It is possible to invite an ideas portal user from your ideas portal settings who has not been configured with the identity provider your portal is using. The user will not be able to log in to the ideas portal until they can be authenticated by the identity provider.
Troubleshooting
If you run into trouble, we have gathered common SSO configuration issues into one article, along with common resolutions.
The best place to start in most of these situations is the integration log messages for your SSO configuration. Those messages will help diagnose and solve the problem.
You can check your Identity Provider Event Log in Salesforce to see all login attempts, including errors and successes.
Share your SSO configuration between portals
This section discusses functionality that is included in the Aha! Ideas Advanced plan. Please contact us if you would like a live demo or want to try using it in your account.
To share your identity provider configuration between multiple ideas portals:
Open each portal's settings.
Once you have your portal settings open, navigate to the Users tab, then the SSO section.
Select the identity provider you just created from the Identity provider dropdown.
Congratulations! You just shared your configuration with another portal.
Repeat these steps for each portal you wish to use the shared Identity provider configuration.
You can manage your identity provider configuration — and the portals that use it — from the Identity providers tab in Settings ⚙️ -> Account -> Ideas portals.