diff --git a/app/decorators/identity_decorator.rb b/app/decorators/identity_decorator.rb
index f652ea53921..63c65cc6eeb 100644
--- a/app/decorators/identity_decorator.rb
+++ b/app/decorators/identity_decorator.rb
@@ -10,6 +10,10 @@ def event_partial
     'accounts/identity_item'
   end
 
+  def failure_to_proof_url
+    identity.sp_metadata[:failure_to_proof_url]
+  end
+
   def return_to_sp_url
     identity.sp_metadata[:return_to_sp_url]
   end
diff --git a/app/models/null_service_provider.rb b/app/models/null_service_provider.rb
index 2998c226224..39e0f7a4adf 100644
--- a/app/models/null_service_provider.rb
+++ b/app/models/null_service_provider.rb
@@ -29,6 +29,8 @@ def logo; end
 
   def friendly_name; end
 
+  def failure_to_proof_url; end
+
   def return_to_sp_url; end
 
   def redirect_uris
diff --git a/config/service_providers.yml b/config/service_providers.yml
index 451b8f3a9c2..627f1e81566 100644
--- a/config/service_providers.yml
+++ b/config/service_providers.yml
@@ -23,6 +23,7 @@ test:
     assertion_consumer_logout_service_url: 'http://example.com/test/saml/decode_slo_request'
     block_encryption: 'aes256-cbc'
     sp_initiated_login_url: 'https://example.com/auth/saml/login'
+    failure_to_proof_url: 'https://example.com/'
     friendly_name: 'Test SP'
     cert: 'saml_test_sp'
     logo: 'generic.svg'
diff --git a/db/migrate/20180728122856_add_failure_to_proof_url_to_service_provider.rb b/db/migrate/20180728122856_add_failure_to_proof_url_to_service_provider.rb
new file mode 100644
index 00000000000..70b471ec641
--- /dev/null
+++ b/db/migrate/20180728122856_add_failure_to_proof_url_to_service_provider.rb
@@ -0,0 +1,9 @@
+class AddFailureToProofUrlToServiceProvider < ActiveRecord::Migration[5.1]
+  def up
+    add_column :service_providers, :failure_to_proof_url, :text
+  end
+
+  def down
+    remove_column :service_providers, :failure_to_proof_url
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 0500a0e1cf0..bf2f5a85943 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180720152009) do
+ActiveRecord::Schema.define(version: 20180728122856) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -179,6 +179,7 @@
     t.boolean "native", default: false, null: false
     t.string "redirect_uris", default: [], array: true
     t.integer "agency_id"
+    t.text "failure_to_proof_url"
     t.index ["issuer"], name: "index_service_providers_on_issuer", unique: true
   end
 
diff --git a/spec/decorators/identity_decorator_spec.rb b/spec/decorators/identity_decorator_spec.rb
index b075c175b16..55032322260 100644
--- a/spec/decorators/identity_decorator_spec.rb
+++ b/spec/decorators/identity_decorator_spec.rb
@@ -3,21 +3,21 @@
 describe IdentityDecorator do
   include ActionView::Helpers::TagHelper
 
-  let(:user) { create(:user) }
-  let(:service_provider) { 'http://localhost:3000' }
-  let(:identity) { create(:identity, :active, user: user, service_provider: service_provider) }
+  describe '#return_to_sp_url' do
+    let(:user) { create(:user) }
+    let(:service_provider) { 'http://localhost:3000' }
+    let(:identity) { create(:identity, :active, user: user, service_provider: service_provider) }
 
-  subject { IdentityDecorator.new(identity) }
+    subject { IdentityDecorator.new(identity) }
 
-  describe '#return_to_sp_url' do
-    context 'for an sp without a return URL' do
-      context 'for an sp with a return URL' do
-        it 'returns the return url for the sp' do
-          return_to_sp_url = ServiceProvider.from_issuer(service_provider).return_to_sp_url
-          expect(subject.return_to_sp_url).to eq(return_to_sp_url)
-        end
+    context 'for an sp with a return URL' do
+      it 'returns the return url for the sp' do
+        return_to_sp_url = ServiceProvider.from_issuer(service_provider).return_to_sp_url
+        expect(subject.return_to_sp_url).to eq(return_to_sp_url)
       end
+    end
 
+    context 'for an sp without a return URL' do
       let(:service_provider) { 'https://rp2.serviceprovider.com/auth/saml/metadata' }
 
       it 'returns nil' do
@@ -25,4 +25,27 @@
       end
     end
   end
+
+  describe '#failure_to_proof_url' do
+    let(:user) { create(:user) }
+    let(:service_provider) { 'https://rp1.serviceprovider.com/auth/saml/metadata' }
+    let(:identity) { create(:identity, :active, user: user, service_provider: service_provider) }
+
+    subject { IdentityDecorator.new(identity) }
+
+    context 'for an sp with a failure to proof url' do
+      it 'returns the failure_to_proof_url for the sp' do
+        failure_to_proof_url = ServiceProvider.from_issuer(service_provider).failure_to_proof_url
+        expect(subject.failure_to_proof_url).to eq(failure_to_proof_url)
+      end
+    end
+
+    context 'for an sp without a failure to proof URL' do
+      let(:service_provider) { 'http://localhost:3000' }
+
+      it 'returns nil' do
+        expect(subject.failure_to_proof_url).to eq(nil)
+      end
+    end
+  end
 end
diff --git a/spec/models/null_service_provider_spec.rb b/spec/models/null_service_provider_spec.rb
index 7035562b026..ae5ec717123 100644
--- a/spec/models/null_service_provider_spec.rb
+++ b/spec/models/null_service_provider_spec.rb
@@ -58,6 +58,12 @@
     end
   end
 
+  describe '#failure_to_proof_url' do
+    it 'returns nil' do
+      expect(subject.failure_to_proof_url).to be_nil
+    end
+  end
+
   describe '#issuer' do
     it 'returns the issuer argument' do
       expect(subject.issuer).to eq 'foo'