diff --git a/ssoauth/app_settings/__init__.py b/ssoauth/app_settings/__init__.py
index 301e69e0d4bf73a5a9aa6628d63f1c4987a069bd..215c2cef4970e332a37807610dc100b3c0d8297d 100644
--- a/ssoauth/app_settings/__init__.py
+++ b/ssoauth/app_settings/__init__.py
@@ -40,7 +40,7 @@ ONELOGIN_SETTINGS_TEMPLATE = {
         "NameIDFormat": onelogin_constants.NAMEID_TRANSIENT,
     },
     "idp": {
-        "entityId": IDP_META_URL,
+        "entityId": IDP_ENTITY_ID or IDP_META_URL,
         "x509certMulti": {
             "signing": _SET_ON_RUNTIME or dict(),
             "encryption": _SET_ON_RUNTIME or dict(),
diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py
index 890acbd320ec51f23753bd522d2baf48ba2eadc4..080784cfa557a9c529fdd9756f69530d51d2da54 100644
--- a/ssoauth/app_settings/defaults.py
+++ b/ssoauth/app_settings/defaults.py
@@ -20,6 +20,7 @@ SP_PORT = 443
 SP_SSL = True
 
 IDP_META_URL = None  # e.g. "https://idp-test.hs-hannover.de/idp/shibboleth"
+IDP_ENTITY_ID = IDP_META_URL  # these must normally be the same, but a workaround is required as of 18.03.2024
 IDP_LOGOUT_URL = None  # e.g. "https://idp-test.it.hs-hannover.de/idp/profile/Logout"
 
 SP_KEY = "{project_settings}/cert/sp.key"