...
- IdP Certificate - It does not support SAML encryption, but it does support SAML signing, therefore you must provided provide your SAML signing certificate (you may only have one if you use it for both purposes)
- IdP Binding - set to Redirect
- User Login Setting - This will come down to your individual deployment. Many may choose to use Email address or another attribute.
- IdP Issuer - is the entityID of your IdP
- IdP Login URL - this is your HTTP-Redirect binding (the Location shown in your IdP metadata under SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")
...