diff --git a/changes/allow-short-idp-name b/changes/allow-short-idp-name
new file mode 100644
index 0000000000..dade48da78
--- /dev/null
+++ b/changes/allow-short-idp-name
@@ -0,0 +1 @@
+* Allow IdP name to be configured to a value shorter than 4 characters.
\ No newline at end of file
diff --git a/server/service/appconfig.go b/server/service/appconfig.go
index 34378f930d..f3f40f4d75 100644
--- a/server/service/appconfig.go
+++ b/server/service/appconfig.go
@@ -210,10 +210,6 @@ func validateSSOSettings(p fleet.AppConfig, existing *fleet.AppConfig, invalid *
 			if existing.SSOSettings.IDPName == "" {
 				invalid.Append("idp_name", "required")
 			}
-		} else {
-			if len(p.SSOSettings.IDPName) < 4 {
-				invalid.Append("idp_name", "must be 4 or more characters")
-			}
 		}
 	}
 }
@@ -365,7 +361,8 @@ func connectTLS(ctx context.Context, serverURL *url.URL) (*tls.Conn, error) {
 	// if that fails, use insecure
 	dial := func(insecure bool) (*tls.Conn, error) {
 		conn, err := tls.Dial("tcp", hostport, &tls.Config{
-			InsecureSkipVerify: insecure})
+			InsecureSkipVerify: insecure,
+		})
 		if err != nil {
 			return nil, ctxerr.Wrap(ctx, err, "dial tls")
 		}
diff --git a/server/service/appconfig_test.go b/server/service/appconfig_test.go
index d32f5ad6b5..7741e80cfd 100644
--- a/server/service/appconfig_test.go
+++ b/server/service/appconfig_test.go
@@ -227,7 +227,6 @@ func TestSSONotPresent(t *testing.T) {
 	var p fleet.AppConfig
 	validateSSOSettings(p, &fleet.AppConfig{}, invalid)
 	assert.False(t, invalid.HasErrors())
-
 }
 
 func TestNeedFieldsPresent(t *testing.T) {
@@ -245,6 +244,22 @@ func TestNeedFieldsPresent(t *testing.T) {
 	assert.False(t, invalid.HasErrors())
 }
 
+func TestShortIDPName(t *testing.T) {
+	invalid := &fleet.InvalidArgumentError{}
+	config := fleet.AppConfig{
+		SSOSettings: fleet.SSOSettings{
+			EnableSSO:   true,
+			EntityID:    "fleet",
+			IssuerURI:   "http://issuer.idp.com",
+			MetadataURL: "http://isser.metadata.com",
+			// A customer once found the Fleet server erroring when they used "SSO" for their IdP name.
+			IDPName: "SSO",
+		},
+	}
+	validateSSOSettings(config, &fleet.AppConfig{}, invalid)
+	assert.False(t, invalid.HasErrors())
+}
+
 func TestMissingMetadata(t *testing.T) {
 	invalid := &fleet.InvalidArgumentError{}
 	config := fleet.AppConfig{