Skip to main content

First Time SAML SSO Set Up

Kristin Mize
Updated

Complete your SSO setup with these Self-Service steps

Follow these steps to complete the Single Sign-On (SSO) setup using our Self-Service tool:

Pre-requisites

Gather the required information and ensure you have the necessary permissions to use the Self-Service tool.

Step 1: Initiate the Setup

As the SSO Admin, start the setup process from your AlphaSense account.

Step 2: Configure the Identity Provider (IdP)

Ask your IdP Admin to create an AlphaSense application in your IdP. They will need the configuration details from Step 1. Once complete, they must provide you with the IdP metadata URL.

Step 3: Configure and Test the Connection

Return to the SSO Setup page and enter the metadata URL provided by your IdP Admin.

Step 4 (Optional): Set Up Home Realm Discovery

Configure Home Realm Discovery if your organization wants the SSO connection to be auto-detected by email domain.

Step 5: Finalize the SSO Connection

Review the configuration and complete the setup to activate the SSO connection.

Pre-requisites

Before you begin setting up SAML SSO in our new system, please review the following prerequisites and considerations:

1. Migrating from an Existing SSO Setup

If your organization currently uses SSO in the legacy AlphaSense system, SSO connections that are established before January 12, 2026, follow the standard SAML SSO setup process in the new system. Treat it as a first-time setup.

Once you complete the configuration, the system will automatically migrate your SSO connection—no additional steps are required.

Note: We recommend keeping the old IdP application intact for several weeks after you migrate. If there are any issues with the new SSO connection, you can revert to the old SSO connection with one click by turning off the SSO status switch on the SSO Setup page. The old IdP application can serve as a baseline so you can keep user assignments and customized usernames or NameIDs the same across both applications, if needed.

 

2. Determine Whether Home Realm Discovery (HRD) Is Needed

Home Realm Discovery (HRD) automatically routes users to the correct Identity Provider (IdP) based on their email domain. This improves login efficiency and security.

Use HRD only if all users in your organization share email domains that are exclusively tied to your company’s SSO.

Considerations:

  • HRD cannot be used if an email domain is shared by users who authenticate with different methods.
    • Example: If example.com is used by two sub-companies, but only one uses SSO and the other uses username-password login, HRD is not supported.
  • If you're unsure whether HRD is suitable for your setup, contact AlphaSense Support before proceeding.

3. Determine If You Need a Shared SSO Connection

Use a shared SSO connection if multiple sub-companies, departments, or groups in your organization need access through a single Identity Provider (IdP) application.

In the new system, each company or group can have a separate IdP application and Service Provider (SP) entityId. This allows for more flexible configuration and management.

Use a shared SSO connection if:

  • Multiple companies or groups will use the same IdP application.
  • You plan to implement Home Realm Discovery (HRD), which requires a shared IdP.

If configuring multiple companies:

  • You can start by setting up SSO for one company.
  • Later, decide whether to:
    • Reuse the same IdP application for additional companies.
    • Create a new IdP application for each company.

4. Identify the SSO Admin

If no user at your organization currently has SSO Admin permissions, contact AlphaSense Support. We will assign the role to the user you designate.

Role Definitions

  • SSO Admin: A user from your organization with access to the AlphaSense SSO Admin tool. This user manages the Self-Service SSO setup and maintains the SSO configuration for your company.
  • IdP Admin: A user on your side who manages your Identity Provider (IdP), such as Okta or Azure AD. The IdP Admin is responsible for creating the AlphaSense application within the IdP and providing the metadata URL.

In many organizations, the same person can act as both the SSO Admin and IdP Admin.

Step 1: Initiate the SAML SSO Set Up Process

  • Click your profile icon in the lower-left corner → Account → select Manage SSO from the left sidebar → Setup SSO.

  • Follow the step-by-step instructions: Create Setup Link Open Configuration PortalGet Started.

  • In the Configure Your Connection section, select Single Sign-On.

  • Select Custom SAML.

  • In the Create an Application section, you will see the Single Sign-On URL and Service Provider Entity ID. Share this information with the IdP Admin, then proceed to Step 2.

Note: The values shown in the screenshot are for reference only.

 

Step 2: Create the SAML Application in your IdP

Using the Single Sign-On URL and Service Provider Entity ID from Step 1, your IdP Admin should create the IdP application and provide the metadata URL for that application. In Azure AD, the Single Sign-On URL is defined as the Reply URL (Assertion Consumer Service URL).

If you experience difficulties, we have setup guides for common IdPs:

If you are migrating from the legacy SSO connection to our new system and your existing IdP application uses a custom NameID or assigned username, the new IdP application must include the same configuration.

During the transition period, both systems will remain active, allowing us to switch back to the legacy application if any issues arise.

Step 3: Configure and Test the Connection

  • Return to the SSO Configuration Portal from Step 1 and navigate to Custom SAMLConfigure Connection.
  • Add the metadata URL from Step 2 into the Metadata URL field. Alternatively, you can configure it manually by switching to the Manual tab, entering the SSO Login URL and Signing Certificate → then click Create Connection.

  • Click Test Connection to confirm the setup is successful.
  • Proceed to Step 4 if you require HRD. Otherwise, click Enable Connection and close the configuration portal.

Step 4 (optional): Configure Home Realm Discovery

  • From Step 3, click on Domain Configuration.
  • Enter your company’s domain into the text box and click Add Domain.
  • Afterward, copy the TXT Record Name and TXT Record Content, then add them to your DNS server

  • Repeat this process for any additional domains.
  • Exit Domain Verification window, click Enable Connection and close the configuration portal.

Step 5: Finalize the Connection

  • You should now see Update SSO and Remove SSO buttons instead of the initial Setup SSO button. If not, try refreshing the page.

  • Toggle SSO Status ON to activate your new SSO connection. From this point forward, all users will be redirected to authenticate via SSO.
  • To temporarily disable SSO, toggle SSO Status OFF. 
  • To edit the existing connection, click Update SSO and follow our update guide.
  • To completely remove your SSO connection, click Remove SSO. Please note that this action is irreversible, and you will need to set up everything again from scratch.

After setting up SSO, do not log out. Instead, ask a different user to test login, or use your same user in a different browser. If you encounter any issues with SSO, you can disable it using the options above.

You should upgrade the AlphaSense ios app to the latest version after SSO Setup for full compatibility.

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Article is closed for comments.