This feature is only available to customers on Pro and Premier plans. To upgrade, contact your Customer Success Manager or email@example.com.
Okta SSO allows you to provide secure identity management for your team in Heap using one of the most popular enterprise access management tools available on the market today. Okta offers ease of access, the ability to quickly block credentials for departed team members, multi-factor authentication, and more.
To set up Okta SSO with Heap, you’ll need to have the following:
- Admin access to your organization’s Heap account
- Administrator rights in your organization’s Okta account
Note that once SSO is enabled, it will be enforced as mandatory for all non-Admins in your Heap workspace.
To set up SSO via Okta, complete these steps:
1. Login to your Okta account
2. Click Admin
3. Navigate to the Applications section
4. Click Browse App Catalog
5. Search for Heap, select the Heap application, and click Add
6. Name the app (such as ‘Heap’), then click Next
7. Open the Heap dashboard in a new tab and navigate to Account > Manage > General Settings, then scroll down to the Single Sign-On section
8. Copy the App ID from Heap into the App ID field in Okta
9. Update the Application username format to Email
10. Click Done
11. Switch to the Sign On tab and click the View Setup Instructions button on the new screen
12. Copy the x.509 certificate in PEM Text Format including Begin Certificate and End Certificate and paste it back into the Your SAML Identity Provider certificate field in Heap
13. Copy the Login URL/SignOn URL from Okta and paste it back into Heap’s Remote Login URL within the Your SAML Provider details area
14. Add teammates in Okta who you want to grant access to Heap (or at a minimum, add yourself)
15. Back in Heap, click on Save Configuration then Test Provider – if everything is working properly, this should redirect you back to Heap!
16. Last but not least, click Enable Provider, then add additional teammates as needed
Once configured, your teammates can select ‘Sign-in with SSO’ on the Heap login page, and log in with their email address only. Admins will still have access to sign in with an email and password combination, while all other users will be pushed to use SSO.
If you are having issues logging in with Okta SSO, please delete the Okta cookie and try again. Currently, we are seeing Okta cookies expiring and not permitting proper login. If deleting the cookie doesn’t work, please reach out to firstname.lastname@example.org.