Heru Portal
      Back to home
      1. Heru Customer Portal
      2. FAQ
      3. Heru Portal

      How do I set up SSO on the Heru Portal for use with Microsoft 365 (Azure Active Directory)?

      This article assumes that you've followed the steps to enable SSO in your Heru portal account.

      Once you've filled in the hostnames for your SSO and non-SSO URLs, it's time to configure Azure Active Directory to be an identity provider for the Heru Portal.

      1. Set the Heru Portal browser window (with the SSO settings) aside for a moment. You'll need it later!
      2. In a new window, log in to the Azure Portal as a user who has the ability to add Enterprise Applications.
      3. Click Microsoft Entra ID
      4. On the left-side menu, click Enterprise applications
      5. Toward the top, click + New Application
      6. Click
      7. In the name box, type Heru Portal
      8. Select Integrate any other application you don't find in the gallery (Non-gallery)
      9. Click Create
      10. You should now see a page that looks like this:
      11. Click 1. Assign users and groups and add any users that you want to be able to use SSO to access the Heru Portal.  Don't forget to add yourself!
      12. Click Single sign-on
      13. Click SAML
      14. In box 1 (Basic SAML Configuration), click
      15. In the Heru Portal window, click the copyicon next to Identifier (Entity ID)
      16. In the Azure Portal window, under Identifier (Entity ID), click Add identifier, and paste the value from step 15.
      17. In the Heru Portal window, click the copyicon next to Reply (ACS) URL
      18. In the Azure Portal window, under Reply URL (Assertion Consumer Service URL), click Add reply URL, and paste the value from step 17.
      19. In the Heru Portal window, click thecopyicon next to Sign On URL
      20. In the Azure Portal window, under Sign on URL (Optional), paste the value from step 19.
      21. Click Save
      22. After a few seconds, you should see a notification that the configuration was saved successfully. Click the X in the top-right of the Basic SAML Configuration pane.
      23. Scroll down to box 3.  Click Download next to Federation Metadata XML.
      24. Open your downloads folder and locate the file that was just downloaded.
      25. Go back to your Heru Portal window, and drag the downloaded file to this box:
        Drag & drop XML file here, or click to select file
        (or, as it says, you may click the box and locate the file that way.)
      26. If all went well, the three fields below the box from step 25 should have auto-populated. Do not change these values!
      27. Most sites will want to check the box next to Automatically Provision Users. This will allow for any user that succeeds SSO, to be automatically created in the portal, if they don't already exist. Note that users created in this manner must use SSO to log in, so removing them from your Azure Active Directory will revoke their ability to log in, even though the user may still exist in the Heru Portal.
      28. Click Submit.
      29. You have now enabled SSO for your account! Communicate the new portal hostname to your users, as they will be unable to log in using portal.seeheru.com.

      The first time you try to use the SSO hostname to log in, you may get a certificate error.  Try again in a minute or two; the system is busily generating and fetching an SSL certificate.