SSO Troubleshooting: Not a valid audience for this response
Learn how to resolve an audience restriction error during SSO
What This Error Means
During single sign‑on, a learner successfully authenticates with their identity provider (IdP) but sees the following error after returning to Foundry:
https://admin.fifoundry/{org-slug}/saml/sp is not a valid audience for this Response –
Valid audiences: https://fifoundry/{org-slug}/saml/sp
In this message, {org-slug} represents your organization’s unique slug.
Why This Happens
This error occurs when the audience restriction configured in your identity provider does not match the Foundry EntityID expected by Foundry.
The identity provider is sending a SAML response intended for a different audience than the one Foundry is configured to accept.
How to Resolve the Issue
- Open your identity provider configuration for the Foundry service provider
- Locate the audience restriction or audience URI setting
- Enter the Foundry EntityID, which is the first URL shown in the error message
- Replace the placeholder
{org-slug}with your organization’s actual slug
After updating the audience value, save the configuration and retry the SSO login.