Hello @Andrii_Zavada . Looker Support here! With your example it can help to have more details as to how users are changing the URL. Please email firstname.lastname@example.org with more information and we will be happy to review.
Typically, even if a User does have access to the URL and does edit the URL, doing so should invalidate that URL since the that will not match the signature encoded in the URL during the SSO URL creation process. We look forward to hearing more about your example and investigating further.