eyJyZWNpcGUiOnsiYWRkb25zIjp7InNhbWxwIjp7Im1hcHBpbmdzIjp7ImVtYWlsIjoiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZW1haWxhZGRyZXNzIn0sImNyZWF0ZVVwbkNsYWltIjpmYWxzZSwicGFzc3Rocm91Z2hDbGFpbXNXaXRoTm9NYXBwaW5nIjpmYWxzZSwibWFwVW5rbm93bkNsYWltc0FzSXMiOmZhbHNlLCJtYXBJZGVudGl0aWVzIjpmYWxzZSwibmFtZUlkZW50aWZpZXJGb3JtYXQiOiJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDplbWFpbEFkZHJlc3MiLCJuYW1lSWRlbnRpZmllclByb2JlcyI6WyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9lbWFpbGFkZHJlc3MiXX19fSwic3VwcG9ydF9sZXZlbCI6ImNvbW11bml0eSIsIm1ldGFfdGl0bGUiOiJIZXJva3UgSW50ZWdyYXRpb24gd2l0aCBBdXRoMCIsIm1ldGFfZGVzY3JpcHRpb24iOiJIZXJva3UgLSBBbGxvdyBIZXJva3UgZGV2ZWxvcGVycyBhIHNlY3VyZSwgY2VudHJhbGl6ZWQgd2F5IHRvIGxvZyBpbnRvIEhlcm9rdSBmcm9tIEF1dGgwIiwiZm9ybV9maWVsZHMiOlt7Im5hbWUiOiJjYWxsYmFja3MiLCJsYWJlbCI6IkNhbGxiYWNrIFVSTCIsInBsYWNlaG9sZGVyIjoiaHR0cHM6Ly9zc28uaGVyb2t1LmNvbS9zYW1sL1lPVVItSEVST0tVLU9SRyIsImRhdGFUeXBlIjoidXJpIiwicmVxdWlyZWQiOnRydWV9LHsibmFtZSI6ImFkZG9ucy5zYW1scC5hdWRpZW5jZSIsImxhYmVsIjoiQXVkaWVuY2UiLCJwbGFjZWhvbGRlciI6Imh0dHBzOi8vc3NvLmhlcm9rdS5jb20vc2FtbC9ZT1VSLUhFUk9LVS1PUkciLCJkYXRhVHlwZSI6InVyaSIsInJlcXVpcmVkIjp0cnVlfV19

Heroku easily integrates with Auth0 to enable single sign-on (SSO) to Heroku using the same credentials and login experience as your other SSO-enabled service providers.

Using SSO, an employee logs in to Heroku using your identity provider’s interface instead of the Heroku login page. The employee’s browser is then redirected to Heroku, authenticated and ready to go. When SSO is enabled, Heroku’s own login mechanism is disabled, meaning that authentication security is shifted to Auth0 and coordinated with your other service providers.

<p>The Heroku <a href="https://auth0.com/docs/sso">Single Sign-on (SSO)</a> Integration creates a client application that uses Auth0 for authentication and provides SSO capabilities for Heroku. Your users log in to Heroku with Auth0 <a href="https://auth0.com/docs/authenticate/identity-providers">identity providers</a>, which means the identity provider performs the identity credentials verification.</p>


<h2 id="prerequisites">Prerequisites</h2>
<p>Before you begin:</p>
<ul>
<li>  Sign up for a Heroku account.</li>
<li>  <a href="https://auth0.com/docs/authenticate/identity-providers">Set up a connection</a>, which is a source of users. Connections can be databases, social identity providers, or enterprise identity providers, and can be shared among different applications. You may set up more than one connection for use with SSO integrations.</li>
</ul>


<h2 id="configure-auth0-sso-integration">Configure Auth0 SSO Integration</h2>
<p>Enter a name for your SSO Integration, configure the following settings, and click <strong>Save</strong>.</p>
<table class="table"><thead><tr><th><strong>Setting</strong></th><th><strong>Description</strong></th></tr></thead><tbody><tr><td>Callback URL</td><td>URL to which the user is redirected after login (<code>https://sso.heroku.com/saml/YOUR-HEROKU-ORG</code>).</td></tr><tr><td>Audience</td><td>Your Heroku URL (<code>https://sso.heroku.com/saml/YOUR-HEROKU-ORG</code>).</td></tr><tr><td>Use Auth0 instead of the IdP to do Single Sign-on (SSO). **Legacy tenants only.**</td><td>If enabled, Auth0 will handle SSO instead of Heroku.</td></tr></tbody></table>

<p><img src="https://auth0.com/docs/media/articles/dashboard/sso-integrations/dashboard-integrations-sso-create_settings.png" alt="Save Integration"></p>


<h2 id="configure-integration-with-heroku">Configure integration with Heroku</h2>
<p>To configure the integration with Heroku, follow the instructions listed in the <strong>Tutorial</strong> view (which will appear when you save the initial configuration settings).</p>


<h2 id="enable-connections">Enable connections</h2>
<p>Choose the connections to use with your SSO integration. Users in enabled connections will be allowed to log in to Heroku. By default, all configured connections are enabled.</p>
<ol>
<li>Select the <strong>Connections</strong> view.</li>
<li> Toggle the sliders next to connection names to enable or disable them. <img src="https://auth0.com/docs/media/articles/dashboard/sso-integrations/dashboard-integrations-sso-create_view-connections.png" alt="Enable/Disable Connections"></li>
</ol>


Heroku - Allow Heroku developers a secure, centralized way to log into Heroku from Auth0

Heroku Integration with Auth0

Heroku

Auth0 makes authentication and authorization easy. From SSO to MFA, passwordless to user profiling, and consumer to SaaS apps, we’ve got what you need to tackle any identity use case.

Secure access for everyone but not just anyone

Allow Heroku developers a secure, centralized way to log into Heroku from Auth0