Skip Navigation
Show nav
Heroku Dev Center
  • Get Started
  • Documentation
  • Changelog
  • Search
  • Get Started
    • Node.js
    • Ruby on Rails
    • Ruby
    • Python
    • Java
    • PHP
    • Go
    • Scala
    • Clojure
  • Documentation
  • Changelog
  • More
    Additional Resources
    • Home
    • Elements
    • Products
    • Pricing
    • Careers
    • Help
    • Status
    • Events
    • Podcasts
    • Compliance Center
    Heroku Blog

    Heroku Blog

    Find out what's new with Heroku on our blog.

    Visit Blog
  • Log inorSign up
View categories

Categories

  • Heroku Architecture
    • Dynos (app containers)
    • Stacks (operating system images)
    • Networking & DNS
    • Platform Policies
    • Platform Principles
  • Command Line
  • Deployment
    • Deploying with Git
    • Deploying with Docker
    • Deployment Integrations
  • Continuous Delivery
    • Continuous Integration
  • Language Support
    • Node.js
    • Ruby
      • Rails Support
      • Working with Bundler
    • Python
      • Background Jobs in Python
      • Working with Django
    • Java
      • Working with Maven
      • Java Database Operations
      • Working with the Play Framework
      • Java Advanced Topics
      • Working with Spring Boot
    • PHP
    • Go
      • Go Dependency Management
    • Scala
    • Clojure
  • Databases & Data Management
    • Heroku Postgres
      • Postgres Basics
      • Postgres Getting Started
      • Postgres Performance
      • Postgres Data Transfer & Preservation
      • Postgres Availability
      • Postgres Special Topics
    • Heroku Data For Redis
    • Apache Kafka on Heroku
    • Other Data Stores
  • Monitoring & Metrics
    • Logging
  • App Performance
  • Add-ons
    • All Add-ons
  • Collaboration
  • Security
    • App Security
    • Identities & Authentication
    • Compliance
  • Heroku Enterprise
    • Private Spaces
      • Infrastructure Networking
    • Enterprise Accounts
    • Enterprise Teams
    • Heroku Connect (Salesforce sync)
      • Heroku Connect Administration
      • Heroku Connect Reference
      • Heroku Connect Troubleshooting
    • Single Sign-on (SSO)
  • Patterns & Best Practices
  • Extending Heroku
    • Platform API
    • App Webhooks
    • Heroku Labs
    • Building Add-ons
      • Add-on Development Tasks
      • Add-on APIs
      • Add-on Guidelines & Requirements
    • Building CLI Plugins
    • Developing Buildpacks
    • Dev Center
  • Accounts & Billing
  • Troubleshooting & Support
  • Integrating with Salesforce
  • Heroku Enterprise
  • Single Sign-on (SSO)
  • Set Up Azure Active Directory Identity SSO with Heroku

Set Up Azure Active Directory Identity SSO with Heroku

English — 日本語に切り替える

Last updated January 27, 2022

Table of Contents

  • Step 1: Set up the Identity Provider “IdP” side (Azure AD)
  • Step 2: Set up the Service Provider side (Heroku)

SSO for Heroku is currently available only to Heroku Enterprise customers. For specific instructions for other SSO providers, see the Using Single Sign-On Services with Heroku, for Administrators article.

Azure AD can serve as the identity provider, or “IdP,” for Active Directory (AD) to provide single-sign-on (SSO) user login to Heroku.

Heroku supports SSO via SAML, a standard in wide use by enterprises and companies to provide authentication services to products that would otherwise require separate accounts and logins.

Set up for your existing Active Directory to use SSO for Heroku takes about 15 minutes and has two main steps involving the Azure and Heroku web interfaces:

Step 1: Set up the Identity Provider “IdP” side (Azure AD)

As an admin, log into your Azure Portal, browse to Active Directory and select the directory which will be enabled with SSO for Heroku.

Create and configure a SAML application for your directory

  1. Go to “Applications” and select “Add” from the footer menu
  2. Choose “Add an application my organization is developing”
  3. Give your application a name and select “Web application and/or Web App”
  4. Enter your app properties with the information provided in your Heroku Organization settings page for SSO configuration:
    1. Sign-on URL: provide ‘Heroku Login URL’
    2. App ID URI: provide your ‘ACS URL’
  5. When your app has been successfully added, go to ‘Enable users to sign on’
  6. Copy the “FEDERATED METADATA DOCUMENT URL” and paste the URL into a new browser window. Save the file to your local machine (you will need this document later, so store it in a place that you remember). Azure App successfully added

Step 2: Set up the Service Provider side (Heroku)

  1. In the Heroku web interface, select the Heroku org for which you want to set up SSO.
  2. In the Settings tab for this org, upload the federation metadata document XML file. Heroku SSO Settings Dashboard

Congratulations! SSO is now enabled for your Active Directory users through Azure IdP. Heroku users will now be able to login using Azure credentials at the “Heroku Login URL” you have configured.

Keep reading

  • Single Sign-on (SSO)

Feedback

Log in to submit feedback.

Using Single Sign-on (SSO) Services with Heroku, for End Users Set Up Salesforce Identity SSO with Heroku

Information & Support

  • Getting Started
  • Documentation
  • Changelog
  • Compliance Center
  • Training & Education
  • Blog
  • Podcasts
  • Support Channels
  • Status

Language Reference

  • Node.js
  • Ruby
  • Java
  • PHP
  • Python
  • Go
  • Scala
  • Clojure

Other Resources

  • Careers
  • Elements
  • Products
  • Pricing

Subscribe to our monthly newsletter

Your email address:

  • RSS
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku Blog
    • Heroku News Blog
    • Heroku Engineering Blog
  • Heroku Podcasts
  • Twitter
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku
    • Heroku Status
  • Facebook
  • Instagram
  • Github
  • LinkedIn
  • YouTube
Heroku is acompany

 © Salesforce.com

  • heroku.com
  • Terms of Service
  • Privacy
  • Cookies
  • Cookie Preferences