Every organization wants better ideas, but it’s tough to actually capture ideas from customers, employees, and others in a manageable way.
Single Sign-On allows your users to log in to your Ideas portal using their existing SAML-enabled ID provider, such as Active Directory, OneLogin, PingIdentity, Okta and many more. With SSO, you can increase engagement of your Idea portals as employees and customers no longer need to keep track of yet another email and password. This allows you to tightly integrate your idea management system with the roadmapping process.
This article will provide information on how to set up SSO for your public and private idea portals.
Note: Aha! also supports SSO for the Aha! application itself.
How it Works
When a user authenticates to the Ideas portal, they will be presented with the option to authenticate to the portal via SSO only. If they are already logged in to the SSO provider, they will automatically be logged in to your portal without any additional actions.
- Public portal: Once SSO is configured, users will be prompted to log in before posting or voting ideas. Anyone can view ideas, regardless of whether they are logged in.
- Private portal: In order to access the portal, users will be prompted to log in via SSO. If SSO is configured, any user with the SSO account will be able to access the Ideas portal, regardless of email domain.
Enable SSO for any Idea portal
Aha! provides the flexibility to set up SSO for each Idea portal. To get started, go to Settings > Product > Configure portal.
- Select the Idea portal that you would like to set up SSO
- Click the Single Sign-On link
- Select SAML from the Identify Provider dropdown
Doing so will unhide the SAML 2.0 configuration which will differ based on the SAML provider that you've selected. Learn more about SAML 2.0 configurations and instructions to set up OneLogin for your Ideas portal.
For those who prefer a JWT Single Sign-on process, Aha! also provides this capability.
Existing Aha! user accounts and SSO
Aha! ideas portals prompt the user for their email address to determine if they already have an Aha! login. If the email entered is not registered in Aha! they will be redirected to SSO based upon your configuration. If their email address is registered in Aha! they will be re-directed to login via Aha! to ensure they do not have two separate logins.
This setting is selected by default, and can be disabled by unchecking the box Access for Aha! users.
When using SSO, email addresses should be managed within the identity provider system. If an email address is modified within Aha!, the email address will be reset to the value in the identity provider system.
Note: Disabling this option on custom CNAME portals will prevent Aha! users from accessing the portal.