Account SSO | Google Cloud Identity

This article discusses functionality that is included in the Aha! Knowledge Advanced plan. Please contact us if you would like a live demo or want to try using it in your account.

Single sign-on (SSO) for Google Cloud Identity is available for all Aha! users. Once enabled, your users will be able to log into your Aha! account with their Google credentials.

Click any of the following links to skip ahead:

Enable SSO

  • Navigate to Settings ⚙️→ Account → Security and single sign-on → Single sign-on.

  • Select Google SSO for domains as the Identity provider.

  • Name your provider and add your G Suite Domain. The domain is in the format "example.com" without "http" or "www." Multiple single sign-on for Cloud Identity domains can be separated with a comma.

  • Set your users' Default permissions when they first log in to your Aha! account.

If you do not see this option, you may be using Google SSO for individuals — which you can use to start an Aha! trial — and not Google SSO for multiple users.

  • Click Enable to activate SSO for Cloud Identity.

    Note: This single sign-on configuration does not require a certificate.

Top

Log in to your Aha! account via SSO

  1. Once you have enabled SSO, your Aha! account login page will have an additional Log in with single sign-on for Google Cloud Identity option available.
    Note: You need to log in at your specific account.aha.io domain to use your SSO provider. Do not use the general aha.io domain.

  2. Your browser will take you to https://accounts.google.com so you can select the Google account to use and authenticate.
    Once a user chooses to log in with Google, they will no longer be able to use their email and password. This is so that if they are disabled in Google (e.g. when leaving your company), they can no longer log in to your Aha! account. This is a compliance requirement for many companies.

  3. You are now logged in to your Aha! account.

Top

New user experience

Users logging in to your Aha! account with Cloud Identity SSO are separate accounts from those who log in with an email and password. If an email and password user exists who has a matching email address to a Cloud Identity SSO user, that user will be automatically converted to use Cloud Identity SSO. Otherwise, a new user will be automatically provisioned.

Auto-provisioned users fall under the same seat restrictions as any other user. Attempts to log in may fail if you have no seats available in your account.

Top

Troubleshooting

We have created an article to help you troubleshoot common SSO configuration issues, complete with explanations and resolutions.

The best place to start in most of these situations is the Recent SSO events for your SSO configuration, at the bottom of the configuration page. Those messages will help diagnose and solve the problem.

Top

If you get stuck, please reach out to our Customer Success team. Our team is made up entirely of product experts and responds fast.