Can I change the Destination check login on the incoming SAML assertion?

kairo.tavares · July 15, 2024, 12:41am

Similar to this question:

I want to migrate customers to Auth0 without asking customers to make changes to the existing configuration in their IDP.

To achieve that I need to change the entityId (which I was already able to do in Auth0) and change the check that is done in the Destination field in the SAML incoming assertion.

This is to avoid this issue:

Destination endpoint https://xyz/sp/ACS.saml2 did not match https://abc.us.auth0.com/login/callback?connection=okta-test-me

The question is, can I change the expected Destination endpoint?

Thanks.

ckaynak · April 14, 2026, 8:09pm

We have the exact use case and face with the same problem. Were you able to figure out a migration strategy where Auth0 does not fail on Destination? e.g. whitelisting ACS url on Auth0 side?

ckaynak · April 14, 2026, 10:02pm

We discovered that destinationUrl and recepientUrl can be updated via SDK/API which looks promising with our initial tests.

Topic		Replies	Views
Changing issuer in Auth0 SAML enterprise connection Get Help saml	5	3600	February 22, 2023
Migrate existing sso saml connections to auth0 Get Help login-experience , new-universal-login-experience	6	1068	April 14, 2026
Can't change issuer URL for OIDC enterprise connection Get Help connections , oidc-enterprise-connection	5	1086	May 2, 2024
The ability to change the issuer of a Saml Configuration for an app within Actions Product Feedback sso-integration , actions	0	53	September 30, 2024
SAML Send URL instead of Entity ID Get Help saml	4	5440	April 8, 2018

Can I change the Destination check login on the incoming SAML assertion?

Related topics