Enable single sign-on (SSO) to authenticate to Honeycomb with your Microsoft Entra account. Microsoft Entra ID is formerly known as Microsoft Azure Active Directory (Azure AD).
In Honeycomb, Team Owners can require that their team members authenticate using Single Sign-On (SSO) via an external SAML 2.0 Identity Provider, such as Okta or Microsoft Entra ID.
When you configure SSO via an external SAML Identity Provider, you must get information generated during the configuration process from both Honeycomb and your Identity Provider. Because you will also need to enter information into both Honeycomb and your Identity Provider’s user interface, you will need to use more than one browser tab.
To successfully complete this guide, you should have an active Microsoft Entra account.
To begin, enable SSO in Honeycomb, which will allow you to get Honeycomb’s Service Provider settings:
In Honeycomb, navigate to Account > Team Settings, and select the Team Details view.
Locate the Single Sign-On section, which displays any previous SSO configuration.
If your team is already configured to use Google SSO, turn off Google SSO.
Select Enable SSO.
In the SSO provider configuration modal, select SAML/Okta, then select Next.
Locate the settings required by your Identity Provider. Information you will need includes:
Leave this browser tab open, so you will have the information you need to configure your Identity Provider.
Crewbacca, so the team’s generated identifier is
Next, configure your Identity Provider to work with Honeycomb. To do this, you must set up SSO for an application integration in your Identity Provider, and then specify which users should be able to use SSO to log in to your team in Honeycomb.
Set up SSO in your Identity Provider using the Service Provider settings you retrieved from Honeycomb:
Open a new browser tab, and go to your Microsoft Entra admin center.
In Microsoft Entra, go to Dashboard > Enterprise Applications > Overview.
Select + New application and a Browse Microsoft Entra Gallery display appears.
Select Create your own application.
When prompted, name your app in the format “Honeycomb [Your Team Name]” and select the Integrate any other applications you don’t find in the gallery (Non-gallery) radio option.
Because you can have multiple Honeycomb teams connected to SSO and separate SSO configurations for each Honeycomb team, ensure your chosen application name clearly defines which team uses this SSO integration. The application name will appear in your application directory after installation.
For this example, our team name is
Crewbacca, so we name our application
A new Enterprise Application named Honeycomb appears in the next screen.
Assign yourself access to the Honeycomb application. Your user account must be assigned to the Honeycomb application in order to finish configuration. You may assign other users to the application now, or you can wait and add more users later.
Select SAML as the single sign-on method.
For Set up Single Sign-On with SAML, locate the Basic SAML Configuration section, and enter your retrieved Honeycomb setting values according to the following mapping:
|Microsoft Entra ID Field||Honeycomb Setting Name|
|Identifier (Entity ID)||Service Provider Issuer/Entity ID|
|Reply URL (Assertion Consumer Service URL)||Service Provider ACS URL|
|Sign on URL||the
ui.honeycomb.ioURL to manually visit in the Single Sign-On section.
Locate the Attribute & Claims section, and add the following exact values:
All attributes should have no namespace.
Leave Advanced SAML Claims Options as their defaults:
|Advanced SAML Claims Option||Value|
The following image is a complete example of a Microsoft Entra SAML configuration for Honeycomb.
Finally, configure SSO in Honeycomb using the Identity Provider settings you retrieved from your Identity Provider.
Microsoft Entra provides a metadata URL, which allows Honeycomb to fetch the settings it needs and update them automatically.
To automatically configure SSO in Honeycomb:
You should see the SAML authentication flow begin. If successful, your team should now be able to use SAML SSO to authenticate.
Honeycomb requires the
user.surname to represent a user’s first or last name, you may use those other values to populate the corresponding claims instead.