Support Center

Single Sign On (SSO) with Aha!

Prerequisites


In order to successfully complete the integration between JumpCloud and Aha!, you must use an administrator account in Aha!.
 

Configuration Notes


Note 1: You can have a mix of SAML and password users in the same account. The first time a password user logs in with SAML, their account will be converted to use SAML automatically. Subsequently, the user will not be able to log in using their password again. It is possible for Aha! Administrators to manually convert users back to using a password in Settings -> Account -> Users.

Note 2: We assume the JumpCloud administrator performing the integrations will understand the process of generating private keys and their corresponding public certificates. As an example for generating signed certificates on Linux, see below. Please refer to other guidance for generating keys on other operating systems.

Create a private key:
  • openssl genrsa -out private.pem 2048

Creating a public certificate for that private key:
  • openssl req -new -x509 -key private.pem -out cert.pem -days 1095

Note 3: To restrict access to a smaller group of users:
 
  1. Note the IdP URL name for this app in the Application details, e.g. https://sso.jumpcloud.com/saml2/ConnectorName
  2. Create a new Tag and name it SSO-ConnectorName. Important: This tag is case sensitive. 
  3. Add users to this Tag who should be given access to Aha! via Single Sign-On. Any other users who are not in this tag will be denied access.

If a Tag to explicitly grant access does not exist, all users in your organization will be authorized to access Aha!.​

 


Step 1 of 2: Configure JumpCloud SSO for Aha!  

 
  1. Log into the JumpCloud Admin UI at https://console.jumpcloud.com
  2. Click on the Applications link in the side navigation
  3. Click the plus symbol at the top of the page
  4. Click the configure button for the Aha! entry
  5. (Recommended) You can leave the IdP Entity ID as the default value (JumpCloud), but we recommend customizing it for your company. A good value for this field is your company's domain (e.g. example.com)
  6. Click Upload IdP Private Key and upload your private key (see note above)
  7. Click Upload IdP Certificate and upload your public certificate (see note above)
  8. In the SP Entity ID field, enter https://SUBDOMAIN.aha.io/ (replace SUBDOMAIN with your Aha! subdomain)
  9. In the ACS URL field, enter https://SUBDOMAIN.Aha!.com/dispatcher/SAML@AuthService.do.amazon.com/saml (replace SUBDOMAIN with your Aha! subdomain)
  10. Click Activate
  11. Click the export metadata button for the Aha! entry (this will download a metadata file namedJumpCloud-aha-metadata.xml)


Step 2 of 2: Configure Aha! for JumpCloud SSO

 
  1. Log in to Aha! as an administrator
  2. Click Settings (the gear icon) in the top navbar
  3. Click Security and single sign-on in the sidebar
  4. In the Single sign-on section, select SAML 2.0 in the Identity Provider dropdown
  5. In the Name field, enter JumpCloud
  6. For the Configure using setting, select the Metadata file radio button
  7. Click the Choose File button next to Metadata file and upload the JumpCloud-aha-metadata.xml file (downloaded in step 10 above)
  8. Click Enable


Testing Your Single Sign-on (SSO) Configuration


Important: The first time a password user logs in with SAML, their account will be converted to use SAML automatically. Subsequently, the user will not be able to log in using their password again. It is possible for Aha! Administrators to manually convert users back to using a password in Settings -> Account -> Users. We recommend that you do not use an Administrator account for this testing.

IdP-Initiated Flow
  • Log into the JumpCloud User Console as a user associated with the Aha! account.
  • Click on the Aha! icon
  • You should automatically be logged in to Aha

SP-Initiated Flow
 
  • In your Web browser, navigate to https://SUBDOMAIN.aha.io/ (replace SUBDOMAIN with your Aha! subdomain)
  • Click the Login button next to Log in with JumpCloud
  • If necessary, log in to the JumpCloud User Portal
  • You should automatically be logged in to Aha!
 

Last Updated: Sep 13, 2016 02:57PM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete