diff --git a/docs/dev/saml.rst b/docs/dev/saml.rst
index 4c0c132d..f9468408 100644
--- a/docs/dev/saml.rst
+++ b/docs/dev/saml.rst
@@ -13,6 +13,10 @@ and add REDASH_SAML_LOCAL_METADATA_PATH instead of REDASH_SAML_METADATA_URL, eg
 And an optional REDASH_SAML_CALLBACK_SERVER_NAME which contains the
  server name of the redash server for the callbacks from the SAML provider (eg demo.redash.io)
 
+And if you want to specify nameid format, add REDASH_SAML_NAMEID_FORMAT config value,
+eg urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+default is urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+
 If you want to specify entityid in AuthnRequest,
 add REDASH_SAML_ENTITY_ID config value, eg http://demo.redash.io/saml/callback
 
diff --git a/docs/settings.rst b/docs/settings.rst
index 824e2930..7328ca7c 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -30,6 +30,7 @@ The follow is a list of settings and what they control:
 - **REDASH_SAML_METADATA_URL**: *default ""*
 - **REDASH_SAML_LOCAL_METADATA_PATH**: *default ""*
 - **REDASH_SAML_CALLBACK_SERVER_NAME**: *default ""*
+- **REDASH_SAML_NAMEID_FORMAT**: *default ""*
 - **REDASH_SAML_ENTITY_ID**: *default ""*
 - **REDASH_STATIC_ASSETS_PATH**: *default "../rd_ui/app/"*
 - **REDASH_JOB_EXPIRY_TIME**: *default 3600 * 6*
diff --git a/redash/authentication/saml_auth.py b/redash/authentication/saml_auth.py
index 1db1e154..a0b64470 100644
--- a/redash/authentication/saml_auth.py
+++ b/redash/authentication/saml_auth.py
@@ -7,6 +7,7 @@ from redash import settings
 from saml2 import BINDING_HTTP_POST, BINDING_HTTP_REDIRECT, entity
 from saml2.client import Saml2Client
 from saml2.config import Config as Saml2Config
+from saml2.saml import NAMEID_FORMAT_TRANSIENT
 
 logger = logging.getLogger('saml_auth')
 
@@ -112,7 +113,11 @@ def sp_initiated():
         return redirect(url_for('redash.index'))
 
     saml_client = get_saml_client()
-    reqid, info = saml_client.prepare_for_authenticate()
+    if settings.SAML_NAMEID_FORMAT != "":
+        nameid_format = settings.SAML_NAMEID_FORMAT
+    else:
+        nameid_format = NAMEID_FORMAT_TRANSIENT
+    reqid, info = saml_client.prepare_for_authenticate(nameid_format=nameid_format)
 
     redirect_url = None
     # Select the IdP URL to send the AuthN request to
diff --git a/redash/settings.py b/redash/settings.py
index bfa6bf23..4dfa6543 100644
--- a/redash/settings.py
+++ b/redash/settings.py
@@ -92,6 +92,7 @@ SAML_ENTITY_ID = os.environ.get("REDASH_SAML_ENTITY_ID", "")
 SAML_METADATA_URL = os.environ.get("REDASH_SAML_METADATA_URL", "")
 SAML_LOCAL_METADATA_PATH = os.environ.get("REDASH_SAML_LOCAL_METADATA_PATH", "")
 SAML_LOGIN_ENABLED = SAML_METADATA_URL != "" or SAML_LOCAL_METADATA_PATH != ""
+SAML_NAMEID_FORMAT = os.environ.get("REDASH_SAML_NAMEID_FORMAT", "")
 SAML_CALLBACK_SERVER_NAME = os.environ.get("REDASH_SAML_CALLBACK_SERVER_NAME", "")
 
 # Enables the use of an externally-provided and trusted remote user via an HTTP