1. Docs
  2. Get Started
  3. Configure Honeycomb
  4. Teams
  5. Configure Access
  6. Microsoft Entra ID/SAML SSO

Microsoft Entra ID/SAML SSO

Ent Pro
Note
This feature is available as part of the Honeycomb Pro and Enterprise plans.

Enable single sign-on (SSO) to authenticate to Honeycomb with your Microsoft Entra account. Microsoft Entra ID is formerly known as Microsoft Azure Active Directory (Azure AD).

In Honeycomb, Team Owners can require that their team members authenticate using Single Sign-On (SSO) via an external SAML 2.0 Identity Provider, such as Okta or Microsoft Entra ID.

When you configure SSO via an external SAML Identity Provider, you must get information generated during the configuration process from both Honeycomb and your Identity Provider. Because you will also need to enter information into both Honeycomb and your Identity Provider’s user interface, you will need to use more than one browser tab.

Note
In this guide, we demonstrate a SAML Identity Provider configuration using Microsoft Entra ID. If you are using a different SAML Identity Provider, field names and locations may vary, so you will need to locate the corresponding fields in your Identity Provider’s user interface.

Before You Begin 

To successfully complete this guide, you should have an active Microsoft Entra account.

Enable SSO in Honeycomb 

To begin, enable SSO in Honeycomb, which will allow you to get Honeycomb’s Service Provider settings:

  1. In Honeycomb, navigate to Account > Team Settings, and select the Team Details view.

  2. Locate the Single Sign-On section, which displays any previous SSO configuration.

  3. If your team is already configured to use Google SSO, turn off Google SSO. Turn off SSO

  4. Select Enable SSO. Enable SSO

  5. In the SSO provider configuration modal, select SAML/Okta, then select Next.

  6. Locate the settings required by your Identity Provider. Information you will need includes:

    • Service Provider Issuer
    • Service Provider ACS URL
    • Service Provider Certificate (optional, used when your Identity Provider requires encrypted SAML assertions or signed authentication requests)

    Leave this browser tab open, so you will have the information you need to configure your Identity Provider.

    SAML Honeycomb settings screen
    Note
    Honeycomb generates a unique identifier based on your team name. You will see the identifier appended to the values in the Service Provider Issuer and Service Provider ACS URL fields. For this example, the team name is Crewbacca, so the team’s generated identifier is crewbacca.

Configure Your Identity Provider 

Next, configure your Identity Provider to work with Honeycomb. To do this, you must set up SSO for an application integration in your Identity Provider, and then specify which users should be able to use SSO to log in to your team in Honeycomb.

When you configure your Identity Provider, you must provide exact configuration values for your SAML attributes.

Note
In this section, we demonstrate a typical SAML Identity Provider configuration using Microsoft Entra ID. If you are using a different SAML Identity Provider, field names and locations may vary, so you will need to locate the corresponding fields in your Identity Provider’s user interface.

Set Up SSO 

Set up SSO in your Identity Provider using the Service Provider settings you retrieved from Honeycomb:

  1. Open a new browser tab, and go to your Microsoft Entra admin center.

  2. In Microsoft Entra, go to Dashboard > Enterprise Applications > Overview.

  3. Select + New application and a Browse Microsoft Entra Gallery display appears.

  4. Select Create your own application.

  5. When prompted, name your app in the format “Honeycomb [Your Team Name]” and select the Integrate any other applications you don’t find in the gallery (Non-gallery) radio option. Microsoft Entra Create your own application modal

    Tip

    Because you can have multiple Honeycomb teams connected to SSO and separate SSO configurations for each Honeycomb team, ensure your chosen application name clearly defines which team uses this SSO integration. The application name will appear in your application directory after installation.

    For this example, our team name is Crewbacca, so we name our application Honeycomb [Crewbacca].

  6. Assign yourself access to the new Honeycomb enterprise application. Your user account must be assigned to the Honeycomb application in order to finish configuration. You may assign other users to the application now, or you can wait and add more users later.

  7. Select SAML as the single sign-on method.

  8. For Set up Single Sign-On with SAML, locate the Basic SAML Configuration section, and enter your retrieved Honeycomb setting values according to the following mapping:

    Microsoft Entra ID Field Honeycomb Setting Name
    Identifier (Entity ID) Service Provider Issuer/Entity ID
    Reply URL (Assertion Consumer Service URL) Service Provider ACS URL
    Sign on URL the ui.honeycomb.io URL to manually visit in the Single Sign-On section

    Tip
    To find the Sign on URL value for Microsoft Entra ID, navigate in Honeycomb to Account > Team Settings > Team Details, and copy the listed ui.honeycomb.io URL to manually visit in the Single Sign-On section.

  9. Locate the Attribute & Claims section, and add the following values:

    Important
    The values for SAML attributes must be the exact values we provide below. For example, for the Email attribute, enter user.mail–not the actual email address of the user.
    Attribute Name Value
    Email user.mail
    FirstName user.givenname
    LastName user.surname
    Unique User Identifier user.userprincipalname

    All attributes should have no namespace.

    Leave advanced SAML claims options as their defaults:

    Advanced SAML Claims Option Value
    Include attribute name format Disabled
    Issuer with application ID Disabled
    Audience override none

When you have finished, your complete Microsoft Entra SAML configuration for Honeycomb should look similar to our example:

Complete Microsoft Entra SAML configuration for Honeycomb

Configure Honeycomb 

Finally, configure SSO in Honeycomb using the Identity Provider settings you retrieved from your Identity Provider.

Microsoft Entra provides a metadata URL, which allows Honeycomb to fetch the settings it needs and update them automatically.

To automatically configure SSO in Honeycomb:

  1. Switch to the browser tab that contains your Honeycomb Service Provider settings.
  2. In Microsoft Entra, locate App Federation Metadata Url under the SAML Certificates section and copy it.
  3. In Honeycomb, paste the App Federation Metadata Url you copied from your Identity Provider into Identity Provider Metadata URL.
  4. Select Convert to SAML SSO Team.

You should see the SAML authentication flow begin. If successful, your team should now be able to use SAML SSO to authenticate.

Log In to Honeycomb Using Your Microsoft Entra ID/ SAML SSO Account 

After establishing configuration for Microsoft Entra ID/ SAML SSO, view instructions on How to log in to Honeycomb using SAML SSO.

Troubleshooting 

To explore common issues when configuring access, visit Common Issues with Configuring Honeycomb: Microsoft Entra ID SSO.

On this page: