diff --git a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java
index 0a06993d3d..0f1622d98f 100644
--- a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java
+++ b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/CBEmbeddedSecurityController.java
@@ -1318,17 +1318,19 @@ public SMAuthInfo authenticate(
                 if (SMAuthProviderFederated.class.isAssignableFrom(authProviderInstance.getClass())) {
                     //async auth
                     var authProviderFederated = (SMAuthProviderFederated) authProviderInstance;
-                    var redirectUrl = buildRedirectLink(authProviderFederated.getSignInLink(authProviderConfigurationId, Map.of()),
+                    String signInLink = buildRedirectLink(authProviderFederated.getSignInLink(authProviderConfigurationId, Map.of()),
                         authAttemptId);
+                    String signOutLink = authProviderFederated.getSignOutLink(authProviderConfigurationId, Map.of());
                     Map<SMAuthConfigurationReference, Object> authData = Map.of(new SMAuthConfigurationReference(authProviderId,
                         authProviderConfigurationId), filteredUserCreds);
-                    return SMAuthInfo.inProgress(authAttemptId, redirectUrl, authData);
+                    return SMAuthInfo.inProgress(authAttemptId, signInLink, signOutLink, authData);
                 }
                 txn.commit();
                 return finishAuthentication(
                     SMAuthInfo.inProgress(
                         authAttemptId,
                         null,
+                        null,
                         Map.of(new SMAuthConfigurationReference(authProviderId, authProviderConfigurationId), securedUserIdentifyingCredentials)
                     ),
                     true,
@@ -1521,7 +1523,8 @@ private SMAuthInfo getAuthStatus(@NotNull String authId, boolean readExpiredData
                 }
             }
             Map<SMAuthConfigurationReference, Object> authData = new LinkedHashMap<>();
-            String redirectUrl = null;
+            String signInLink = null;
+            String signOutLink = null;
 
             try (PreparedStatement dbStat = dbCon.prepareStatement(
                 database.normalizeTableNames(
@@ -1540,7 +1543,10 @@ private SMAuthInfo getAuthStatus(@NotNull String authId, boolean readExpiredData
                             WebAuthProviderDescriptor authProviderDescriptor = getAuthProvider(authProviderId);
                             var authProviderInstance = authProviderDescriptor.getInstance();
                             if (SMAuthProviderFederated.class.isAssignableFrom(authProviderInstance.getClass())) {
-                                redirectUrl = buildRedirectLink(((SMAuthProviderFederated) authProviderInstance).getRedirectLink(
+                                signInLink = buildRedirectLink(((SMAuthProviderFederated) authProviderInstance).getRedirectLink(
+                                    authProviderConfiguration,
+                                    Map.of()), authId);
+                                signOutLink = buildRedirectLink(((SMAuthProviderFederated) authProviderInstance).getSignOutLink(
                                     authProviderConfiguration,
                                     Map.of()), authId);
                             }
@@ -1554,7 +1560,7 @@ private SMAuthInfo getAuthStatus(@NotNull String authId, boolean readExpiredData
             if (smAuthStatus != SMAuthStatus.SUCCESS) {
                 switch (smAuthStatus) {
                     case IN_PROGRESS:
-                        return SMAuthInfo.inProgress(authId, redirectUrl, authData);
+                        return SMAuthInfo.inProgress(authId, signInLink, signOutLink, authData);
                     case ERROR:
                         return SMAuthInfo.error(authId, authError);
                     case EXPIRED: