Today, we're pleased to introduce a security feature addition for Heroku pay-as-you-go customers: Single Sign-On (SSO). SSO makes it easy to centralize and manage access to all the various tools and services used by your employees. Previously, SSO was only available for Heroku Enterprise. SSO improves the employee experience in several ways. You can use any identity provider (IdP) with built-in SSO support for Heroku, or custom authentication solutions that support the SAML 2.0 standard.
Cybersecurity Threat Mitigation
Usernames and passwords are prime targets for cybercriminals. Frequently, individuals use the same password across multiple platforms. In the event of a security breach, hackers can exploit these credentials to infiltrate corporate systems. Implementing Single Sign-On (SSO) minimizes the proliferation of credentials to a single, managed point.
Improved Usability
Developers interact with a multitude of applications every day. SSO eliminates the hassle of maintaining distinct sets of usernames and passwords for each application.
Lower Support Overhead
When users manage login credentials for different tools, they’re more likely to forget passwords. By adopting SSO, you can reduce support overhead.
Enable SSO
Team admins can enable SSO in the Settings tab of the Heroku Dashboard.
Note: You must have team admin permissions to see this information and enable SSO.
To add end users, create accounts for those users in your IdP. The first time a user logs in to Heroku via the IdP, we create a Heroku account for them via automatic IdP provisioning. You can specify the default role for new user creation, with the default set to member initially.
Conclusion
At Heroku, we take the trust, security, and availability of your apps seriously. Extending SSO to Heroku Teams is yet another step to improving security for all customers.
If you have any thoughts or suggestions on future reliability improvements we can make, check out our public roadmap on GitHub and submit an issue!