Notebook security

Aha! Notebooks contain information about your business — from roadmaps to reports to strategy. Notebooks group together your Aha! reports and views, making it easy to share with those who may not be registered Aha! users such as investors, stakeholders, customers, or even other company employees.

While all Notebooks can be password protected or restricted to Aha! users for additional security, additional enhanced security options are available to Enterprise+ accounts to more easily manage secure access to Notebooks. 

Basic notebook security

When you create a web page, a secure link is generated that will not be indexed by search engines. You can then share that link as desired with the proper stakeholders. Links display on the page cards to quickly navigate to the view in Aha! If the card represents a saved view, it will also include a bookmark icon to the left of the hyperlink.

You may also add additional protection by setting a password for a Notebook using the Customize notebook button on the upper-left of the page. At any time, you can change the password or remove it completely. Users will need to re-enter the password if the password changes.

Notebook SSO

Administrators on an Enterprise+ account can enable Notebook SSO to provision access to Notebooks separate from Aha! user SSO. This allows a separate access control for Notebooks without needing to be an Aha! user with specific permissions. If enabled, all users will be redirected to log in with the ID provider set via SSO before accessing the Notebook.

Aha-okta-signin.png

There are four settings for Notebook SSO to mandate settings at an account level or provide more flexibility on a per-Notebook basis.

To enable notebook SSO, navigate to Settings > Accounts > Security and single-sign-on and scroll down to Enhanced notebook security to select one of the following options:

  • Allow anyone to access. There is no account-mandated security requirement for notebook access 
  • Allow only Aha! users to access. Only Aha! users can access notebook URLs. If they are not actively logged into Aha! when navigating to the notebook link, these users will have to login to Aha! again to access the notebook. The specific products can be selected to provision Aha! user access from individual notebooks.
  • Allow only Aha! or single sign-on users to access (Enterprise+ only). Only Aha! users or Notebook SSO users can access the notebook URL.
  • Allow Notebook owners and collaborators to control access on a per-Notebook basis (Enterprise+ only). There is no account-mandated security requirement for notebook access, but the SSO settings can be used as an optional per-notebook setting selected by product owners or contributors.

Aha-notebook-SSO-account-configuration.png

If an enhanced security setting has been selected that requires SSO, the additional SAML 2.0 dialogue configuration will display on update. To save changes to Notebook SSO settings, click the Update button below the configuration.

If account settings allow for optional SSO or Aha! user access on a per-Notebook basis, product owners and contributors can control settings for individual notebooks by clicking on the Customize notebook icon on top left of the page.

Enterprise_plus_notebook_sso.png

Configuring a SAML identity provider to work with Notebooks

Some identity providers, like Okta, have built-in "applications" to work with Aha! These built-in applications cannot be used with Notebooks because they are hard-coded to log in only to Aha! itself.

A new generic SAML configuration needs to be created specifically for the Notebooks. This configuration must include an "email" attribute that identifies the user who is viewing the Notebook. 

IP access controls

Enterprise+ customers can also restrict access to notebooks through IP access controls. Please note, if IP based access control is configured, this can block any external users wishing to access the notebook from outside of the specified IP addresses.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk