Notebooks contain information about your business from roadmaps to reports to strategy. Notebooks group together your reports and views in Aha! making it easy to share with those who may not be registered Aha! users such as investors, stakeholders, customers, or even other company employees.
While all notebooks can be password protected for additional security, there are enhanced security options available to Enterprise+ accounts to more easily manage secure access to notebooks.
Account administrators can enable notebook SSO to provision access to notebooks separate from Aha! user SSO. This allows a separate access control for notebooks without needing to be an Aha! user with specific permissions. If enabled, all users will be redirected to login with the ID provider set via SSO before accessing the notebook.
There are four settings for notebook SSO to mandate settings at an account level or provide more flexibility on a per-notebook basis.
To enable notebook SSO, navigate to Settings> Accounts> Security and single-sign-on and scroll down to Enhanced notebook security to select one of the following options:
- Allow anyone to access: There is no account-mandated security requirement for notebook access
- Allow only Aha! users to access: Only Aha! users can access notebook URLs. If they are not actively logged into Aha! when navigating to the notebook link, these users will have to login to Aha! again to access the notebook. The specific products can be selected to provision Aha! user access from individual notebooks.
- Allow only Aha! or single sign-on users to access: Only Aha! users or SSO users can access the notebook URL.
- Allow Notebook owners and collaborators to control access on a per-Notebook basis: There is no account-mandated security requirement for notebook access, but the SSO settings can be used as an optional per-notebook setting selected by product owners or contributors.
If an enhanced security setting has been selected that requires SSO, the additional SAML 2.0 dialogue configuration will display on update. To save changes to notebook SSO settings, "Update" must be selected below the configuration.
If account settings allow for optional SSO or Aha! user access on a per-notebook basis, Product Owners and Contributors can control settings for individual Notebooks by clicking on the settings icon in the top right of the notebook.
Configuring a SAML identity provider to work with notebooks
Some identity providers, like Okta, have built-in "applications" to work with Aha!. These built-in applications cannot be used with notebooks because they are hard-coded to log in only to Aha! itself.
A new generic SAML configuration needs to be created specifically for the notebooks. This configuration must include an "email" attribute that identifies the user who is viewing the notebook.