> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tryprofound.com/llms.txt
> Use this file to discover all available pages before exploring further.

> This guide explains how to set up SAML Single Sign-On (SSO) with Profound. We support integration with various Identity Providers (IdPs) including Microsoft Azure AD, Google Workspace, Okta, and any custom SAML-compliant IdP.

# Configure SAML SSO

<Note>
  SSO is available for customers on the Enterprise plan. To get started, reach out to your engagement manager to request a configuration link.
</Note>

## Prerequisites

* Administrative access to your Identity Provider (IdP)
* The domain you want to enable for SSO
* A configuration link from your engagement manager

<Steps>
  <Step title="Request Your Configuration Link">
    Contact your engagement manager to request an SSO configuration link. You will use this link to set up the connection between Profound and your Identity Provider.
  </Step>

  <Step title="Select Your Identity Provider">
    Open the configuration link provided by your engagement manager. You will be prompted to select your Identity Provider from a list of supported options.

    The portal tailors the setup experience to your IdP — once you make your selection, you will be given step-by-step instructions specific to your provider.
  </Step>

  <Step title="Follow the IdP-Specific Instructions">
    The portal will walk you through connecting your IdP to Profound, including:

    * The values you need to copy from Profound into your IdP (such as the ACS URL, Service Provider Entity ID, and Metadata URL)
    * The values you need to retrieve from your IdP and enter into the portal (such as the SSO URL, Entity ID, and X.509 Certificate)

    Follow the instructions shown in the portal for your specific IdP.
  </Step>

  <Step title="Test and Enable">
    The configuration portal includes a built-in test feature — use it to verify the login flow before going live. No separate test account setup is needed.

    Once the test passes, you can enable SSO for your domain directly from the portal.
  </Step>
</Steps>

## Notes

* Subdomains must be explicitly configured unless your domain is an [eTLD+1](https://developer.mozilla.org/en-US/docs/Glossary/eTLD)
* Contact [support@tryprofound.com](mailto:support@tryprofound.com) if you need assistance during setup

<Note>
  After SSO is enabled, users with email addresses matching your configured domains will automatically be directed to your IdP for authentication.
</Note>
