Skip to content
  • Home
  • University
  • Developers
  • API
  • Releases
  • Status
  • Home
  • University
  • Developers
  • API
  • Releases
  • Status
Home Administration Secure Access Single Sign-On: Azure
Getting Started Installation Administration Define & Analyze Analysis Examples Heap Plays Success Guides Integrations Heap Connect Data Privacy

Table of Contents

Was this article helpful?

Yes No

Thank you for your feedback!

Single Sign-On: Azure

In this article you'll learn:

  • Complete steps for setting up Azure single sign-on for Heap
This doc is for: Admins

Overview

SSO is only available for customers on the Business plan. To upgrade, contact your Customer Success Manager or sales@heap.io.

Azure SSO allows you to manage access and identity for your team by enabling them to access Heap via their Azure sign-in credentials, with no extra passwords needed.

Prerequisites

To set up Azure SSO with Heap, you’ll need to have the following:

  • Admin access to your organization’s Heap account
  • Application administrative rights in your organization’s Azure account

Note that Heap must enable access to the Heap app in the Azure marketplace for it to appear in your Azure account.

Setup

Note that once SSO is enabled, it will be enforced as mandatory for all non-Admins in your Heap workspace.

To set up Azure SSO with Heap, complete these steps:

1. Sign in to your Azure management portal via https://portal.azure.com/.

2. Click on Enterprise Applications.

The Azure landing page with an arrow pointing to the 'Enterprise Applications' option

3. If you don’t already have an enterprise app for Heap added, click the New Application button. If you already have your Heap app configured, skip to step 6.

The Enterprise Applications in Azure with an arrow pointing to the 'New Application' button

4. On the next page, click non-gallery application.

The 'Add an application' page in Azure with an arrow pointing to the 'Non-gallery application' section

5. On the create application page, add a name for this application (we used Heap) then click the Add button at the bottom.

The 'Add your own application' page in Azure with the name 'Heap' added and an arrow pointing to the 'Add' button

You will now see your new Heap app listed on the enterprise applications page.

The 'Enterprise applications' page in Azure with an arrow pointing to the Heap app

6. Now that you have your app, click on the app to open the app page, then click on Single Sign-on in the left navigation bar.

The 'Heap app overview' page in Azure with an arrow pointing to the 'Single sign-on' tab

7. On this page, click the SAML box.

The single sign-on tab in Azure with an arrow pointing at the 'SAML' option

8. On this page, set the Basic SAML Configuration options as follows. The screenshot below shows you where these items are listed in Heap.

Identifier (Entity ID): heapanalytics.com

Reply URL: https://heapanalytics/saml/finalize/<youridhere> which is the Assertion Consumer Service URL listed on the Account > Manage > General Settings page in your Heap account.

Sign On URL: https://heapanalytics/saml/metadata/<youridhere> which is the Metadata URL listed on the Account > Manage > General Settings page in your Heap account.

The Single Sign-on page in Heap with arrows pointing at the 'Metadata URL' and 'Assertion Consumer URL' sections

9. Click the Save icon in Azure to save your settings.

10. In the User Attributes & Claims section, keep all settings as their defaults, except for Unique User Identifier which should be set to user.mail. You may need to edit this setting to update this item.

The User Attributes & Claims section in Azure with an arrow pointing at Unique User Identifier = user.mail

11. Keep this page open, or copy down the information listed under the Set up section. You’ll need this in a couple of steps.

12. Navigate to the Manage > Properties page.

The 'Heap app Overview' page in Azure with an arrow pointing at the Properties tab

13. (Optional) On this page, make sure the Visible to users toggle is set to No. This means this app will not be accessible from myapps.microsoft.com, even if they have access within Heap. 

The 'Heap app Overview' page in Azure with an arrow pointing at the 'Visible to user?' toggle

Note: If you plan on using an Active Directory group to manage users who have access to Heap, be sure to set ‘User assignment required?’ set to ‘Yes’ on this page.

14. Save this setting to return to the main app page. On this page, click the ‘Set up single sign on’ box again to return to your Azure SAML settings. You’ll want to have these open to copy-paste information into Heap to complete this setup.

15. Next, open the Heap dashboard in a new tab. Navigate to Heap, on the Account > Settings > General Settings page. 

The General Settings page in Heap with an arrow pointing at the General Settings tab

16. On this page, copy-paste the following information from Azure into Heap:

  • Your SAML Identity Provider certificate > Download the base-64 certificate provided by Azure and copy-paste it into this field
  • Remote login URL > add the Login URL provided in Azure
  • Logout landing URL > add the Logout URL provided in Azure

17. Click the Save Configuration button. You’ll be provided with the option to test this configuration. Click the Test Configuration button. You’ll see the Microsoft Azure login page appear.

The Microsoft sign-in window as it will appear on the Heap login page

You are now able to use your credentials to sign in! Feel free to configure other Azure settings such as custom roles.

For questions or assistance, reach out to support@heap.io.

Was this article helpful?

Yes No

Thank you for your feedback!

Last updated October 21, 2020.

azuresingle sign-onSSO
  • Blog
  • Partners
  • Security
  • Terms
  • About
  • Careers
  • Privacy
  • Contact Us

© 2021 Heap, Inc.