diff --git a/packages/cli/src/sso/saml/routes/saml.controller.ee.ts b/packages/cli/src/sso/saml/routes/saml.controller.ee.ts
index 7e6d026f0c611..28b9d3c5223f9 100644
--- a/packages/cli/src/sso/saml/routes/saml.controller.ee.ts
+++ b/packages/cli/src/sso/saml/routes/saml.controller.ee.ts
@@ -16,6 +16,7 @@ import type { PostBindingContext } from 'samlify/types/src/entity';
 import { isSamlLicensedAndEnabled } from '../samlHelpers';
 import type { SamlLoginBinding } from '../types';
 import { AuthenticatedRequest } from '@/requests';
+import { getServiceProviderEntityId, getServiceProviderReturnUrl } from '../serviceProvider.ee';
 
 @RestController('/sso/saml')
 export class SamlController {
@@ -35,7 +36,11 @@ export class SamlController {
 	@Get(SamlUrls.config, { middlewares: [samlLicensedOwnerMiddleware] })
 	async configGet(req: AuthenticatedRequest, res: express.Response) {
 		const prefs = this.samlService.samlPreferences;
-		return res.send(prefs);
+		return res.send({
+			...prefs,
+			entityID: getServiceProviderEntityId(),
+			returnUrl: getServiceProviderReturnUrl(),
+		});
 	}
 
 	/**
diff --git a/packages/cli/src/sso/saml/serviceProvider.ee.ts b/packages/cli/src/sso/saml/serviceProvider.ee.ts
index 4c80af329043a..5d992830120a0 100644
--- a/packages/cli/src/sso/saml/serviceProvider.ee.ts
+++ b/packages/cli/src/sso/saml/serviceProvider.ee.ts
@@ -7,11 +7,19 @@ import type { SamlPreferences } from './types/samlPreferences';
 
 let serviceProviderInstance: ServiceProviderInstance | undefined;
 
+export function getServiceProviderEntityId(): string {
+	return getInstanceBaseUrl() + SamlUrls.restMetadata;
+}
+
+export function getServiceProviderReturnUrl(): string {
+	return getInstanceBaseUrl() + SamlUrls.restAcs;
+}
+
 // TODO:SAML: make these configurable for the end user
 export function getServiceProviderInstance(prefs: SamlPreferences): ServiceProviderInstance {
 	if (serviceProviderInstance === undefined) {
 		serviceProviderInstance = ServiceProvider({
-			entityID: getInstanceBaseUrl() + SamlUrls.restMetadata,
+			entityID: getServiceProviderEntityId(),
 			authnRequestsSigned: prefs.authnRequestsSigned,
 			wantAssertionsSigned: prefs.wantAssertionsSigned,
 			wantMessageSigned: prefs.wantMessageSigned,
@@ -21,12 +29,12 @@ export function getServiceProviderInstance(prefs: SamlPreferences): ServiceProvi
 				{
 					isDefault: prefs.acsBinding === 'post',
 					Binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
-					Location: getInstanceBaseUrl() + SamlUrls.restAcs,
+					Location: getServiceProviderReturnUrl(),
 				},
 				{
 					isDefault: prefs.acsBinding === 'redirect',
 					Binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT',
-					Location: getInstanceBaseUrl() + SamlUrls.restAcs,
+					Location: getServiceProviderReturnUrl(),
 				},
 			],
 		});