View categories

Categories

Heroku Architecture
- Compute (Dynos)
  - Dyno Management
  - Dyno Concepts
  - Dyno Behavior
  - Dyno Reference
  - Dyno Troubleshooting
- Stacks (operating system images)
- Networking & DNS
- Platform Policies
- Platform Principles

Developer Tools
- Command Line
- Heroku VS Code Extension

Deployment
- Deploying with Git
- Deploying with Docker
- Deployment Integrations

Continuous Delivery & Integration (Heroku Flow)
- Continuous Integration

Language Support
- Node.js
  - Node.js Behavior in Heroku
  - Working with Node.js
  - Troubleshooting Node.js Apps
- Ruby
  - Rails Support
  - Working with Bundler
  - Working with Ruby
  - Ruby Behavior in Heroku
  - Troubleshooting Ruby Apps
- Python
  - Working with Python
  - Background Jobs in Python
  - Python Behavior in Heroku
  - Working with Django
- Java
  - Java Behavior in Heroku
  - Working with Java
  - Working with Maven
  - Working with Spring Boot
  - Troubleshooting Java Apps
- PHP
  - PHP Behavior in Heroku
  - Working with PHP
- Go
  - Go Dependency Management
- Scala
- Clojure
- .NET
  - Working with .NET

Databases & Data Management
- Heroku Postgres
  - Postgres Basics
  - Postgres Getting Started
  - Postgres Performance
  - Postgres Data Transfer & Preservation
  - Postgres Availability
  - Postgres Special Topics
  - Migrating to Heroku Postgres
- Heroku Key-Value Store
- Apache Kafka on Heroku
- Other Data Stores

AI
- Model Context Protocol
- Vector Database
- Working with AI
- Heroku Inference
  - Inference API
  - Heroku Inference Quick Start Guides
  - Inference Essentials
  - AI Models

Monitoring & Metrics
- Logging

App Performance

Add-ons
- All Add-ons

Collaboration

Security
- App Security
- Identities & Authentication
  - Single Sign-on (SSO)
- Private Spaces
  - Infrastructure Networking
- Compliance

Heroku Enterprise
- Enterprise Accounts
- Enterprise Teams
- Heroku Connect (Salesforce sync)
  - Heroku Connect Administration
  - Heroku Connect Reference
  - Heroku Connect Troubleshooting

Patterns & Best Practices

Extending Heroku
- Platform API
- App Webhooks
- Heroku Labs
- Building Add-ons
  - Add-on Development Tasks
  - Add-on APIs
  - Add-on Guidelines & Requirements
- Building CLI Plugins
- Developing Buildpacks
- Dev Center

Accounts & Billing

Troubleshooting & Support

Integrating with Salesforce

Third-Party Authenticator Apps

Last updated June 16, 2023

Table of Contents

Register a Third-Party Authenticator App
MFA Verification with an Authenticator App

Heroku supports the use of third-party authenticator apps that generate temporary codes based on the OATH time-based one-time password (TOTP) algorithm (RFC 6238) as a multi-factor authentication (MFA) verification method. You have numerous apps to choose from, including free versions. Options include Google Authenticator, Microsoft Authenticator, and Authy.

Register a Third-Party Authenticator App

To register a TOTP authenticator app as an MFA verification method:

Download and install the authenticator app on your mobile device.
In Heroku, from Account Settings, select Setup Multi-Factor Authentication. Or if you already enabled other verification methods, select Manage Multi-Factor Authentication.
On the next page, click Add One Time Password Generator. A page with a QR code is displayed.

Add Authenticator App

Launch the mobile app on your device, choose the option for adding a new account, and scan the QR code. If you have trouble scanning the QR code, use the alternative option to enter a setup key.
In Heroku, enter the QR code generated by the app, and click Connect to complete setup.

MFA Verification with an Authenticator App

To log in using a third-party authenticator app:

After entering your email and password, you’re prompted to enter the code generated by your app.
Open the app on your mobile device, and then enter the code in Heroku.

TOTP authenticator apps don’t require mobile connectivity to generate codes.

Keep reading

Identities & Authentication

Feedback

Log in to submit feedback.

Two-Factor Authentication (deprecated) Two-Factor Authentication (deprecated)