Overview
This feature is only available to customers on Pro and Premier plans. To upgrade, contact your Customer Success Manager or sales@heap.io.
Integrating SAML SSO authentication with Heap allows you to provide secure identity management and a streamlined sign-on option for your team.
Note that we have setup instructions for our existing SSO integrations, including AWS, Azure, Google, Okta, and OneLogin. You can also enable 2FA to provide an extra measure of security.
Heap supports SAML 2.0.
Prerequisites
To set up a an SSO provider with Heap, you’ll need to have the following:
- Admin access to your organization’s Heap account
- Access to manage settings in your SAML SSO tool
Setup
Note that once SSO is enabled, it will be enforced as mandatory for all non-Admins in your Heap workspace.
To integrate your SSO provider with Heap, you must provide the following information from the SSO provider in Heap. Navigate to Account > Manage > General Settings and populate the following fields:
- Your SAML Identity Provider certificate, using the base 64 version (including the text ‘Begin Certificate’ and ‘End Certificate’)
- Your SAML Identity Provider details (usually labeled as the SSO URL)
Click Save Configuration to save your settings.
On the same page, you’ll need to copy some of the following information from within Heap and paste it somewhere in your SSO provider’s settings. The information required and where it should be pasted varies based on the SSO provider, though typically the following two are always required:
- The Entity ID
- The Assertation Consumer URL
Be sure to save your settings in the SSO provider.
As a last step, before SSO settings go live on your account, you must run a successful SSO configuration Test. The test button is under Account > Manage > General Settings.
This basic setup should be enough to get you up and running with your SSO provider, though requirements may vary depending on the provider. If you have any questions, feel free to reach out to support@heap.io.