Heap - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Heap using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Heap, ensure you meet the following requirements:
- Heap admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Heap are registered in your IdP and have the necessary permissions to access Heap.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Heap - SSO configuration
Step 1 - Configure in Heap (Service Provider)
- Log into Heap as an Administrator.
- Go to Account
- Click on Manage and select Account settings.
- Open the SSO / SAML configuration area.
- Populate the fields using the values below.
SP values
| Field | Value |
|---|---|
| Your SAML Identity Provider certificate | Instructions in Step 2 |
| Your SAML Identity Provider details (Remote login URL) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
| Your SAML Identity Provider details (Logout landing URL) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml |
Step 2 - Configure in Multi-Pass (Identity Provider)
- Select the correct tenant
- Click on Integrations and then select Applications.
- In Custom integration, choose SAML.
- Complete SAML form :
| Field | Value |
|---|---|
| Client ID (= SP Entity ID) | https://heapanalytics.com |
| Name | heap |
| Description | Heap SSO integration |
| Assertion Consumer Service URL | https://heapanalytics.com/saml/finalize/<HEAP_ID>/ |
| NameID Policy Format | email |
- Under Tenant certificate, toggle the option and select Text. The Download button becomes Copy contents.
- Copy the certificate and paste it into a temporary editor (e.g., Notepad). Ensure it includes
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----. - Return to Heap and paste this certificate.
- Save configuration in Heap.
- Click Add integration.
- Click Advanced Console.
- Go to Clients, search for the integration you just created (heap).
General settings
| Field | Value |
|---|---|
| Client ID | https://heapanalytics.com |
| Name | heap |
| Description | Heap SSO integration |
| Always display in UI | ON |
Access settings
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
| Valid Redirect URIs (ACS) | https://heapanalytics.com/saml/finalize/<HEAP_ID>/ |
| IDP-Initiated SSO URL Name | <APP_NAME> |
SAML Capabilities
| Setting / Parameter | Value |
|---|---|
| Name ID Format | email |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting / Parameter | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Now that you have checked the different parameters, change to the tab called “Keys”.
- Make sure that both parameters are switched to OFF.
- Now go to the “Advanced” tab.
- The field “Assertion Consumer Service POST Binding URL” must equal the Valid Redirect URIs (ACS).
Step 3 - Testing
- In Heap, under Account → Manage, select Test beside SSO configuration and turn on Enable SSO for yourself.
- If the test succeeds, you should see a success banner.
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Vanta - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Vanta using MPAS. SSO simplifies user authentication by allowing access to multiple ...Dynatrace - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Dynatrace using MPAS. SSO simplifies user authentication by allowing access to multiple ...