LogoLogo
  • Welcome to Heeler!
    • Overview
    • Terminology
  • Getting Started
    • Code Setup
      • GitHub
      • GitLab
      • Azure DevOps
      • Bitbucket
      • Artifactory
      • GitHub Container Registry
      • On-Premises Broker
    • Cloud Setup
      • Amazon Web Services
        • AWS Supported Services
        • AWS Event Collection
      • Google Cloud Platform
        • GCP Supported Services
        • GCP Event Collection
    • Environment Boundaries
      • Implementing an Organizational Unit or Account Strategy
      • Implementing a Tag Strategy
      • Implementing a Resource Strategy
    • Integration Setup
      • Jira
      • Slack
      • Microsoft Teams
      • Shortcut
    • User Management
      • SAML / Single Sign-On
  • Product Walk-Through
    • Dashboard
    • Catalog
    • Security
Powered by GitBook
On this page
  • Overview
  • Requirements
  • Heeler (Service Provider) Setup
  • Identity Provider Setup
  • Optional SAML Settings

Was this helpful?

  1. Getting Started
  2. User Management

SAML / Single Sign-On

PreviousUser ManagementNextProduct Walk-Through

Last updated 11 months ago

Was this helpful?

Overview

With Heeler, you can enable single sign-on (SSO) using an Identity Provider (IdP) that supports Security Assertion Markup Language (SAML), such as Okta, Microsoft Entra ID, Google, or Ping Identity.

Heeler uses SAML 2.0 for all SAML SSO configurations. This includes configurations with supported Identity Providers and any custom configurations.

Requirements

  • SAML 2.0 Identity Provider

  • Download the IDP metadata xml from your Identity Provider

Heeler (Service Provider) Setup

Navigate to SAML Setup from the Administration icon -> Settings

Upload the Metadata XML file retrieved from your Identity Provider to Heeler

Identity Provider Setup

Copy the Entity ID, Assertion Consumer URL, and ACS Binding settings over to your IDP to configure Heeler as a Service Provider.

  • Heeler supports the HTTP-POST binding for SAML2: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

  • Heeler specifies urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress for the format of the NameIDPolicy in assertion requests

  • Required that SAML Responses are Signed

  • Required Attributes:

    • First Name

    • Last Name

    • Email

Optional SAML Settings

  • SAML Strict (recommended): Requires the SAML standard is strictly followed by the IDP including signing and encryption

  • Just-in-Time Provisioning (recommended): Once granted access in the IDP, new users are automatically created in Heeler when they log in from the IDP.

  • Group Mapping: Automatically sync group membership of the IDP in Heeler.