Security Best Practice
If you use SSO, we strongly recommend that you set up mandatory 2FA for all Heap admins.
To learn more, see enabling mandatory 2FA for your Heap domain.
OneLogin SSO allows you to manage access to Heap using a secure and scalable identity management system. Integrating with OneLogin means you can provide your teammates with an easy sign-in with no extra passwords needed.
To set up OneLogin SSO with Heap, you’ll need to have the following:
- Admin access to your organization’s Heap account
- Administrator rights in your organization’s OneLogin account
Note that once SSO is enabled, it will be enforced as mandatory for all non-Admins in your Heap workspace.
To set up OneLogin with Heap, complete these steps:
1. Navigate to the Applications > Applications section of your OneLogin administrator dashboard
2. Click the Add App button
3. Search for and choose Heap and click Save
4. In Heap, navigate to Account > Manage > Account settings
5. Copy the App ID from the Single Sign-On section and paste it into OneLogin’s configuration tab and click Save
6. Enable the API
7. Switch to the SSO tab and copy the SAML 2.0 Endpoint (HTTP) URL, then paste it into the Remote login URL field in Heap
8. Click View Details for the X.509 Certificate and copy the entire certificate into Heap into the text box labeled Your SAML Identity Provider certificate. This must include the ‘—–BEGIN CERTIFICATE—–‘ and ‘—–END CERTIFICATE —–‘
9. Back in Heap, click on Save Configuration then Test Provider – if everything is working properly, this should redirect you back to Heap!
10. Last but not least, click Enable Provider, then add additional teammates as needed
Once configured, your teammates can select Sign-in with SSO on the Heap login page and log in using their email address only.