Skip to main content
Spendesk is updating its SAML SSO endpoints
Updated over a week ago

Spendesk is phasing out the current version of its SAML SSO endpoints, and on June 30th 2024 will no longer respond to them.

We’re making this change so we can improve the speed and security of our website and deliver a better experience for our customers.

This will require a small update on your organisation’s part, but the good news is that it will only take a couple of minutes.

What’s changing?

The Identifier and Reply Url are changing format from[customerId]/callback to[customerId]/callback.

Okta/OneLogin users

As Spendesk provides official connectors for these two Identity Providers, if you’re using them, there’s nothing further that you need to do. You’ll benefit from an automatic update.

Azure users, Google users, or users of another Identity Provider

The following example is for Azure ⬇️ , but will work the same for other Identity Providers.


After you’ve updated the integration on your Identity Provider by following the steps below, you’ll need the Organisation Owner, or an Account Owner/Admin on any one of your companies to log in in order to validate the change.

Until then, other members of your organisation will see errors when they try to log in. This is normal and will be resolved upon a successful login by the Organisation Owner/Account Owner/Admin.

This entire process should take no more than a couple of minutes.

Step 1

Log into your Identity Provider, select your Spendesk integration, then click on Single Sign-on.

In Azure, your integration can be found under Home > Enterprise applications.

Step 2

Click on the Edit button to edit the Basic SAML Configuration.

Step 3

Update both the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) to the new format. It should look like "[customerId]/callback".

Your Customer Id is the same as before and shouldn’t change.

If you’d prefer to edit these properties by uploading a metadata file, you can find your organisation’s file at[customerId]/metadata .

Step 4

(Optional) If you have a default Relay State (where to redirect after a successful login) set in the form of, please update it to

Step 5

On a desktop browser, the Organisation Owner or an Account Owner/Admin for any company in the organisation should visit and click on the SAML SSO button to log in.

Step 6

Enter your email address in the following form:

Step 7

When presented with this screen, click on "Yes, we’ve made the change".

Step 8

Once you’ve successfully logged in, congratulations! Your organisation is now on the new endpoint, and there’s nothing more to do. 🎉

If you encounter a problem, please first verify your URLs, then don’t hesitate to contact support (using our Chat).

Did this answer your question?