Enable SSO for any knowledge base
You can configure SSO differently for each knowledge base in your Aha! account. To get started, go to Settings ⚙️ Account Knowledge Knowledge bases. You will need to be an administrator with customizations permissions to configure a knowledge base.
To enable OpenID Connect in your knowledge base:
Navigate to Settings ⚙️ -> Account -> Knowledge -> Knowledge bases.
Click the knowledge base you want to configure. This opens that knowledge base's settings.
On the Overview tab, find the Access settings. Next to the Authentication dropdown, select SSO.
In the SSO identity provider dropdown, select +Add new provider.
On the next screen, enter a Name to identify the SSO configuration. Next to Type, select OpenID. Click Save.
If you already have SSO set up for an ideas portal and would like to share that SSO configuration with your knowledge base, you can select the existing provider you have already set up during this step and skip adding a new one.
The OpenID Connect configuration will display. It may differ based on the provider that you use, but you will want to consider these configuration options:
Callback URL: Copy the Callback URL and paste it into your identity provider's setting (e.g. Login redirect).
Single sign-on endpoint: In your provider, copy the exact endpoint URL specified by your identity provider. Paste it here.
Note: The Single sign-on endpoint value must match the issuer value in your identity provider's discovery response. You can view this discovery response by appending /.well-known/openid-configuration to the SSO endpoint. For example, if your Single sign-on endpoint is https://myprovider.example.com, you can view the discovery response at https://myprovider.example.com/.well-known/openid-configuration.
Identifier: In your provider's settings, copy the Identifier (e.g. Client ID). Paste it here.
Secret: In your provider's settings, copy the Secret and paste it here.
Beneath Access for Aha! users, you will find two additional advanced settings. These are disabled by default for knowledge base SSO configurations, as they are intended for ideas portal SSO configurations.
Most Aha! accounts will not need these advanced settings — and you can break your SSO configuration if you do not use them correctly. If you are also using this configuration for both your knowledge base and your ideas portal and you need help configuring these options, you are welcome to reach out to our Customer Success team.
Enable CNAME for SSO URLs: This option is rarely needed and will break SSO if not carefully configured. Enabling this option causes SSO to use the CNAME as well. This is not necessary for knowledge bases or for most ideas portals, even when using a CNAME for the portal. It may be useful if your customers have strict corporate networking policies.
CNAME: This must match an existing CNAME used in an active ideas portal in your Aha! account. After adding the CNAME click Update URLs and Save or Update SSO. If you have previously configured SSO the URLs must be updated in your external system.
Top
