Enable Single Sign-On (SSO) for HERE Platform Portal Login
Symptoms / Triggers
You may need this article if:
Your organization wants users to sign in to platform.here.com using your corporate Identity Provider (IdP) instead of HERE account passwords.
You do not see an SSO or Identity Providers option in Access Manager, even though you are an Org Admin.
Your security or IT team requires SAML-based SSO integration (Okta, Entra ID, Keycloak, etc.) before allowing user access.
---
### Quick Answer
SSO login for the HERE Platform portal is available only to organizations with an active Premium or Premium Success support plan. If your organization is eligible, an Org Admin (with an assigned IdP Manager role) can enable and configure SAML 2.0 SSO directly in the HERE Platform portal under Access Manager → Identity Providers.
---
### Prerequisites
Before configuring SSO, ensure the following:
0. Enterprise Plan
You need an Enterprise Plan but not Base Plan as this feature is not available for self-serve tier accounts.
1. Eligible support plan
SSO is supported for customers with Premium or Premium Success support plans only. If your organization does not see SSO options in the portal, contact your HERE account manager to confirm eligibility and request activation.
2. Org Admin access
You must be an Org Admin in the HERE Platform for enabling the SSO feature.
3. IdP Manager role assigned
One user in the organization must be assigned the IdP Manager role to configure or update Identity Provider settings. It is recommended to have only one IdP Manager at a time and not assign the Restricted Access role to this user.
4. Supported IdP
HERE Platform supports SAML 2.0 with commonly used IdPs such as Okta, Microsoft Entra ID (Azure AD), Keycloak, and other SAML-compliant providers.
---
### Step-by-Step: Enable SSO Login
#### 1. Add your Identity Provider
1. Sign in to https://platform.here.com using an existing HERE account.
2. Open the launcher menu and go to Access Manager.
3. Open the Identity Providers tab.
4. Select Add a provider.
5. Enter your IdP details.
6. Choose a template if applicable (Okta, Keycloak, Entra, or Generic).
#### 2. Enable SSO as the login method
1. In Identity Providers, select Set login type.
2. Choose Single Sign-On (SSO) login.
#### 3. Test the configuration
1. Sign out of the HERE Platform.
2. Sign in again to verify that authentication is redirected to your Identity Provider.
---
### Important Notes
If an incorrect configuration causes loss of access, the IdP Manager can use the temporary access recovery process during the current session.
You must know your Organization ID (Org ID) for recovery.
Configuration changes may take up to five minutes to synchronize globally.
---
### SAML Attribute Requirements
Your SAML response must include signed assertions for at least the following attributes:
First name
Last name
Email address
Country code
---
### Applies To
HERE Enterprise Plan account on HERE Platform (platform.here.com)
SAML 2.0 SSO authentication
Premium and Premium Success support plans only
---
### Reference
SSO integration with HERE using SAML 2.0 - with the platform portal UI
* SSO integration with HERE using SAML 2.0 - with the OLP CLI
---
### Tags
SSO login, SAML SSO, platform login, Identity Provider, Okta, Entra ID, Azure AD, Keycloak, Access Manager, IdP Manager, Premium support
You may need this article if:
Your organization wants users to sign in to platform.here.com using your corporate Identity Provider (IdP) instead of HERE account passwords.
You do not see an SSO or Identity Providers option in Access Manager, even though you are an Org Admin.
Your security or IT team requires SAML-based SSO integration (Okta, Entra ID, Keycloak, etc.) before allowing user access.
---
### Quick Answer
SSO login for the HERE Platform portal is available only to organizations with an active Premium or Premium Success support plan. If your organization is eligible, an Org Admin (with an assigned IdP Manager role) can enable and configure SAML 2.0 SSO directly in the HERE Platform portal under Access Manager → Identity Providers.
---
### Prerequisites
Before configuring SSO, ensure the following:
0. Enterprise Plan
You need an Enterprise Plan but not Base Plan as this feature is not available for self-serve tier accounts.
1. Eligible support plan
SSO is supported for customers with Premium or Premium Success support plans only. If your organization does not see SSO options in the portal, contact your HERE account manager to confirm eligibility and request activation.
2. Org Admin access
You must be an Org Admin in the HERE Platform for enabling the SSO feature.
3. IdP Manager role assigned
One user in the organization must be assigned the IdP Manager role to configure or update Identity Provider settings. It is recommended to have only one IdP Manager at a time and not assign the Restricted Access role to this user.
4. Supported IdP
HERE Platform supports SAML 2.0 with commonly used IdPs such as Okta, Microsoft Entra ID (Azure AD), Keycloak, and other SAML-compliant providers.
---
### Step-by-Step: Enable SSO Login
#### 1. Add your Identity Provider
1. Sign in to https://platform.here.com using an existing HERE account.
2. Open the launcher menu and go to Access Manager.
3. Open the Identity Providers tab.
4. Select Add a provider.
5. Enter your IdP details.
6. Choose a template if applicable (Okta, Keycloak, Entra, or Generic).
#### 2. Enable SSO as the login method
1. In Identity Providers, select Set login type.
2. Choose Single Sign-On (SSO) login.
#### 3. Test the configuration
1. Sign out of the HERE Platform.
2. Sign in again to verify that authentication is redirected to your Identity Provider.
---
### Important Notes
If an incorrect configuration causes loss of access, the IdP Manager can use the temporary access recovery process during the current session.
You must know your Organization ID (Org ID) for recovery.
Configuration changes may take up to five minutes to synchronize globally.
---
### SAML Attribute Requirements
Your SAML response must include signed assertions for at least the following attributes:
First name
Last name
Email address
Country code
---
### Applies To
HERE Enterprise Plan account on HERE Platform (platform.here.com)
SAML 2.0 SSO authentication
Premium and Premium Success support plans only
---
### Reference
SSO integration with HERE using SAML 2.0 - with the platform portal UI
* SSO integration with HERE using SAML 2.0 - with the OLP CLI
---
### Tags
SSO login, SAML SSO, platform login, Identity Provider, Okta, Entra ID, Azure AD, Keycloak, Access Manager, IdP Manager, Premium support