SAML SSO Integration Guide

Overview

Integrating SAML SSO authentication with Heap allows you to provide secure identity management and a streamlined sign-on option for your team.

Note that we have setup instructions for our existing SSO integrations, including AWS, Azure, Google, Okta, and OneLogin. You can also enable 2FA to provide an extra measure of security.

Prerequisites

To set up a an SSO provider with Heap, you’ll need to have the following:

• Admin access to your organization’s Heap account
• Access to manage settings in your SAML SSO tool

Setup

Note that once SSO is enabled, it will be enforced as mandatory for all non-Admins in your Heap workspace.

To integrate your SSO provider with Heap, you must provide the following information from the SSO provider in Heap. Navigate to Account > Manage > Account settings and populate the following fields:

• Your SAML Identity Provider certificate, using the base 64 version (including the text ‘Begin Certificate’ and ‘End Certificate’)
• Your SAML Identity Provider details (usually labeled as the SSO URL)

Click Save Configuration to save your settings.

On the same page, you’ll need to copy some of the following information from within Heap and paste it somewhere in your SSO provider’s settings. The information required and where it should be pasted varies based on the SSO provider, though typically the following two are always required:

• The Entity ID
• The Assertation Consumer URL

Be sure to save your settings in the SSO provider.

As a last step, before SSO settings go live on your account, you must run a successful SSO configuration Test. The test button is under Account > Manage > Account Settings.

This basic setup should be enough to get you up and running with your SSO provider, though requirements may vary depending on the provider.

Need help? Please post in Community or contact us via the Get support page in Heap.