OneLogin is a single sign-on provider that Aha! connects with through our SAML 2.0 support.
Setting up Aha! in OneLogin
1. Create a new App by going to the Apps tab in OneLogin and selecting, "Add App."
2. On the Find Applications page, search for Aha! and select it.
3. Select SAML 2.0 connector, then hit Save.
4. Configure the subdomain in the Configuration section by setting it to your Aha! subdomain.
5. Go to the SSO section. Here, you will need to copy the Issuer URL so you can finish the setup process in Aha!
Setting up OneLogin in Aha!
1. Now that OneLogin is set up, go to Aha! and navigate to the Settings -> Account -> Security and Single Sign-On page. In the "Single Sign-On" section, select "SAML 2.0" as the Identity Provider.
2. Name the SSO configuration. This will be used throughout Aha! to help users identify how they are logging in.
3. Configure using the Metadata URL. Fill in the Metadata URL field with the Issuer URL copied from the OneLogin SSO page and hit Enable. After the metadata is fetched from OneLogin, Aha! will switch to Manual Settings. This lets you confirm that they match the info in OneLogin.
Logging into Aha! with OneLogin
1. Go to your accountname.aha.io login page. Your login page will now have an additional "Login with OneLogin" option available.
2. Clicking "Login with OneLogin" will send your browser to https://app.onelogin.com/login to authenticate with OneLogin. If you are already logged in, your browser will go right to Step 3 without showing you a login form.
3. You are now logged into Aha!
New Aha! users through SSO
Users logging in with OneLogin are separate accounts from ones that log in with an email and password. If an email and password user exists that has a matching email address to the OneLogin user, it will be automatically converted to use OneLogin SSO. Otherwise, a new user will be automatically provisioned.
Auto-provisioned users are added with a permissions role of None for all products. They also fall under the same seat restrictions as any other user. Attempts to log in may fail if you have no seats available on Premium accounts. For Enterprise accounts, the login will not fail due to seat restrictions because you can have unlimited Reviewers, Viewers, or None.
After a new user is added through SSO login, an Aha! account administrator will need to configure their user permissions. All SSO users will be specifically tagged for the SSO platform they are using on the administrator's Settings -> Account -> Users screen.