SSO for Heroku now in Public Beta

We're pleased to announce the beta of SSO for Heroku. With this beta, Heroku now supports the current and most widely supported SSO standard known as SAML 2.0, and has partnered with leading identity providers (IdPs) for easy set-up. Customers can use their existing identity provider like Salesforce Identity, Okta, PingOne, Microsoft Active Directory, and PingFederate for their employees' single sign-on to Heroku Enterprise.

SSO for Heroku using Salesforce Identity as IdP

SSO is expected to be generally available in early February. Initially, it will be available to Heroku Enterprise customers. For enterprise customers who want to use the feature during the beta period, it is now available in the "Settings" tab of their Heroku org.

We've worked hard to make the set up easy (a few minutes in most cases), yet flexible enough to robustly support less common or home-grown IdPs. Connecting existing identity solutions to Heroku is straightforward for identity administrators, as is setting up a new IdP with Heroku. End-users are presented with a guided two-step upgrade path to SSO when they are added to the IdP, and new user accounts are auto-provisioned in real-time based on the IdP authentication.

We are also partnering with major identity providers to build Heroku support into their products. So for leading IdPs -- like Salesforce Identity, Okta, PingOne, and PingFederate -- set-up for system administrators can be as easy as adding Heroku as a known and supported "service provider," and providing the Heroku organization name. In a few clicks both the IdP and Heroku will be fully set up and ready for test, and then for easy deployment to the entire company. Other popular cloud-based IdPs will be launching built-in support for Heroku in the first quarter of 2016. All operate with the high level of security and reliability Heroku customers have come to expect from our products and partners.

Additionally, SSO for Heroku fully supports Microsoft's Active Directory. SSO support in Heroku also works well with minimal but manual set-up for most other SAML 2.0 compliant identity provider solutions.

Heroku Enterprise customers who would like to be part of the beta can start now. We welcome your questions or feedback; you can reach us at sso-beta@heroku.com .

Browse the blog archives, subscribe to the full-text feed, or visit the engineering blog.