Security Best Practice
If you use SSO, we strongly recommend that you set up mandatory 2FA for all Heap admins.
To learn more, see enabling mandatory 2FA for your Heap domain.
Integrating SAML SSO authentication with Heap allows you to provide secure identity management and a streamlined sign-on option for your team.
Heap supports SAML 2.0.
To set up an SSO provider with Heap, you’ll need to have the following:
- Admin access to your organization’s Heap account
- Access to manage settings in your SAML SSO tool
Note that once SSO is enabled, it will be enforced as mandatory for all non-Admins in your Heap workspace.
To integrate your SSO provider with Heap, you must provide the following information from the SSO provider in Heap. Navigate to Account > Manage > Account settings and populate the following fields:
- Your SAML Identity Provider certificate, using the base 64 version (including the text ‘Begin Certificate’ and ‘End Certificate’)
- Your SAML Identity Provider details (usually labeled as the SSO URL)
Click Save Configuration to save your settings.
On the same page, you’ll need to copy some of the following information from within Heap and paste it somewhere in your SSO provider’s settings. The information required and where it should be pasted varies based on the SSO provider, though typically the following two are always required:
- The Entity ID
- The Assertation Consumer URL
Be sure to save your settings in the SSO provider.
As a last step, before SSO settings go live on your account, you must run a successful SSO configuration Test. The test button is under Account > Manage > Account Settings.
This basic setup should be enough to get you up and running with your SSO provider, though requirements may vary depending on the provider.