diff --git a/lib/cli/auth-saml2/index.js b/lib/cli/auth-saml2/index.js
index 5a75e900..1c7763f7 100644
--- a/lib/cli/auth-saml2/index.js
+++ b/lib/cli/auth-saml2/index.js
@@ -35,6 +35,12 @@ module.exports.builder = function(yargs) {
     , type: 'string'
     , default: process.env.SAML_ID_PROVIDER_CERT_PATH
     })
+    .option('saml-id-provider-callback-url', {
+      describe: 'SAML 2.0 identity provider callback URL ' +
+        'in the form of scheme://host[:port]/auth/saml/callback.'
+    , type: 'string'
+    , default: process.env.SAML_ID_PROVIDER_CALLBACK_URL
+    })
     .option('secret', {
       alias: 's'
     , describe: 'The secret to use for auth JSON Web Tokens. Anyone who ' +
@@ -68,6 +74,7 @@ module.exports.handler = function(argv) {
       entryPoint: argv.samlIdProviderEntryPointUrl
     , issuer: argv.samlIdProviderIssuer
     , certPath: argv.samlIdProviderCertPath
+    , callbackUrl: argv.samlIdProviderCallbackUrl
     }
   })
 }
diff --git a/lib/units/auth/saml2.js b/lib/units/auth/saml2.js
index f3c273f2..bdd6939d 100644
--- a/lib/units/auth/saml2.js
+++ b/lib/units/auth/saml2.js
@@ -33,8 +33,7 @@ module.exports = function(options) {
   }
 
   var samlConfig = {
-    path: '/auth/saml/callback'
-  , entryPoint: options.saml.entryPoint
+    entryPoint: options.saml.entryPoint
   , issuer: options.saml.issuer
   }
 
@@ -44,6 +43,17 @@ module.exports = function(options) {
     })
   }
 
+  if (options.saml.callbackUrl) {
+    samlConfig = _.merge(samlConfig, {
+      callbackUrl: options.saml.callbackUrl
+    })
+  }
+  else {
+    samlConfig = _.merge(samlConfig, {
+      path: '/auth/saml/callback'
+    })
+  }
+
   passport.use(new SamlStrategy(samlConfig, verify))
 
   app.use(passport.authenticate('saml', {