GuidesAPI Reference
Guides
  1. HERE Identity and Access Management

Premium IAM Features

The premium IAM features described in this section are only available through a subscription. For more information, contact a HERE account manager.

These features provide organizations with additional capabilities, such as more control of authentication and access, and can provide overrides to their default limits. These are typically used by companies that have specific needs beyond the capabilities provided by the HERE platform.

HERE account executive access

The HERE account executive sign-in feature allows authorized users, designated as the role of Org Admin, to sign in to an organization using their Single Sign-On (SSO) credentials, which work in combination with HERE SSO.

Using this feature provides Org Admins with a way to verify that anyone from HERE, who is managing a customer organization, is an active employee of HERE and can authenticate using HERE SSO. This also allows HERE Support Admins access to customer organization accounts using HERE SSO. For more information, see Manage account executive access.

Single Sign-On (SSO)

The SSO feature allows customers to set their organization's authentication to use their identity provider (IdP) and validate their users against their own managed user list. Any user signing into an organization set to SSO requires that users authenticate against the customer supplied IdP, and are subject to the customer’s authentication policy. All users in the organization still need to be invited to the organization by an authorized user.

HERE currently supports the SAML 2.0 protocol for the authentication of users for any trusted, third-party identity provider such as OKTA, Entra, Keycloak.

Users without the SSO subscription are defaulted to a password based login.

Limits for projects and roles

This feature provides an override of the default maximum limits for the number of projects and roles that a user can have. For each organization, the default number of projects a user can have is 50, and the default number of roles a user can have is 100. To calculate the number of roles (for example, Org Admin, projectadmin), each role counts against the limit for that user.

This feature allows an organization to increase the number of projects a user can have to a maximum of 1000. If the number of projects exceeds 100, the roles which a user can have must also increase, with a maximum role limit of 1000 (999 project related roles + the user role).

Limits for number of apps

This feature provides an override of the default maximum limit (100) for the number of apps per user. Consult with a HERE account manager if you require more apps per user for your organization.

Updated 10 hours ago