diff --git a/api/types/mfa.go b/api/types/mfa.go
index cd4f2ce7bbfd..bd0f42aa2172 100644
--- a/api/types/mfa.go
+++ b/api/types/mfa.go
@@ -148,7 +148,7 @@ func (d *MFADevice) SetExpiry(exp time.Time) { d.Metadata.SetExpiry(exp) }
 
 // MFAType returns the human-readable name of the MFA protocol of this device.
 func (d *MFADevice) MFAType() string {
-	switch d := d.Device.(type) {
+	switch d.Device.(type) {
 	case *MFADevice_Totp:
 		return "TOTP"
 	case *MFADevice_U2F:
@@ -156,7 +156,7 @@ func (d *MFADevice) MFAType() string {
 	case *MFADevice_Webauthn:
 		return "WebAuthn"
 	case *MFADevice_Sso:
-		return d.Sso.ConnectorType
+		return "SSO"
 	default:
 		return "unknown"
 	}
diff --git a/lib/services/local/users.go b/lib/services/local/users.go
index fe4574177dfc..420eff653155 100644
--- a/lib/services/local/users.go
+++ b/lib/services/local/users.go
@@ -1318,6 +1318,7 @@ func (s *IdentityService) getSSOMFADevice(ctx context.Context, user string) (*ty
 
 	var mfaConnector interface {
 		IsMFAEnabled() bool
+		GetDisplay() string
 	}
 
 	switch cb.Connector.Type {
@@ -1339,7 +1340,7 @@ func (s *IdentityService) getSSOMFADevice(ctx context.Context, user string) (*ty
 		return nil, trace.NotFound("no SSO MFA device found; user's auth connector does not have MFA enabled")
 	}
 
-	return types.NewMFADevice(cb.Connector.ID, cb.Connector.ID, cb.Time.UTC(), &types.MFADevice_Sso{
+	return types.NewMFADevice(mfaConnector.GetDisplay(), cb.Connector.ID, cb.Time.UTC(), &types.MFADevice_Sso{
 		Sso: &types.SSOMFADevice{
 			ConnectorId:   cb.Connector.ID,
 			ConnectorType: cb.Connector.Type,
diff --git a/web/packages/teleport/src/services/mfa/makeMfaDevice.ts b/web/packages/teleport/src/services/mfa/makeMfaDevice.ts
index dec83f762e4e..6a886d1a732c 100644
--- a/web/packages/teleport/src/services/mfa/makeMfaDevice.ts
+++ b/web/packages/teleport/src/services/mfa/makeMfaDevice.ts
@@ -26,6 +26,8 @@ export default function makeMfaDevice(json): MfaDevice {
     description = 'Authenticator App';
   } else if (json.type === 'U2F' || json.type === 'WebAuthn') {
     description = 'Hardware Key';
+  } else if (json.type === 'SSO') {
+    description = 'SSO Provider';
   } else {
     description = 'unknown device';
   }