Enterprise Account Settings
Last updated 19 August 2019
Table of Contents
Enterprise Accounts are in public beta.
The Settings tab of your Enterprise Account lets you rename the Enterprise Account, set up single sign-on (SSO), and access Audit Trail. Enterprise Account users must have the manage permission to access this tab.
Rename an Enterprise Account
Rename an Enterprise Account via Heroku Dashboard
If you want to change your Enterprise Account name, you can click Edit, type the new name in the “Account name” field, and then save the new name.
Rename an Enterprise Account via Heroku CLI
Renaming an Enterprise Account via the CLI requires the Enterprise Accounts CLI Plugin.
The Enterprise Account can be renamed via the following Heroku CLI command:
$ heroku enterprises:rename new-account-name --enterprise-account=account-name
View audit logs
Please submit any questions, suggestions, and other feedback you have to heroku-audit-logs@salesforce.com
Heroku Audit Trail (audit logs) enables you to export a chronological, JSON-formatted archive of certain events associated with your Heroku Enterprise account. Learn more on the Audit Trails for Enterprise Accounts page.
Set up Single Sign-On (SSO)
If this is the first time you’re setting up SSO for your Enterprise Account, and none of your Enterprise Teams already has SSO enabled, click Begin setup.
Provide values for each of the following fields:
- Identity Provider (IdP) Issuer URL
- Identity Provider (IdP) Redirect URL
- Identity Provider (IdP) Certificate
Activate the Enable SSO switch and click Save.
Migrate an existing SSO
If you already have SSO enabled for a particular Enterprise Team, the following notice displays on your Enterprise Account’s Settings tab:
You can click Migrate existing setup… to move the SSO configuration from the indicated Enterprise Team to the Enterprise Account. Alternatively, you can setup a new SSO configuration by clicking Configure SSO…
If you migrate an SSO configuration from an Enterprise Team to its parent
Enterprise Account, new SSO users are no longer automatically added to the
originating Enterprise Team. Instead, they are added to the Enterprise Account with the
view permission only. An Enterprise Account administrator can then grant any additional team-specific permissions to the user.
When SSO is configured at Enterprise Account level, new users are added to the Enterprise Account with the view permission. An admin needs to add the user to desired teams and assign appropriate permissions.
Providing multiple IdP certificates
See this article for more information on how multiple IdP certificates are provided for your Enterprise Teams.