SAML / Single Sign-On
Last updated
Last updated
With Heeler, you can enable single sign-on (SSO) using an Identity Provider (IdP) that supports Security Assertion Markup Language (SAML), such as Okta, Microsoft Entra ID, Google, or Ping Identity.
Heeler uses SAML 2.0 for all SAML SSO configurations. This includes configurations with supported Identity Providers and any custom configurations.
SAML 2.0 Identity Provider
Download the IDP metadata xml from your Identity Provider
Navigate to SAML Setup from the Administration icon -> Settings
Upload the Metadata XML file retrieved from your Identity Provider to Heeler
Copy the Entity ID
, Assertion Consumer URL
, and ACS Binding
settings over to your IDP to configure Heeler as a Service Provider.
Heeler supports the HTTP-POST binding for SAML2: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Heeler specifies urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
for the format of the NameIDPolicy in assertion requests
Required that SAML Responses are Signed
Required Attributes:
First Name
Last Name
Email
SAML Strict (recommended): Requires the SAML standard is strictly followed by the IDP including signing and encryption
Just-in-Time Provisioning (recommended): Once granted access in the IDP, new users are automatically created in Heeler when they log in from the IDP.
Group Mapping: Automatically sync group membership of the IDP in Heeler.