Hanzo
PlatformHanzo IAMProvidersSAML

Custom SAML

Connect any SAML 2.0 IdP to Hanzo IAM as the SP.

Hanzo IAM can act as a Service Provider (SP) and connect to any SAML 2.0 Identity Provider (IdP).

Configure your IdP

In your IdP (e.g. Google Workspace, Azure AD, Okta), register Hanzo IAM as an SP with:

  • ACS URL: https://<your-iam-domain>/api/acs (e.g. https://door.example.com/api/acs). This endpoint accepts POST only.
  • Entity ID (SP Entity ID): use the same URL as the ACS URL.

Replace <your-iam-domain> with your Hanzo IAM host (e.g. http://localhost:8000http://localhost:8000/api/acs).

Get IdP metadata

From your IdP, obtain the metadata XML (EntityID, SSO endpoint, etc.). Some IdPs (e.g. Keycloak) need SP details before providing metadata.

Configure the SAML Custom provider in Hanzo IAM

ProvidersAdd. Set Category to SAML, Type to Custom. Set Favicon URL (IdP logo) and paste the IdP Metadata. Click Parse to fill Endpoint, IdP, Issuer URL, SP ACS URL, and SP Entity ID. Save.

FieldDescription
CategorySAML
TypeCustom
Favicon URLIdP logo URL
MetadataIdP metadata XML

configure saml custom provider

Add the SAML provider to the application’s Providers list.

add saml custom provider to application

How is this guide?

Last updated on

Alibaba Cloud IDaaS SAML

Use Alibaba Cloud IDaaS (EIAM) as a SAML IdP for Hanzo IAM.

Email provider overview

Configure SMTP for verification emails and password reset.

On this page

Configure your IdP
Get IdP metadata
Configure the SAML Custom provider in Hanzo IAM