Academy decor
Setup checklist
Back to overview
Getting startedSet up your workspaceManaging sub-workspacesInvite members to your workspaceSet up SAML SSO with OktaSet up SAML SSO with Microsoft Entra ID

Set up SAML SSO with Microsoft Entra ID

Welcome to HeyGen Academy.
This lesson covers how to set up SAML Single Sign-On (SSO) with your identity provider, register your company domain for just-in-time provisioning, and manage access controls.

SAML SSO allows your team to log in securely using company credentials while centralizing authentication. This enterprise feature supports smoother onboarding, stronger security, and compliance with standards such as SOC 2.

Before getting started, make sure you are connected with your HeyGen Account Executive, who can assist with onboarding coordination, domain registration, and provisioning.

Register your company domain

As an Enterprise Admin, you can register your organization’s email domain with your HeyGen workspace. This step is required to enable just-in-time provisioning when using SAML SSO.

Domain registration is currently a manual process. Provide HeyGen with a list of all domains owned by your organization.

Once registered, these domains enable:

  • Automatic Discovery – users signing up with your company email domain will see your enterprise workspace.
  • Just-in-Time Provisioning – when combined with SAML SSO, user accounts can be created automatically at first login.

Set up SAML SSO with Microsoft Entra ID (Azure AD)

To begin, sign in to your Azure portal and open Microsoft Entra ID.

Navigate to Enterprise Applications, then select All Applications.
Click New Application, choose Create your own application, name it HeyGen, and click Create.

Once the application is created, open the Single Sign-On section and select SAML.

Configure SAML settings

Click Edit to configure the SAML details.

For the Identifier (Entity ID), enter:
api2.heygen.com

For the Reply URL, return to your HeyGen dashboard, go to Account Settings, open the Security tab, enable SSO, and copy the provided URL.

Paste the Reply URL into Entra ID and click Save.

Ensure the application passes user identity in email format.
The NameID claim must be set to the user’s email address.

Add user attributes for:

  • firstName
  • lastName

Assign users and groups

Next, select Assign users and groups, then click Add user or group.

Choose the teammates who should have access to HeyGen via SSO and click Assign.

Collect configuration values

Return to the Single Sign-On page and scroll to the sections labeled SAML Certificate and Set Up HeyGen.

From these sections, gather the following values:

  • Certificate (Base64)
  • Login URL
  • Microsoft Entra ID

Keep these values available for the final configuration step.

Complete setup in HeyGen

Go back to your HeyGen Admin Panel and open the SSO Settings page.

Paste the certificate, login URL, and Entra ID values into the corresponding fields, then click Save.

Your SAML connection between HeyGen and Microsoft Entra ID is now configured.

Test your SSO setup

To verify the setup, open the HeyGen login page and select Sign in with SSO.

Log in using your company credentials. If everything is configured correctly, you’ll be taken directly into HeyGen with SSO enabled.

SAML SSO is now active for your HeyGen workspace.
Your team can sign in securely using company credentials, without additional passwords or steps.