Overview
Security Best Practice
If you use SSO, we strongly recommend that you set up mandatory 2FA for all Heap admins.
To learn more, see enabling mandatory 2FA for your Heap domain.
Integrating Heap with Google Workspace SSO enables your team to sign in to Heap with their Google account without needing a second sign-in. This has the benefit of requiring one less password to manage and allows you to take advantage of all of the account security features Google provides.
Prerequisites
To set up Google Workspace SSO with Heap, you’ll need to have the following:
- Admin access to your organization’s Heap account
- Administrator rights in your organization’s Google Workspace account
Setup
Note that once SSO is enabled, it will be enforced as mandatory for all non-Admins in your Heap workspace.
To set up SSO for Google Workspace, complete the steps below:
- Sign in to admin.google.com
- Go to Apps
- Go to SAML Apps
- Click add (plus, bottom right)
- Select Setup my own custom app
- Copy the SSO URL into the Heap login URL field
- Download the cert from Google
- Copy the contents of the downloaded cert into the Heap cert field
- Configure the provider in Heap
- In Google, click next, then name the app
- The next page in Google requires the following Heap settings:
- ACS URL: https://heapanalytics.com/saml/finalize/YOUR_APP_ID/ <– replace YOUR_APP_ID with the ID associated with your app
- EntityID: heapanalytics.com
- Back in Heap, click Test provider
- You’ll be redirected to Google and then back to Heap – it should be successful, in which case you can enable the provider
- Add your teammates at heap.io, and have them log in with just their email address
Documentation
We also recommend reviewing Google’s documentation on setting up your own custom SAML application.