Configuring SSO with Heroku

Follow these simple steps to configure SSO for Heroku's dashboard. Once enabled you will be able to login into Heroku using any of the Auth0 supported identity providers.

1. Login to Heroku

Go to your organization settings page in Heroku, and scroll to the SSO settings:

Keep this page open. The two parameters you will need in the next step are:

  • Heroku Entity ID

2. Register Heroku in Auth0

Log in to your dashboard and create a new application. Pick a name (e.g. Heroku), select the Addons section of the new app, and enable SAML2:

Enter the ACS URL from the previous step into the Application Callback URL. Then enter the following settings:

 "audience":  "{THE HEROKU ENTITY ID}",
 "mappings": {
   "email":       "",
 "createUpnClaim":       false,
 "passthroughClaimsWithNoMapping": false,
 "mapUnknownClaimsAsIs": false,
 "mapIdentities":        false,
 "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
 "nameIdentifierProbes": [

Notice the audience parameter is the Heroku Entity ID value from step 1. It will be of the form:{YOUR HEROKU ORG}

Scroll down and click on "Save". Now select the Usage section in the SAML configuration and download the Identity Provider Metadata:

3. Complete configuration in Heroku

Back on Heroku, click on Upload Metadata and select the file you downloaded in the previous step:

You are done, congratulations!