|
Setting up Single Sign-On allows teammates to authenticate with their existing company credentials, making onboarding easier while strengthening security across your organization. When paired with just-in-time provisioning, new users can be added to your workspace automatically as soon as they log in, helping your team scale while maintaining compliance with enterprise standards such as SOC 2.
Before beginning the configuration process, work with your HeyGen Account Executive to register your company domains. As an Enterprise Super Admin, you will provide the list of domains your organization owns. Once registered, your workspace will be able to recognize users who sign up with those email addresses and provision their accounts when SSO is active.
To illustrate the setup process, this guide uses Microsoft Entra ID (formerly Azure Active Directory) as an example. Start by opening your Azure portal and creating a new application named HeyGen under Enterprise Applications. After the application is created, go to the Single Sign-On section and select the SAML option. You will enter two identifiers: the Entity ID set to api2.heygen.com, and the Reply URL, which you will find in your HeyGen Admin Panel under Security settings.
After saving these values, verify that the NameID claim is mapped to the user’s email address and add attributes for firstName and lastName so HeyGen can correctly identify users. Once this is complete, assign teammates by selecting users or groups within Azure and granting them access to the HeyGen application.
The next step is to download the metadata file from Azure. From this file, you will reference three items: the Entity ID, the SSO URL, and the Certificate. These values should be copied into the corresponding fields within your HeyGen Admin Panel. After saving the configuration, you can test the connection by choosing Sign in with SSO on the HeyGen login page. If everything is set up correctly, you will be authenticated through your identity provider and taken directly into your workspace.
Completing these steps ensures your organization has a secure, centralized authentication process. Single Sign-On supports smoother onboarding, consistent identity management, and the security posture required for enterprise-level workflows.