Single Sign-On (SSO) Now Available for Aha!
February 4, 2015

Single Sign-On (SSO) Now Available for Aha!

by Keith Brown

Integrating the tools your product teams use daily with Aha! is a great way to focus the team on what matters most — building better products. Currently, there are more than 15 integrations as well as the ability to add additional tools using our API or Webhook capabilities. Today, we’re excited to add another category to our integrations, Single Sign-On (SSO). Our first single sign-on integration supports SAML 2.0

More than 10,000 users trust Aha! for product roadmapping, and many of them already utilize an identity provider for SSO. This is one more way we help teams build better software and be happy doing it.

Single sign-on allows users of your Aha! account to log in using your existing SAML enabled identity provider such as OneLogin, Okta, PingIdentity, and many more. This means users don’t have to keep track of yet another email and password. More importantly, it grants admins the ability to add and revoke user access centrally using your existing identity management tool.

How SAML works

SAML (Security Assertion Markup Language) is a standard protocol that provides identity providers a secure way to let a service provider, such as Aha!, know who a user is. It does this by sending Aha! a cryptographically signed XML document asserting the user is who they say along with some basic user information.

Once configured users can authenticate with the following process:

  1. Aha! presents the user with an additional login option, “Login with {name of your provider}”

  2. The identity provider authenticates the user

  3. User is granted access to Aha!

Supported identity providers

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

OneLogin simplifies identity management with secure, one-click access, for employees, customers and partners, through all device types, to all enterprise cloud and on-premises applications.

Once OneLogin is setup your login page will have an additional “Login with OneLogin” option available. Clicking Login with OneLogin will send your browser to https://app.onelogin.com/login to authenticate with OneLogin. If you are already logged in your browser will go right to step 3 without showing you a login form.

You are now logged in to Aha! Users logging in with OneLogin are separate accounts from ones that login with an email & password. This is true even if the email addresses are the same. This means that permissions will also need to be configured separately as described in the next section.

Learn more about how to use OneLogin for SSO.

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

Okta is an integrated identity management and mobility management service that securely and simply connects people to their applications from any device, anywhere, at anytime.

Once Okta is setup your login page will have an additional “Login with Okta” option available. Clicking Login with Okta will send your browser to https://www.okta.com/login/ to authenticate with Okta. If you are already logged in your browser will go right to step 3 without showing you a login form.

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

You are now logged in to Aha! Users logging in with Okta are separate accounts from ones that login with an email & password. This is true even if the email addresses are the same. This means that permissions will also need to be configured separately as described in the next section.

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

Ping Identity provides identity and access management (IAM) solutions that give customers and employees one-click access to any application from any device.

Once Ping Identity is setup your login page will have an additional “Login with Ping Identity” option available. Clicking Login with Ping Identity will send your browser to https://www.pingidentity.com/en/account/sign-on.html to authenticate with Ping Identity. If you are already logged in your browser will go right to step 3 without showing you a login form.

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

You are now logged in to Aha! Users logging in with Ping Identity are separate accounts from ones that login with an email & password. This is true even if the email addresses are the same. This means that permissions will also need to be configured separately as described in the next section.

Configuration

Adding SSO

To get started go to the Account settings - Profile page and click “Enable SSO”. This will display the SSO settings where you can give your SSO provider a name (required) and add the details for you identity provider.

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

Aha! supports the SAML 2.0 standard which provides a couple ways to streamline configuration. Although each identity provider will have different interfaces and nuances most provide configuration metadata as a URL or downloadable file.

Read more about Single Sign-on with SAML.

Migrating existing Aha! users to SSO – will create a new user

In Aha! SSO users are kept completely separate from Email/Password based users to provide the best security possible. However, existing Email/Password users can be migrated to SSO users as long as they meet the following conditions:

  1. The user must not be associated with any other Aha! account

  2. The user hasn’t logged in with SSO yet since this will provision a new user for them

If a user meets those conditions you can simply find the user’s account in Account Settings - Users and select the user to migrate. Qualifying users will have an option available to change their Identity Provider from password to the name of your SSO provider. Once changed, the account will be able to login via SSO.

Blog - Single Sign-On (SSO) Now Available for Aha! - inline image

Adding/removing users

To manage user settings go to Account Settings - Users where you will see a list of all users associated with the account. Users who login using OneLogin will be tagged with “OneLogin” (or whatever you named the integration) and are separate accounts from those who log in with an email address and password. Clicking on a user will allow you to edit their information and set products and roles as you would for a standard user.

Votes welcome on Hacker News

Signup for a free Aha! trial — be happy This integration is available immediately for all Aha! customers. If you are not already an Aha! customer, you may want to sign up for a free 30 day trial of Aha! now to see why over 10,000 users trust Aha! to set product strategy, create visual roadmaps, and prioritize releases and features.

Keith Brown

Keith Brown

Keith was a vice president of marketing at Aha! — the world’s #1 product development software.

Build what matters. Try Aha! free for 30 days.

Follow Aha!