Log in Free trial Join a demoDemo

SAML 2.0

Click any of the following links to skip ahead:

Overview
Configure SSO for your Aha! account with SAML
Change SAML 2.0 SSO identity providers
Metadata URL
Metadata file
Manual settings
Logout redirect URL
User attributes
Custom attributes
- ProductPrefix (optional)
- ProductRole (optional)
Preexisting account users
Preexisting ideas portal users
New user messages
Troubleshooting

Overview

Security Assertion Markup Language (SAML) is a standard protocol that gives identity providers (IdP) a secure way to let a service provider (SP) such as Aha! know who a user is. It does this by sending your Aha! account a cryptographically signed XML document confirming users' identities, along with some basic user information.

Once configured, users can authenticate with the following process:

The user navigates to your account (e.g. https://myaccount.aha.io/)
Your account presents the user with an additional login option (e.g. "Login with <your account name>")
When clicked, the user's browser will be redirected to the identity providers.
The identity provider authenticates the user.
Once authenticated, the browser is redirected to your account with a SAML assertion.
Your account verifies the SAML assertion and provisions new users.
The user is granted access to your account.
The user is redirected to the original link (if prior authentication was required).

Removing a user from your IDP will not remove them from your Aha! account.

Suite overview

Billing and users

Security and system requirements

Single sign-on (SSO)

Google Cloud Identity

Microsoft Entra ID

Microsoft Active Directory Federation Services

Troubleshoot single sign-on issues

Aha! Roadmaps

Aha! Ideas

Aha! Whiteboards

Aha! Develop

Custom attributes

Not all identity providers support custom attributes, but if yours does, you can use it to provision your users with user and hierarchy permissions. This makes it easier for new users to engage with your Aha! account, and saves you time managing users individually.

ProductPrefix (optional)

The ProductPrefix attribute is an optional one, but you can include it to automatically grant access to a specific workspace, line, or team in your hierarchy.

This role attribute is applied once, upon user creation. It is not applied to existing users.

This attribute needs to be configured in your identity provider, and not all identity providers support custom attributes. You can find a list of workspace prefixes by navigating to:

Aha! Roadmaps and Aha! Ideas: Settings ⚙️ Account Workspaces
Aha! Develop: Settings ⚙️ Account Teams

You will need to be an administrator with customization permissions to access these pages.

The workspace or team you select with ProductPrefix is added to the user only at the time that they are first provisioned, and will not update if you change this attribute later. This attribute is very handy for giving new users a default workspace or team when they first join your account. For advanced hierarchy permissions, navigate to

Settings ⚙️ Account Users

You will need to be an to do this.

If you set the ProductPrefix attribute, you also need to set the ProductRole attribute.

ProductRole (optional)

The ProductRole attribute works in conjunction with the ProductPrefix attribute and allows you to specify which level of access a user should have.

This role attribute is applied once, upon user creation. It is not applied to existing users.

Just like ProductPrefix, you need to configure this attribute in your identity provider, and not all identity providers support custom attributes.

ProductPrefix is only used when a user is initially provisioned. Values match with Aha! user permission roles and must be one of the following:

product_owner
contributor
reviewer
viewer
none