Aha! Notebooks contain information about your business — from roadmaps to reports to strategy. Notebooks group together your Aha! reports and views, making it easy to share with those who may not be registered Aha! users such as investors, stakeholders, customers, or even other company employees.
While all Notebooks can be password protected or restricted to Aha! users for additional security, additional enhanced security options are available to Enterprise+ accounts to more easily manage secure access to Notebooks.
Administrators can enable Notebook SSO to provision access to Notebooks separate from Aha! user SSO. This allows a separate access control for Notebooks without needing to be an Aha! user with specific permissions. If enabled, all users will be redirected to log in with the ID provider set via SSO before accessing the Notebook.
There are four settings for Notebook SSO to mandate settings at an account level or provide more flexibility on a per-Notebook basis.
To enable notebook SSO, navigate to Settings > Accounts > Security and single-sign-on and scroll down to Enhanced notebook security to select one of the following options:
- Allow anyone to access. There is no account-mandated security requirement for notebook access
- Allow only Aha! users to access. Only Aha! users can access notebook URLs. If they are not actively logged into Aha! when navigating to the notebook link, these users will have to login to Aha! again to access the notebook. The specific products can be selected to provision Aha! user access from individual notebooks.
- Allow only Aha! or single sign-on users to access (Enterprise+ only). Only Aha! users or Notebook SSO users can access the notebook URL.
- Allow Notebook owners and collaborators to control access on a per-Notebook basis (Enterprise+ only). There is no account-mandated security requirement for notebook access, but the SSO settings can be used as an optional per-notebook setting selected by product owners or contributors.
If an enhanced security setting has been selected that requires SSO, the additional SAML 2.0 dialogue configuration will display on update. To save changes to Notebook SSO settings, click the Update button below the configuration.
If account settings allow for optional SSO or Aha! user access on a per-Notebook basis, product owners and contributors can control settings for individual notebooks by clicking on the Customize notebook icon on top left of the page.
Configuring a SAML identity provider to work with Notebooks
Some identity providers, like Okta, have built-in "applications" to work with Aha! These built-in applications cannot be used with Notebooks because they are hard-coded to log in only to Aha! itself.
A new generic SAML configuration needs to be created specifically for the Notebooks. This configuration must include an "email" attribute that identifies the user who is viewing the Notebook.