I would like the option to reuse the SSO from the main Aha account SSO for any idea portal we create. So in the idea portal SSO tab, you could pick the Aha account SSO to use for auth on the portal. My struggle at the moment is to have our security team create a bunch of SSOs for each new idea portal that someone might want, or giving stakeholders complicated steps (login to account page first, then go to the idea portal link).
I'm imagining a "Use Aha account SSO settings" box in the idea portal SSO tab (accessible to account admins only). Seems like it could work like this if that box was checked:
1) User hits idea portal page xxxx.ideas.aha.io
2) System sees that "Use Aha account SSO settings" box is checked for that portal and redirects user to https://myaccountnamehere.aha.io/session/new.
3) Upon successful SSO login they are redirected back to the xxxx.ideas.aha.io to use the idea portal
Then you could have one SSO setup, and could be used many times for different idea portals in that account. What do you think?
|Release time frame|
Thank you for the idea. Several weeks ago we made an enhancement to the way Aha! users login to idea portals which follows a very similar flow to what is outlined in this idea. This has greatly improved the experience for Aha! users signing into the portal.
We investigate adding the option of using the same SSO settings for the portal and the main Aha! account and determined that there were risks involved. Specifically, if the same settings are used between an ideas portal and Aha!, any user who has access to the ideas portal would also be able to access the main Aha! account if they knew the URL.
Based on the recent improvements and the issue above we are unlikely to implement this idea at this time.