In order to successfully complete the integration between JumpCloud and Aha!, you must use an administrator account in Aha!.
Note 1: You can have a mix of SAML and password users in the same account. The first time a password user logs in with SAML, their account will be converted to use SAML automatically. Subsequently, the user will not be able to log in using their password again. It is possible for Aha! Administrators to manually convert users back to using a password in Settings -> Account -> Users.
Note 2: We assume the JumpCloud administrator performing the integrations will understand the process of generating private keys and their corresponding public certificates. As an example for generating signed certificates on Linux, see below. Please refer to other guidance for generating keys on other operating systems.
Create a private key:
openssl genrsa -out private.pem 2048
Creating a public certificate for that private key:
openssl req -new -x509 -key private.pem -out cert.pem -days 1095
Note 3: To restrict access to a smaller group of users:
- Note the IdP URL name for this app in the Application details, e.g. https://sso.jumpcloud.com/saml2/ConnectorName
- Create a new Tag and name it SSO-ConnectorName. Important: This tag is case sensitive.
- Add users to this Tag who should be given access to Aha! via Single Sign-On. Any other users who are not in this tag will be denied access.
If a Tag to explicitly grant access does not exist, all users in your organization will be authorized to access Aha!.
Step 1 of 2: Configure JumpCloud SSO for Aha!
- Log into the JumpCloud Admin UI at
- Click on the Applications link in the side navigation
- Click the plus symbol at the top of the page
- Click the configure button for the Aha! entry
- (Recommended) You can leave the IdP Entity ID as the default value (JumpCloud), but we recommend customizing it for your company. A good value for this field is your company's domain (e.g. )
- Click Upload IdP Private Key and upload your private key (see note above)
- Click Upload IdP Certificate and upload your public certificate (see note above)
- In the SP Entity ID field, enter (replace with your Aha! subdomain)
- In the ACS URL field, enter (replace with your Aha! subdomain)
- Click Activate
- Click the export metadata button for the Aha! entry (this will download a metadata file named )
Step 2 of 2: Configure Aha! for JumpCloud SSO
- Log in to Aha! as an administrator
- Click Settings (the gear icon) in the top navbar
- Click Security and single sign-on in the sidebar
- In the Single sign-on section, select SAML 2.0 in the Identity Provider dropdown
- In the Name field, enter
- For the Configure using setting, select the Metadata file radio button
- Click the Choose File button next to Metadata file and upload the file (downloaded in step 10 above)
- Click Enable
Testing Your Single Sign-on (SSO) Configuration
Important: The first time a password user logs in with SAML, their account will be converted to use SAML automatically. Subsequently, the user will not be able to log in using their password again. It is possible for Aha! Administrators to manually convert users back to using a password in Settings -> Account -> Users. We recommend that you do not use an Administrator account for this testing.
- Log into the JumpCloud User Console as a user associated with the Aha! account.
- Click on the Aha! icon
- You should automatically be logged in to Aha
- In your Web browser, navigate to (replace with your Aha! subdomain)
- Click the Login button next to Log in with JumpCloud
- If necessary, log in to the JumpCloud User Portal
- You should automatically be logged in to Aha!