SSO for Heroku now in Public Beta

We're pleased to announce the beta of SSO for Heroku. With this beta, Heroku now supports the current and most widely supported SSO standard known as SAML 2.0, and has partnered with leading identity providers (IdPs) for easy set-up. Customers can use their existing identity provider like Salesforce Identity, Okta, PingOne, Microsoft Active Directory, and PingFederate for their employees' single sign-on to Heroku Enterprise.

SSO for Heroku using Salesforce Identity as IdP

SSO is expected to be generally available in early February. Initially, it will be available to Heroku Enterprise customers. For enterprise customers who want to use the feature during the beta period, it is now available in the "Settings" tab of their Heroku org.

We've worked hard to make the set up easy (a few minutes in most cases), yet flexible enough to robustly support less common or home-grown IdPs. Connecting existing identity solutions to Heroku is straightforward for identity administrators, as is setting up a new IdP with Heroku. End-users are presented with a guided two-step upgrade path to SSO when they are added to the IdP, and new user accounts are auto-provisioned in real-time based on the IdP authentication.

We are also partnering with major identity providers to build Heroku support into their products. So for leading IdPs -- like Salesforce Identity, Okta, PingOne, and PingFederate -- set-up for system administrators can be as easy as adding Heroku as a known and supported "service provider," and providing the Heroku organization name. In a few clicks both the IdP and Heroku will be fully set up and ready for test, and then for easy deployment to the entire company. Other popular cloud-based IdPs will be launching built-in support for Heroku in the first quarter of 2016. All operate with the high level of security and reliability Heroku customers have come to expect from our products and partners.

Additionally, SSO for Heroku fully supports Microsoft's Active Directory. SSO support in Heroku also works well with minimal but manual set-up for most other SAML 2.0 compliant identity provider solutions.

Heroku Enterprise customers who would like to be part of the beta can start now. We welcome your questions or feedback; you can reach us at .

50% and Counting: PHP 7 Takes Off

A year and half ago, we launched support for PHP on Heroku, built from the ground up with modern features designed to give developers a more elegant and productive experience on the platform. Last week, we made PHP 7 available on top of a new, reworked version of our PHP support, and our users are adopting PHP 7’s exciting new features and stellar performance improvements quickly—we’re already seeing PHP 7 being used in the majority of PHP deploys on Heroku.

Read more →

10 Habits of a Happy Node Hacker (2016)

At the tail end of 2015, JavaScript developers have a glut of tools at our disposal. The last time we looked into this, the modern JS landscape was just emerging. Today, it's easy to get lost in our huge ecosystem, so successful teams follow guidelines to make the most of their time and keep their projects healthy.

Here are ten habits for happy Node.js hackers as we enter 2016. They're specifically for app developers, rather than module authors, since those groups have different goals and constraints:

Read more →

Announcing Heroku + Parse: Flexible Platform Meets Feature-Rich SDKs

Most modern mobile apps depend heavily on the app’s back-end. That’s because many of the expectations users have for mobile apps today -- for the application to work regardless of network connectivity, to notify them when relevant content changes, to have integrations with the social networks they use, for appropriate levels of security, and a hundred other things -- are reliant on the app’s back-end services.

The most common pattern for mobile back-ends we see today is for developers to design, build and maintain their back-end architectures on Heroku. This approach is as flexible as it is powerful, but it requires significant engineering effort. A faster alternative would be to use a service like Parse. Using the Parse SDKs gets you some great services right out of the box. However, if you need to add customized functionality to your application at scale, there just isn't a simple way to do it.

Read more →

Introducing Heroku Private Spaces: Private PaaS, delivered as-a-Service

As the world becomes more cloud-centric, and more of our apps and business depend on its capabilities, the trust, control and management of cloud services is more important than ever. Since the first days of Heroku — and Platform-as-a-Service in general — many companies have struggled to balance the impact and success of the cloud with the control offered by traditional software and on-premise infrastructure. Too often that balance tips back towards software, with companies choosing to meet those requirements by building and running their own platforms, inevitably becoming frustrated by the resulting complexity, cost and poor experience.

Today Heroku is introducing Private Spaces, a new Heroku runtime that delivers the best of both worlds; the simplicity and success of the cloud, combined with the network and trust controls historically only available with on premise, behind the firewall deployments. Available today in public beta, Private Spaces is powered by Heroku Dogwood — an all-new runtime architecture that augments the current Cedar runtime. Spaces are being released as part of Salesforce’s new App Cloud, also launching today.

Heroku Private Spaces

A Heroku Private Space contains all of the familiar elements of a Heroku app, including dynos and data services. These elements are deployed and run in network isolated environments, separating the “private” application, including its associated data, from the “public” systems that keep it up, running and healthy.

The new mix of multi-tenant control plane with private runtimes is what makes this architecture unique, and allows it to share an identical development and deployment experience with the Heroku you know today. You develop and deploy apps in Private Spaces just like you would normally on Heroku; Heroku Button, git push deployments, review apps, pipelines, seamless scaling, self healing and Elements Ecosystem — are all included in Private Spaces.

Even better, this isolation architecture also allows for more geographic control; Spaces can be deployed in Frankfurt, Germany, Tokyo, Japan, or in the United States in either Virginia or Oregon, with more regions to be added in the future.

Read more →

Browse the blog archives, subscribe to the full-text feed, or visit the engineering blog.