diff --git a/doc/DEPLOYMENT.md b/doc/DEPLOYMENT.md
index adad1ed4..63cf7320 100644
--- a/doc/DEPLOYMENT.md
+++ b/doc/DEPLOYMENT.md
@@ -327,6 +327,7 @@ ExecStart=/usr/bin/docker run --rm \
   -e "SECRET=YOUR_SESSION_SECRET_HERE" \
   -e "SAML_ID_PROVIDER_ENTRY_POINT_URL=YOUR_ID_PROVIDER_ENTRY_POINT" \
   -e "SAML_ID_PROVIDER_ISSUER=YOUR_ID_PROVIDER_ISSUER" \
+  -e "SAML_ID_PROVIDER_CALLBACK_URL=YOUR_ID_PROVIDER_CALLBACK_URL" \
   -e "SAML_ID_PROVIDER_CERT_PATH=/etc/id_provider.cert" \
   -p %i:3000 \
   devicefarmer/stf:latest \
diff --git a/lib/cli/auth-saml2/index.js b/lib/cli/auth-saml2/index.js
index b6df2bc6..ed937a87 100644
--- a/lib/cli/auth-saml2/index.js
+++ b/lib/cli/auth-saml2/index.js
@@ -34,16 +34,23 @@ module.exports.builder = function(yargs) {
     , default: process.env.SAML_ID_PROVIDER_ISSUER
     , demand: true
     })
+    .option('saml-id-provider-audience', {
+      describe: 'SAML 2.0 identity provider audience.'
+    , type: 'string'
+    , default: process.env.SAML_ID_PROVIDER_AUDIENCE
+    })
     .option('saml-id-provider-cert-path', {
       describe: 'SAML 2.0 identity provider certificate file path.'
     , type: 'string'
     , default: process.env.SAML_ID_PROVIDER_CERT_PATH
+    , demand: true
     })
     .option('saml-id-provider-callback-url', {
       describe: 'SAML 2.0 identity provider callback URL ' +
         'in the form of scheme://host[:port]/auth/saml/callback.'
     , type: 'string'
     , default: process.env.SAML_ID_PROVIDER_CALLBACK_URL
+    , demand: true
     })
     .option('saml-id-provider-want-assertions-signed', {
       describe: 'SAML 2.0 identity provider want assertions signed.'
@@ -91,6 +98,7 @@ module.exports.handler = function(argv) {
     , callbackUrl: argv.samlIdProviderCallbackUrl
     , wantAssertionsSigned: argv.samlIdProviderWantAssertionsSigned
     , wantAuthnResponseSigned: argv.samlIdProviderWantAuthnResponseSigned
+    , audience: argv.samlIdProviderAudience
     }
   })
 }
diff --git a/lib/units/auth/saml2.js b/lib/units/auth/saml2.js
index 343c6f87..b6590982 100644
--- a/lib/units/auth/saml2.js
+++ b/lib/units/auth/saml2.js
@@ -52,22 +52,13 @@ module.exports = function(options) {
   , issuer: options.saml.issuer
   , wantAssertionsSigned: options.saml.wantAssertionsSigned
   , wantAuthnResponseSigned: options.saml.wantAuthnResponseSigned
+  , callbackUrl: options.saml.callbackUrl
+  , idpCert: fs.readFileSync(options.saml.certPath).toString()
   }
 
-  if (options.saml.certPath) {
+  if (options.saml.audience) {
     samlConfig = _.merge(samlConfig, {
-      idpCert: fs.readFileSync(options.saml.certPath).toString()
-    })
-  }
-
-  if (options.saml.callbackUrl) {
-    samlConfig = _.merge(samlConfig, {
-      callbackUrl: options.saml.callbackUrl
-    })
-  }
-  else {
-    samlConfig = _.merge(samlConfig, {
-      path: '/auth/saml/callback'
+      audience: options.saml.audience
     })
   }