diff --git a/backend/src/ee/routes/v1/sso.ts b/backend/src/ee/routes/v1/sso.ts
index baa75d505c..24f0d36a17 100644
--- a/backend/src/ee/routes/v1/sso.ts
+++ b/backend/src/ee/routes/v1/sso.ts
@@ -13,7 +13,10 @@ router.get(
     const options = {
         failureRedirect: "/",
         additionalParams: {
-          RelayState: req.query.callback_port ?? ""
+          RelayState: JSON.stringify({
+            spInitiated: true,
+            callbackPort: req.query.callback_port ?? ""
+          })
         },
     };
     passport.authenticate("saml", options)(req, res, next);
diff --git a/backend/src/utils/auth.ts b/backend/src/utils/auth.ts
index 5681a36efd..803004f2c5 100644
--- a/backend/src/utils/auth.ts
+++ b/backend/src/utils/auth.ts
@@ -312,7 +312,9 @@ const initializePassport = async () => {
         }
         
         if (ssoConfig.authProvider.toString() === AuthMethod.AZURE_SAML.toString()) {
-          samlConfig.audience = `spn:${ssoConfig.issuer}`;
+          if (req.body.RelayState && JSON.parse(req.body.RelayState).spInitiated) {
+            samlConfig.audience = `spn:${ssoConfig.issuer}`;
+          }
         }
         
         req.ssoConfig = ssoConfig;
@@ -407,7 +409,7 @@ const initializePassport = async () => {
           authMethod: req.ssoConfig.authProvider,
           isUserCompleted,
           ...(req.body.RelayState ? {
-            callbackPort: req.body.RelayState as string
+            callbackPort: JSON.parse(req.body.RelayState).callbackPort as string
           } : {})
         },
         expiresIn: await getJwtProviderAuthLifetime(),
diff --git a/docs/documentation/platform/sso/azure.mdx b/docs/documentation/platform/sso/azure.mdx
index 7c082b9712..b280feaa9e 100644
--- a/docs/documentation/platform/sso/azure.mdx
+++ b/docs/documentation/platform/sso/azure.mdx
@@ -63,12 +63,17 @@ description: "Configure Azure SAML for Infisical SSO"
 
 7. Get IdP values:
 
-Back in the **Set up Single Sign-On with SAML** screen, copy the **Login URL**, **Azure AD Identifier** and **SAML Certificate** to use when finishing configuring Azure SAML in Infisical.
+In the **Set up Single Sign-On with SAML** screen, copy the **Login URL** and **SAML Certificate** to use when finishing configuring Azure SAML in Infisical.
 
-Back in Infisical, set **Login URL** and **Azure AD Identifier** from above. Once you've done that, press **Update** to complete the required configuration.
+![Azure SAML identity provider values 1](../../../images/sso/azure/idp-values.png)
 
-![Azure SAML identity provider values](../../../images/sso/azure/idp-values.png)
-![Azure SAML paste identity provider values](../../../images/sso/azure/idp-values-2.png)
+In the **Properties** screen, copy the **Application ID** to use when finishing configuring Azure SAML in Infisical.
+
+![Azure SAML identity provider values 2](../../../images/sso/azure/idp-values-2.png)
+
+Back in Infisical, set **Login URL**, **Azure Application ID**, and **SAML Certificate** from above. Once you've done that, press **Update** to complete the required configuration.
+
+![Azure SAML paste identity provider values](../../../images/sso/azure/idp-values-3.png)
 
 <Note>
 When pasting the certificate into Infisical, you'll want to retain `-----BEGIN
diff --git a/docs/images/sso/azure/idp-values-2.png b/docs/images/sso/azure/idp-values-2.png
index e95b1781ca..30b87da12a 100644
Binary files a/docs/images/sso/azure/idp-values-2.png and b/docs/images/sso/azure/idp-values-2.png differ
diff --git a/docs/images/sso/azure/idp-values-3.png b/docs/images/sso/azure/idp-values-3.png
new file mode 100644
index 0000000000..d534f1b760
Binary files /dev/null and b/docs/images/sso/azure/idp-values-3.png differ
diff --git a/frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/SSOModal.tsx b/frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/SSOModal.tsx
index a6655c546a..813c1741dd 100644
--- a/frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/SSOModal.tsx
+++ b/frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/SSOModal.tsx
@@ -143,8 +143,8 @@ export const SSOModal = ({
                     entityId: "Identifier (Entity ID)",
                     entryPoint: "Login URL",
                     entryPointPlaceholder: "https://login.microsoftonline.com/xxx/saml2",
-                    issuer: "Azure AD Identifier",
-                    issuerPlaceholder: "https://sts.windows.net/xxx/"
+                    issuer: "Azure Application ID",
+                    issuerPlaceholder: "abc-def-ghi-jkl-mno"
                 });
             case AuthProvider.JUMPCLOUD_SAML:
                 return ({