Skip to main content
This guide shows how to configure a generic SAML 2.0 identity provider (IdP) for your Honeydew account.
Use this guide if your SAML provider is not covered by a specific integration guide. For PingIdentity, Entra ID, or other providers with dedicated guides, refer to those instead.
1

Set up your identity provider (IdP)

Create a SAML 2.0 application in your identity provider.
  1. Log in to your identity provider’s admin console.
  2. Create a new SAML 2.0 application.
  3. Choose a name for the application (e.g. Honeydew).
  4. In the SAML configuration, you will need to provide:
    • ACS URL (Assertion Consumer Service URL)
    • Entity ID (also called Audience URI or SP Entity ID)
    For now, enter placeholder values (e.g. https://example.com). These will be updated with the correct values in a later step.
  5. Save the application configuration.
  6. Locate and save the following information from your SAML application:
    • Issuer ID (IdP Entity ID)
    • Single Sign-On URL (SSO URL or SAML 2.0 Endpoint)
    • Single Logout URL (SLO URL, if supported)
    • X.509 Signing Certificate
    This information will be needed to configure Honeydew.
    The certificate should be in X.509 format (PEM or CRT). Some providers offer a metadata XML file that contains all required information.
  7. Configure the following SAML attribute mappings:
    • email - User’s email address (required)
    • given_name - User’s first name (required)
    • family_name - User’s last name (required)
    • name - User’s full name (required)
    These attributes allow Honeydew to create and identify user profiles.
  8. Assign users or groups that should have access to Honeydew.
2

Configure SAML support in Honeydew

Now that your SAML IdP is ready, configure it in Honeydew.Please pass the following information to your Honeydew contact or to [email protected]:
  • Issuer ID (IdP Entity ID) from your SAML application
  • Single Sign-On URL (SSO URL) from your SAML application
  • Single Logout URL (if supported by your IdP)
  • X.509 Signing Certificate from your SAML application
  • Email domains used in your company’s email addresses
You will receive back from Honeydew:
  • Entity ID - The unique identifier for Honeydew (Service Provider)
  • ACS URL - The Assertion Consumer Service URL for Honeydew
  • Sign On URL - The URL to initiate single sign-on
3

Finish SAML configuration in your identity provider

  1. Return to your SAML application in your identity provider.
  2. Edit the SAML configuration and update the placeholder values:
    • Set Entity ID to the value provided by Honeydew
    • Set ACS URL to the value provided by Honeydew
    • Set Initiate Sign-On URL to the value provided by Honeydew (if your provider supports this field)
  3. Save your configuration.
  4. Enable the SAML application if it’s not already enabled.
  5. Notify your Honeydew contact or [email protected] that the configuration is complete.
  6. Once complete, test the SAML setup by logging in to Honeydew. Any user with an email address matching the domain you provided will be able to log in using your SAML provider. Upon login they will be redirected to your provider’s login page.

Required SAML Attributes

Your SAML provider must send the following attributes in the assertion:
AttributeDescriptionRequired
emailUser’s email addressYes
given_nameUser’s first nameYes
family_nameUser’s last nameYes
nameUser’s full nameYes