Skip Navigation
Show nav
Heroku Dev Center
  • Get Started
  • Documentation
  • Changelog
  • Search
  • Get Started
    • Node.js
    • Ruby on Rails
    • Ruby
    • Python
    • Java
    • PHP
    • Go
    • Scala
    • Clojure
  • Documentation
  • Changelog
  • More
    Additional Resources
    • Home
    • Elements
    • Products
    • Pricing
    • Careers
    • Help
    • Status
    • Events
    • Podcasts
    • Compliance Center
    Heroku Blog

    Heroku Blog

    Find out what's new with Heroku on our blog.

    Visit Blog
  • Log inorSign up
View categories

Categories

  • Heroku Architecture
    • Dynos (app containers)
    • Stacks (operating system images)
    • Networking & DNS
    • Platform Policies
    • Platform Principles
  • Command Line
  • Deployment
    • Deploying with Git
    • Deploying with Docker
    • Deployment Integrations
  • Continuous Delivery
    • Continuous Integration
  • Language Support
    • Node.js
    • Ruby
      • Working with Bundler
      • Rails Support
    • Python
      • Background Jobs in Python
      • Working with Django
    • Java
      • Working with Maven
      • Java Database Operations
      • Working with Spring Boot
      • Java Advanced Topics
    • PHP
    • Go
      • Go Dependency Management
    • Scala
    • Clojure
  • Databases & Data Management
    • Heroku Postgres
      • Postgres Basics
      • Postgres Getting Started
      • Postgres Performance
      • Postgres Data Transfer & Preservation
      • Postgres Availability
      • Postgres Special Topics
    • Heroku Data For Redis
    • Apache Kafka on Heroku
    • Other Data Stores
  • Monitoring & Metrics
    • Logging
  • App Performance
  • Add-ons
    • All Add-ons
  • Collaboration
  • Security
    • App Security
    • Identities & Authentication
    • Compliance
  • Heroku Enterprise
    • Private Spaces
      • Infrastructure Networking
    • Enterprise Accounts
    • Enterprise Teams
    • Heroku Connect (Salesforce sync)
      • Heroku Connect Administration
      • Heroku Connect Reference
      • Heroku Connect Troubleshooting
    • Single Sign-on (SSO)
  • Patterns & Best Practices
  • Extending Heroku
    • Platform API
    • App Webhooks
    • Heroku Labs
    • Building Add-ons
      • Add-on Development Tasks
      • Add-on APIs
      • Add-on Guidelines & Requirements
    • Building CLI Plugins
    • Developing Buildpacks
    • Dev Center
  • Accounts & Billing
  • Troubleshooting & Support
  • Integrating with Salesforce
  • Heroku Enterprise
  • Single Sign-on (SSO)
  • Set Up Salesforce Identity SSO with Heroku

Set Up Salesforce Identity SSO with Heroku

English — 日本語に切り替える

Last updated August 31, 2021

Table of Contents

  • Download Identity Provider Metadata from Salesforce
  • Set up the Service Provider side (Heroku)
  • Link Salesforce Identity to Heroku

SSO is available only in Heroku Enterprise. For specific instructions for other SSO providers, see the Using Single Sign-On Services with Heroku, for Administrators article.

Salesforce Identity can serve as the identity provider, or “IdP,” to provide single sign-on (SSO) user login to Heroku via SAML.

Setting up Salesforce as Identity provider for Heroku takes only a few simple steps involving Salesforce and Heroku web interfaces:

Download Identity Provider Metadata from Salesforce

If you have already setup Salesforce as an identity provider, you can login to your Salesforce org as admin and download the Identity Provider metadata file by navigating to *Settings > Identity > Identity Provider *

If you need to setup Salesforce as an identity provider or change the identity provider configuration, refer detailed instructions including prerequisites.

Set up the Service Provider side (Heroku)

  1. In the Heroku web interface, select the Heroku Enterprise Team or Enterprise Account for which you want to set up SSO.
  2. Go to the settings tab, click Setup SSO and upload the IdP metadata file you downloaded from Salesforce.
  3. Toggle Enable SSO switch to enable federation.

Link Salesforce Identity to Heroku

You will see three values displayed in the Heroku dashboard in quick-copy fields. Heroku dashboard SSO settings You’ll need these values to create and setup a Connected App on Salesforce using the following steps.

  1. In a separate browser tab, navigate to your Salesforce Admin homepage and navigate to Settings > Identity > Identity Provider.
  2. Click the link under Service Providers section to create a new Connected App
  3. Fill in the required “Connected App Name”, “API Name”, and “Contact E-mail” fields. Note the app name because you’ll need it in the next step.
  4. In the “Web App Settings” area, click Enable SAML and paste in the three values from the Heroku dashboard.
  5. Make sure that the “Name ID Format” pick-list in the Salesforce interface is set to the format described in the Heroku SSO settings list.
  6. Set “Subject type” to “username”. (Make sure that this username represents each user’s actual e-mail address. Some Salesforce installations permit email-like usernames that do not correspond to working e-mail addresses.)
  7. Click Save at the bottom of the page.

Salesforce SSO settings

Finally, you’ll need to grant users access to this “Connected app” to enable SSO.

  1. Navigate to your Salesforce Admin homepage.
  2. Click Administer > Manage Users > Profiles.
  3. Click the Profile Name of the user profile to which you want to extend Heroku login.
  4. Click the Edit button, scroll down to “Connected App Access”, and select the Connected App you created in the previous page. (Repeat this step for any other user profiles that should be also be granted SSO login for Heroku.)
  5. Scroll to the bottom of the page and click Save.

Congratulations! Setup is complete. Heroku users will now be able to login using Salesforce credentials at the “Heroku Login URL” you have configured.

Keep reading

  • Single Sign-on (SSO)

Feedback

Log in to submit feedback.

Using Single Sign-on (SSO) Services with Heroku, for End Users SSO for Heroku

Information & Support

  • Getting Started
  • Documentation
  • Changelog
  • Compliance Center
  • Training & Education
  • Blog
  • Podcasts
  • Support Channels
  • Status

Language Reference

  • Node.js
  • Ruby
  • Java
  • PHP
  • Python
  • Go
  • Scala
  • Clojure

Other Resources

  • Careers
  • Elements
  • Products
  • Pricing

Subscribe to our monthly newsletter

Your email address:

  • RSS
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku Blog
    • Heroku News Blog
    • Heroku Engineering Blog
  • Heroku Podcasts
  • Twitter
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku
    • Heroku Status
  • Facebook
  • Instagram
  • Github
  • LinkedIn
  • YouTube
Heroku is acompany

 © Salesforce.com

  • heroku.com
  • Terms of Service
  • Privacy
  • Cookies
  • Cookie Preferences