diff --git a/internal/api/saml.go b/internal/api/saml.go
index f32d4436d..595d03ef2 100644
--- a/internal/api/saml.go
+++ b/internal/api/saml.go
@@ -40,6 +40,11 @@ func (a *API) getSAMLServiceProvider(identityProvider *saml.EntityDescriptor, id
 
 	externalURL.Path += "sso/"
 
+	entityID := ""
+	if identityProvider != nil {
+		entityID = identityProvider.EntityID
+	}
+
 	provider := samlsp.DefaultServiceProvider(samlsp.Options{
 		URL:               *externalURL,
 		Key:               a.config.SAML.RSAPrivateKey,
@@ -47,6 +52,7 @@ func (a *API) getSAMLServiceProvider(identityProvider *saml.EntityDescriptor, id
 		SignRequest:       true,
 		AllowIDPInitiated: idpInitiated,
 		IDPMetadata:       identityProvider,
+		EntityID:          entityID,
 	})
 
 	provider.AuthnNameIDFormat = saml.PersistentNameIDFormat