---
title: Configure Heroku for SSO
description: To complete single sign-on (SSO) setup for Heroku, configure these steps to enable SSO for users.
component: heroku
page_id: heroku::pf_heroku_integration_configure_heroku_for_sso
canonical_url: https://docs.pingidentity.com/integrations/heroku/pf_heroku_integration_configure_heroku_for_sso.html
revdate: February 24, 2025
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Configure Heroku for SSO

## About this task

To complete single sign-on (SSO) setup for Heroku, configure these steps to enable SSO for users.

|   |                                                                                                                                                                                                                                                                                                                                                             |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Make sure you have the following information from PingFederate:- The SSO Application Endpoint, which can be found on the **Activation & Summary** page of the **SP Connection** for Heroku.

- The exported certificate used to sign the SAML assertion that was configured in [Configure a Connection](pf_heroku_integration_configure_a_connection.html). |

## Steps

1. Go to https\://dashboard.heroku.com/orgs/*\<ORGANIZATION\_NAME>*/settings.

2. Sign on with your administrator credentials.

3. In the **Single Sign On** section, click **Add Metadata Manually**.

   ![Screen capture of the Add Metadata Manually button in the Single Sign On (SSO) section.](_images/hof1563995397443.jpg)

4. Enter the SSO Application endpoint into the **IdP Login Redirect URL** field.

   ```
   https://<pf_host>:<pf_port>/idp/startSSO.ping?PartnerSpId=<IdP_connection_entity_id>
   ```

   |   |                                                                                                                      |
   | - | -------------------------------------------------------------------------------------------------------------------- |
   |   | An email will be sent to new Heroku users instructing them on how to initiate SSO with the SSO Application endpoint. |

5. Copy and paste the SAML 2.0 Entity ID and signing certificate into the **Identity Provider Issuer URL** and **Public Certificate** fields, respectively.

   |   |                                                                                                                                                                                                    |
   | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | To override the SAML 2.0 Entity ID on the **Server Settings** page for your SP Connection, go to the **General Info** page and add a `Virtual Server ID`. This value sends as the SAML Issuer URL. |

   ![Screen capture of the Identity Provider Issuer URL, IdP Login Redirect URL and IdP Certificate fields.](_images/bkj1563995398269.jpg)

6. Click **Save**.