diff --git a/enterprise/backend/src/metabase_enterprise/sso/integrations/sso_utils.clj b/enterprise/backend/src/metabase_enterprise/sso/integrations/sso_utils.clj
index c3e8665c6ee604536427e6a4f7651748226de7d2..791ce4f1eea802d772ac37caa3f08fab76339a29 100644
--- a/enterprise/backend/src/metabase_enterprise/sso/integrations/sso_utils.clj
+++ b/enterprise/backend/src/metabase_enterprise/sso/integrations/sso_utils.clj
@@ -59,7 +59,7 @@
     (let [decoded-url (some-> ^String redirect-url (URLDecoder/decode "UTF-8"))
           host        (some-> decoded-url (URI.) (.getHost))
           our-host    (some-> (public-settings/site-url) (URI.) (.getHost))]
-      (api/check-400 (or (nil? decoded-url) (= host our-host))))
+      (api/check-400 (or (nil? decoded-url) (nil? host) (= host our-host))))
     (catch Exception e
       (log/error e "Invalid redirect URL")
       (throw (ex-info (tru "Invalid redirect URL")
diff --git a/enterprise/backend/test/metabase_enterprise/sso/integrations/jwt_test.clj b/enterprise/backend/test/metabase_enterprise/sso/integrations/jwt_test.clj
index e91d1f9f6d4d2f047ccfc19b580bb8713f04a88a..7fac090d4033388caf7ac8ac0b57330053efbb40 100644
--- a/enterprise/backend/test/metabase_enterprise/sso/integrations/jwt_test.clj
+++ b/enterprise/backend/test/metabase_enterprise/sso/integrations/jwt_test.clj
@@ -31,7 +31,7 @@
 (use-fixtures :each disable-other-sso-types)
 
 (def ^:private default-idp-uri      "http://test.idp.metabase.com")
-(def ^:private default-redirect-uri "http://localhost:3000/test")
+(def ^:private default-redirect-uri "/")
 (def ^:private default-jwt-secret   (crypto-random/hex 32))
 
 (defmacro with-sso-jwt-token
diff --git a/enterprise/backend/test/metabase_enterprise/sso/integrations/sso_utils_test.clj b/enterprise/backend/test/metabase_enterprise/sso/integrations/sso_utils_test.clj
new file mode 100644
index 0000000000000000000000000000000000000000..8154a2c66ec7af6909be98c2d3604ac7d63bd24e
--- /dev/null
+++ b/enterprise/backend/test/metabase_enterprise/sso/integrations/sso_utils_test.clj
@@ -0,0 +1,17 @@
+(ns metabase-enterprise.sso.integrations.sso-utils-test
+  (:require [clojure.test :refer :all]
+            [metabase-enterprise.sso.integrations.sso-utils :as sso-utils]))
+
+(deftest ^:parallel check-sso-redirect-test
+  (testing "check-sso-redirect properly validates redirect URIs"
+    (are [uri] (sso-utils/check-sso-redirect uri)
+      "/"
+      "/test"
+      "localhost"
+      "localhost:3000"
+      "http://localhost:3000"))
+
+  (testing "check-sso-redirect- throws an error for invalid redirect URIs"
+    (are [uri] (thrown-with-msg? clojure.lang.ExceptionInfo #"Invalid redirect URL" (sso-utils/check-sso-redirect uri))
+      "http://example.com"
+      "//example.com")))