@idahome I think Saml needs to be updated in Sanbox for the new url. I have the same issue, but haven’t had tome to fully trouble shoot. We’ve always removed Saml in Sandbox. So I’m getting around this by removing Saml in Sanbox by role; then updating the primary email to something different than the primary email in Production. This allows the user to log directly into Sandbox.