After enabling SAML SSO on your GitHub organisation you start seeing errors when loading Heroku dashboard pages for apps or pipelines which are linked to GitHub. The most common error message you will see is:
Item could not be retrieved: Resource protected by organization SAML enforcement. You must grant your OAuth token access to this organization.
However, you may also see messages with 404, 403 responses or messages saying
Item could not be retrieved.
This all occurs because your Heroku account or the Heroku account which linked the app/pipeline to GitHub, no longer have permission to access the resources within the GitHub organisation that are protected by SAML SSO.
If you don't use the Heroku dashboard often, but do make pushes to GitHub which auto-deploy to Heroku applications these deployments may also fail. You should also perform the steps below if you are seeing issues with auth-deployments after enabling SAML SSO.
When you link your Heroku account to GitHub we store a GitHub OAuth token for your account within our GitHub Integration service. When enabling SAML SSO on your GitHub organisation the OAuth token we have stored losing access to the resources in your GitHub organisation.
To correct this you will need to do the following:
- Ensure that you have logged into https://github.com after SAML SSO was enabled and you went through the SSO process to sign into GitHub.
- Go to the applications tab in your user settings on the Heroku dashboard
- Click the
Re-authorizebutton to re-authorise your GitHub account
This will generate the GitHub OAuth token for your Heroku account. This will use the currently logged in account at https://github.com. You may be prompted to give permission to Heroku to access your GitHub org. If are not logged into GitHub or you do this from incognito mode/a private browser window, it will ask you to log in to GitHub.