diff --git a/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts b/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts
index 5b48d070c..28aef8f7d 100644
--- a/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts
+++ b/packages/schemas/alterations/next-1731901231-add-saml-application-secrets-table.ts
@@ -13,18 +13,18 @@ const alteration: AlterationScript = {
           references tenants (id) on update cascade on delete cascade,
         application_id varchar(21) not null
           references applications (id) on update cascade on delete cascade,
-        private_key text not null,
-        certificate text not null,
+        private_key varchar not null,
+        certificate varchar not null,
         created_at timestamptz not null default now(),
         expires_at timestamptz not null,
         active boolean not null,
-        primary key (id),
+        primary key (tenant_id, application_id, id),
         constraint application_type
           check (check_application_type(application_id, 'SAML'))
       );
 
       create unique index saml_application_secrets__unique_active_secret
-        on saml_application_secrets (application_id, active)
+        on saml_application_secrets (tenant_id, application_id, active)
         where active;
     `);
     await applyTableRls(pool, 'saml_application_secrets');
diff --git a/packages/schemas/tables/saml_application_secrets.sql b/packages/schemas/tables/saml_application_secrets.sql
index 998e8bf41..8725ab1d8 100644
--- a/packages/schemas/tables/saml_application_secrets.sql
+++ b/packages/schemas/tables/saml_application_secrets.sql
@@ -6,17 +6,17 @@ create table saml_application_secrets (
     references tenants (id) on update cascade on delete cascade,
   application_id varchar(21) not null
     references applications (id) on update cascade on delete cascade,
-  private_key text not null,
-  certificate text not null,
+  private_key varchar not null,
+  certificate varchar not null,
   created_at timestamptz not null default now(),
   expires_at timestamptz not null,
   active boolean not null,
-  primary key (id),
+  primary key (tenant_id, application_id, id),
   constraint application_type
     check (check_application_type(application_id, 'SAML'))
 );
 
 -- Only one active secret per application
 create unique index saml_application_secrets__unique_active_secret
-  on saml_application_secrets (application_id, active)
+  on saml_application_secrets (tenant_id, application_id, active)
   where active;