<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Invalid Audience with Gitlab SAML Integration
Nov 13, 2025
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

When creating a custom SAML 2.0 integration for GitLab, the following error message is displayed by GitLab upon login:

 

Could not authenticate you from SAML because "Invalid audience. the audience [[Enter Audience URI]], did not match the expected audience [[Enter Audience URI]].

 

Applies To
  • GitLab
  • Security Assertion Markup Language (SAML)
Cause

This is caused by the Audience URI (SP Entity ID), also known as the 'Issuer ID', on the Okta side not matching what is listed on the GitLab side.

Solution

Navigate to the GitLab Admin console and retrieve the GitLab provided Audience URI. Copy this value and navigate back to the Okta Admin console. Then, paste the value into the Audience URI (SP's Entity ID) field, which can be found in the custom SAML application integration section under the General Tab in the SAML Settings

 

Recommended content

Still looking for help?
Loading
Invalid Audience with Gitlab SAML Integration