Account SSO | SAML 2.0

Single sign-on (SSO) allows users of your Aha! account to log in using your existing SAML-enabled ID provider, such as OneLogin, Okta, and more. This means users do not have to keep track of yet another email and password. It also makes provisioning new users a breeze. For accounts that already have local users, you can switch them to SAML or keep them the same.

Click any of the following links to skip ahead:

• Overview

• Configure SSO for your Aha! account with SAML

• Change SAML 2.0 SSO identity providers

• Metadata URL

• Metadata file

• Manual settings

• Logout redirect URL

• User attributes

  • EmailAddress

  • FirstName

  • LastName

  • NameID

• Custom attributes

  • ProductPrefix (optional)

  • ProductRole (optional)

• Preexisting account users

• New user messages

• Troubleshooting

Custom attributes

Not all identity providers support custom attributes, but if yours does, you can use it to provision your users with user and hierarchy permissions. This makes it easier for new users to engage with your Aha! account, and saves you time managing users individually.

Top

ProductPrefix (optional)

The ProductPrefix attribute is an optional one, but you can include it to automatically grant access to a specific workspace, line, or team in your hierarchy.

This role attribute is applied once, upon user creation. It is not applied to existing users.

This attribute needs to be configured in your identity provider, and not all identity providers support custom attributes. You can find a list of workspace prefixes by navigating to:

• Aha! Roadmaps and Aha! Ideas: Settings ⚙️→ Account → Workspaces

• Aha! Develop: Settings ⚙️→ Account → Teams

You will need to be an administrator with customization permissions to access these pages.

The workspace or team you select with ProductPrefix is added to the user only at the time that they are first provisioned, and will not update if you change this attribute later. This attribute is very handy for giving new users a default workspace or team when they first join your account. For advanced hierarchy permissions, navigate to

• Settings ⚙️→ Account → Users

You will need to be an to do this.

If you set the ProductPrefix attribute, you also need to set the ProductRole attribute.

Top

ProductRole (optional)

The ProductRole attribute works in conjunction with the ProductPrefix attribute and allows you to specify which level of access a user should have.

This role attribute is applied once, upon user creation. It is not applied to existing users.

Just like ProductPrefix, you need to configure this attribute in your identity provider, and not all identity providers support custom attributes.

ProductPrefix is only used when a user is initially provisioned. Values match with Aha! user permission roles and must be one of the following:

• contributor

• reviewer

• viewer

• none

Top