SAML / Single Sign-On

Overview

With Heeler, you can enable single sign-on (SSO) using an Identity Provider (IdP) that supports Security Assertion Markup Language (SAML), such as Okta, Microsoft Entra ID, Google, or Ping Identity.

Heeler uses SAML 2.0 for all SAML SSO configurations. This includes configurations with supported Identity Providers and any custom configurations.

Requirements

  • SAML 2.0 Identity Provider

  • Download the IDP metadata xml from your Identity Provider

Heeler (Service Provider) Setup

Navigate to SAML Setup from the Administration icon -> Settings

Upload the Metadata XML file retrieved from your Identity Provider to Heeler

Identity Provider Setup

Copy the Entity ID, Assertion Consumer URL, and ACS Binding settings over to your IDP to configure Heeler as a Service Provider.

  • Heeler supports the HTTP-POST binding for SAML2: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

  • Heeler specifies urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress for the format of the NameIDPolicy in assertion requests

  • Required that SAML Responses are Signed

  • Required Attributes:

    • First Name

    • Last Name

    • Email

Optional SAML Settings

  • SAML Strict (recommended): Requires the SAML standard is strictly followed by the IDP including signing and encryption

  • Just-in-Time Provisioning (recommended): Once granted access in the IDP, new users are automatically created in Heeler when they log in from the IDP.

  • Group Mapping: Automatically sync group membership of the IDP in Heeler.

PreviousUser ManagementNextProduct Walk-Through

Last updated

Was this helpful?