Enterprise Account Settings
Last updated August 05, 2022
Table of Contents
The Settings tab of your Enterprise Account lets you rename the Enterprise Account, set up single sign-on (SSO), and access Audit Trail. Enterprise Account users must have the manage permission to access this tab.
Rename an Enterprise Account
Rename an Enterprise Account via Heroku Dashboard
If you want to change your Enterprise Account name, you can click Edit, type the new name in the “Account name” field, and then save the new name.
Rename an Enterprise Account via Heroku CLI
Renaming an Enterprise Account via the CLI requires the Enterprise Accounts CLI Plugin.
The Enterprise Account can be renamed via the following Heroku CLI command:
$ heroku enterprises:rename new-account-name --enterprise-account=account-name
Manage Login Security
All customers are required to enable MFA beginning February 1, 2022 when Salesforce starts requiring customers to enable MFA in order to access its products. Heroku users must use MFA for every login through the Heroku web UI. Read more.
The MFA requirement applies to all logins that use a web browser, including logins originating from the CLI. If your Heroku Enterprise Account has SSO configured, ensure that MFA is enforced at your SSO provider.
You can ensure that all members of your Enterprise Account use MFA for every login by turning on the SSO or MFA Required Setting.
Enabling or disabling this setting requires that your account is MFA enabled.
When this setting is enabled, members of your Enterprise Account that are logging in using an email and password are required to enable MFA on their next login. Users that have not enabled MFA are given the opportunity to enable it.
Enabling this setting does not require collaborators to enable MFA.
View audit logs
Please submit any questions, suggestions, and other feedback you have to heroku-audit-logs@salesforce.com
Heroku Audit Trail (audit logs) enables you to export a chronological, JSON-formatted archive of certain events associated with your Heroku Enterprise account. Learn more on the Audit Trails for Enterprise Accounts page.
Set up Single Sign-On (SSO)
If this is the first time you’re setting up SSO for your Enterprise Account, and none of your Enterprise Teams already have SSO enabled, click Begin setup.
Provide values for each of the following fields:
- Identity Provider (IdP) Issuer URL
- Identity Provider (IdP) Redirect URL
- Identity Provider (IdP) Certificate
Activate the Enable SSO switch and click Save.
Migrate an existing SSO
If you already have SSO enabled for a particular Enterprise Team, the following notice displays on your Enterprise Account’s Settings tab:
You can click Migrate existing setup... to move the SSO configuration from the indicated Enterprise Team to the Enterprise Account. Alternatively, you can setup a new SSO configuration by clicking Configure SSO....
If you migrate an SSO configuration from an Enterprise Team to its parent
Enterprise Account, new SSO users are no longer automatically added to the
originating Enterprise Team. Instead, they are added to the Enterprise Account with the
view permission only. An Enterprise Account administrator can then grant any additional team-specific permissions to the user.
When SSO is configured at Enterprise Account level, new users are added to the Enterprise Account with the view permission. An admin needs to add the user to desired teams and assign appropriate permissions.
Providing multiple IdP certificates
See this article for more information on how multiple IdP certificates are provided for your Enterprise Teams.
