Heroku + QuantumK Authentication POC

This app demonstrates internal Heroku apps authenticating via QuantumK SAML, using the iam-authn-addon paved path.

Try SAML Login

Architecture

Heroku App (this service) QuantumK IdP SAML / OIDC Falcon iam-authn-addon provisions User Browser Internal employee Heroku Addon (future) 2. AuthnRequest 3. Assertion 1. visit app

How it works today

  1. Provision a Falcon service type and service instance
  2. Attach the iam-authn-addon with structured config specifying SAML client details
  3. Run the release addon pipeline to provision the QuantumK client
  4. Configure this app with the IdP metadata and SP credentials

Future: Heroku Addon

Automated provisioning of QuantumK clients as a Heroku addon:

heroku addons:create sfdc-iam:quantum-k --app my-internal-app

This would handle Falcon service creation, iam-authn-addon configuration, and credential injection automatically.