C1 provides identity governance for Heroku. Integrate your Heroku platform with C1 for unified visibility and governance over user, team, app collaborator, and enterprise account access.
C1 provides identity governance for Heroku. Integrate your Heroku instance
with C1 for unified visibility and governance over user, team, app
collaborator, and enterprise account access.
Teams expose admin, member, viewer, collaborator, and owner role
entitlements. Enterprise accounts expose view, create, manage, and
billing permission entitlements. Apps expose a collaborator entitlement
plus the view, deploy, operate, and manage permission entitlements.
To configure the Heroku connector, you need an API token with global or
write-protected scope on the Heroku account that will own the connector.
Federated/SSO users cannot mint non-expiring API tokens — create a dedicated
service account in that case.
1
Sign in to Heroku with the account you want to use for the integration.
For SSO/federated organizations, sign in as a non-federated service
account.
2
Create a long-lived API token by running:
heroku authorizations:create --description "ConductorOne" --scope global
The --scope global flag is the simplest option and grants full
read/write access. For minimum-privilege provisioning, use
--scope write-protected instead. Read-only sync works with
--scope read.
3
Copy the value from the Token field of the command output. It begins
with HRKU-.
