diff --git a/ee/api/.chalice/config.json b/ee/api/.chalice/config.json
index 71548c9ce..81c63add8 100644
--- a/ee/api/.chalice/config.json
+++ b/ee/api/.chalice/config.json
@@ -62,6 +62,8 @@
         "idp_x509cert": "",
         "idp_sls_url": "",
         "idp_name": "",
+        "sso_exp_delta_seconds": "86400",
+        "sso_landing": "/login?jwt=%s",
         "invitation_link": "/api/users/invitation?token=%s",
         "change_password_link": "/reset-password?invitation=%s&&pass=%s",
         "iosBucket": "openreplay-ios-images",
diff --git a/ee/api/chalicelib/blueprints/bp_saml.py b/ee/api/chalicelib/blueprints/bp_saml.py
index 47ee1381c..4a0f057df 100644
--- a/ee/api/chalicelib/blueprints/bp_saml.py
+++ b/ee/api/chalicelib/blueprints/bp_saml.py
@@ -31,7 +31,6 @@ def start_sso():
 def process_sso_assertion():
     req = prepare_request(request=app.current_request)
     session = req["cookie"]["session"]
-    request = req['request']
     auth = init_saml_auth(req)
 
     request_id = None
@@ -80,16 +79,21 @@ def process_sso_assertion():
             users.update(tenant_id=t['tenantId'], user_id=existing["id"],
                          changes={"origin": SAML2_helper.get_saml2_provider(), "internal_id": internal_id})
     expiration = auth.get_session_expiration()
-    print("TTL:")
-    print(auth.get_session_expiration())
-    return users.authenticate_sso(email=email, internal_id=internal_id, exp=expiration)
+    expiration = expiration if expiration is not None and expiration > 10 * 60 \
+        else int(environ.get("sso_exp_delta_seconds", 24 * 60 * 60))
+    jwt = users.authenticate_sso(email=email, internal_id=internal_id, exp=expiration)
+    if jwt is None:
+        return {"errors": ["null JWT"]}
+    return Response(
+        status_code=307,
+        body='',
+        headers={'Location': SAML2_helper.get_landing_URL(jwt), 'Content-Type': 'text/plain'})
 
 
 @app.route('/sso/saml2/sls', methods=['GET'], authorizer=None)
 def process_sls_assertion():
     req = prepare_request(request=app.current_request)
     session = req["cookie"]["session"]
-    request = req['request']
     auth = init_saml_auth(req)
     request_id = None
     if 'LogoutRequestID' in session:
diff --git a/ee/api/chalicelib/core/users.py b/ee/api/chalicelib/core/users.py
index 8b5ae591b..f6609aae4 100644
--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@@ -690,14 +690,10 @@ def authenticate_sso(email, internal_id, exp=None):
                    RETURNING jwt_iat;""",
                 {"user_id": r["id"]})
             cur.execute(query)
-            return {
-                "jwt": authorizers.generate_jwt(r['id'], r['tenantId'],
-                                                TimeUTC.datetime_to_timestamp(cur.fetchone()["jwt_iat"]),
-                                                aud=f"front:{helper.get_stage_name()}",
-                                                exp=exp),
-                "email": email,
-                **r
-            }
+            return authorizers.generate_jwt(r['id'], r['tenantId'],
+                                            TimeUTC.datetime_to_timestamp(cur.fetchone()["jwt_iat"]),
+                                            aud=f"front:{helper.get_stage_name()}",
+                                            exp=exp)
     return None
 
 
diff --git a/ee/api/chalicelib/utils/SAML2_helper.py b/ee/api/chalicelib/utils/SAML2_helper.py
index 06ab54f90..25f279d3a 100644
--- a/ee/api/chalicelib/utils/SAML2_helper.py
+++ b/ee/api/chalicelib/utils/SAML2_helper.py
@@ -107,3 +107,7 @@ def is_saml2_available():
 def get_saml2_provider():
     return environ.get("idp_name", "saml2") if is_saml2_available() and len(
         environ.get("idp_name", "saml2")) > 0 else None
+
+
+def get_landing_URL(jwt):
+    return environ["SITE_URL"] + environ.get("sso_landing", "/login?jwt=%s") % jwt