Home Administration Secure Access SAML SSO Integration Guide

Table of Contents

Was this article helpful?

Yes No

Thank you for your feedback!

SAML SSO Integration Guide

In this article you'll learn:

  • Basic steps to connect Heap to your SAML SSO provider
  • Which version of SAML Heap supports
This doc is for: Admins

Overview

This feature is only available to customers on Pro and Premier plans. To upgrade, contact your Customer Success Manager or sales@heap.io

Security Best Practice

If you use SSO, we strongly recommend that you set up mandatory 2FA for all Heap admins.

To learn more, see enabling mandatory 2FA for your Heap domain.

Integrating SAML SSO authentication with Heap allows you to provide secure identity management and a streamlined sign-on option for your team.

Note that we have setup instructions for our existing SSO integrations, including AWS, Azure, Google, Okta, and OneLogin. You can also enable 2FA to provide an extra measure of security.

Heap supports SAML 2.0.

Prerequisites

To set up a an SSO provider with Heap, you’ll need to have the following:

  • Admin access to your organization’s Heap account
  • Access to manage settings in your SAML SSO tool

Setup

Note that once SSO is enabled, it will be enforced as mandatory for all non-Admins in your Heap workspace.

To integrate your SSO provider with Heap, you must provide the following information from the SSO provider in Heap. Navigate to Account > Manage > Account settings and populate the following fields:

  • Your SAML Identity Provider certificate, using the base 64 version (including the text ‘Begin Certificate’ and ‘End Certificate’)
  • Your SAML Identity Provider details (usually labeled as the SSO URL)
The SAML identity provider certificate and identity provider details fields as listed on the General Settings page in Heap

Click Save Configuration to save your settings.

On the same page, you’ll need to copy some of the following information from within Heap and paste it somewhere in your SSO provider’s settings. The information required and where it should be pasted varies based on the SSO provider, though typically the following two are always required:

  • The Entity ID
  • The Assertation Consumer URL
The Single Sign-on details as listed on the General Settings page in Heap

Be sure to save your settings in the SSO provider.

As a last step, before SSO settings go live on your account, you must run a successful SSO configuration Test. The test button is under Account > Manage > Account Settings.

This basic setup should be enough to get you up and running with your SSO provider, though requirements may vary depending on the provider.

If you need help, please post in Heap Community or visit our Get support page.