Enable single sign-on (SSO) to authenticate to Honeycomb with your Microsoft Entra account. Microsoft Entra ID is formerly known as Microsoft Azure Active Directory (Azure AD).
In Honeycomb, Team Owners can require that their team members authenticate using Single Sign-On (SSO) via an external SAML 2.0 Identity Provider, such as Okta or Microsoft Entra ID.
When you configure SSO via an external SAML Identity Provider, you must get information generated during the configuration process from both Honeycomb and your Identity Provider. Because you will also need to enter information into both Honeycomb and your Identity Provider’s user interface, you will need to use more than one browser tab.
To successfully complete this guide, you should have an active Microsoft Entra account.
To begin, enable SSO in Honeycomb, which will allow you to get Honeycomb’s Service Provider settings:
In Honeycomb, navigate to Account > Team Settings, and select the Team Details view.
Locate the Single Sign-On section, which displays any previous SSO configuration.
If your team is already configured to use Google SSO, turn off Google SSO.
Select Enable SSO.
In the SSO provider configuration modal, select SAML/Okta, then select Next.
Locate the settings required by your Identity Provider. Information you will need includes:
Leave this browser tab open, so you will have the information you need to configure your Identity Provider.
Crewbacca, so the team’s generated identifier is crewbacca. Next, configure your Identity Provider to work with Honeycomb. To do this, you must set up SSO for an application integration in your Identity Provider, and then specify which users should be able to use SSO to log in to your team in Honeycomb.
When you configure your Identity Provider, you must provide exact configuration values for your SAML attributes.
Set up SSO in your Identity Provider using the Service Provider settings you retrieved from Honeycomb:
Open a new browser tab, and go to your Microsoft Entra admin center.
In Microsoft Entra, go to Dashboard > Enterprise Applications > Overview.
Select + New application and a Browse Microsoft Entra Gallery display appears.
Select Create your own application.
When prompted, name your app in the format “Honeycomb [Your Team Name]” and select the Integrate any other applications you don’t find in the gallery (Non-gallery) radio option.
Because you can have multiple Honeycomb teams connected to SSO and separate SSO configurations for each Honeycomb team, ensure your chosen application name clearly defines which team uses this SSO integration. The application name will appear in your application directory after installation.
For this example, our team name is Crewbacca, so we name our application Honeycomb [Crewbacca].
Assign yourself access to the new Honeycomb enterprise application. Your user account must be assigned to the Honeycomb application in order to finish configuration. You may assign other users to the application now, or you can wait and add more users later.
Select SAML as the single sign-on method.
For Set up Single Sign-On with SAML, locate the Basic SAML Configuration section, and enter your retrieved Honeycomb setting values according to the following mapping:
| Microsoft Entra ID Field | Honeycomb Setting Name |
|---|---|
| Identifier (Entity ID) | Service Provider Issuer/Entity ID |
| Reply URL (Assertion Consumer Service URL) | Service Provider ACS URL |
| Sign on URL | the ui.honeycomb.io URL to manually visit in the Single Sign-On section |
ui.honeycomb.io URL to manually visit in the Single Sign-On section.Locate the Attribute & Claims section, and add the following values:
Email attribute, enter user.mail–not the actual email address of the user.| Attribute Name | Value |
|---|---|
Email |
user.mail |
FirstName |
user.givenname |
LastName |
user.surname |
Unique User Identifier |
user.userprincipalname |
All attributes should have no namespace.
Leave advanced SAML claims options as their defaults:
| Advanced SAML Claims Option | Value |
|---|---|
Include attribute name format |
Disabled |
Issuer with application ID |
Disabled |
Audience override |
none |
When you have finished, your complete Microsoft Entra SAML configuration for Honeycomb should look similar to our example:
Finally, configure SSO in Honeycomb using the Identity Provider settings you retrieved from your Identity Provider.
Microsoft Entra provides a metadata URL, which allows Honeycomb to fetch the settings it needs and update them automatically.
To automatically configure SSO in Honeycomb:
You should see the SAML authentication flow begin. If successful, your team should now be able to use SAML SSO to authenticate.
After establishing configuration for Microsoft Entra ID/ SAML SSO, view instructions on How to log in to Honeycomb using SAML SSO.
To explore common issues when configuring access, visit Common Issues with Configuring Honeycomb: Microsoft Entra ID SSO.