Asana general instructions are at  Unfortunately, their manual config instructions are an outdated google doc with screenshots of how to configure ADFS.  Here's the info you need for Shibboleth:


  1. EntityID is
  2. Send the user's email address as the NameID using 
  3. Asana does not support encrypting assertions or responses – don't try it

  4. In Asana, configure the HTTP-Redirect URL as the sign-on URL


Here's metadata for Asana since they don't provide any.


SP Metadata
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="">
        <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="" index="0"/>