diff --git a/lib/src/sso/sso.controller.ts b/lib/src/sso/sso.controller.ts
index 65285b4..c26ca20 100644
--- a/lib/src/sso/sso.controller.ts
+++ b/lib/src/sso/sso.controller.ts
@@ -21,14 +21,11 @@ export class SsoController {
   constructor(private ssoService: SsoService) {}
 
   /**
-   * Start SSO login process.
+   * Start SSO login process to sign in.
    *
    * This first saves the value of an optional `afterLoginUrl` query parameter
-   * and then redirects to another GET endpoint that starts the actual login
-   * process. The intermediate redirection is done in order to save the query
-   * parameter value without having to use a middleware or a guard (the SSO
-   * login is implemented as a guard which prevents accessing the query
-   * parameters in a conventional manner).
+   * and then redirects to another GET endpoint that starts the actual SSO
+   * flow.
    */
   @Get("sso/login")
   // eslint-disable-next-line @typescript-eslint/no-empty-function
@@ -39,6 +36,27 @@ export class SsoController {
     @Res() response: Response,
   ) {
     session.afterLoginUrl = afterLoginUrl;
+    session.registerAlt = false;
+    response.redirect("redirect");
+  }
+
+  /**
+   * Start SSO login process to add alt character.
+   *
+   * This first saves the value of an optional `afterLoginUrl` query parameter
+   * and then redirects to another GET endpoint that starts the actual SSO
+   * flow.
+   */
+  @Get("sso/register-alt")
+  // eslint-disable-next-line @typescript-eslint/no-empty-function
+  async registerAlt(
+    @Query("afterLoginUrl") afterLoginUrl: string | undefined,
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    @Session() session: Record<string, any>,
+    @Res() response: Response,
+  ) {
+    session.afterLoginUrl = afterLoginUrl;
+    session.registerAlt = true;
     response.redirect("redirect");
   }
 
diff --git a/lib/src/sso/sso.service.ts b/lib/src/sso/sso.service.ts
index 8fdb70c..b84da0c 100644
--- a/lib/src/sso/sso.service.ts
+++ b/lib/src/sso/sso.service.ts
@@ -9,6 +9,7 @@ import { getUserId, setUserId } from "../common/utils/session.util";
 import { ModuleConfigService } from "../config/module-config.service";
 import { CharacterService } from "../entities/character/character.service";
 import { AltService } from "../entities/user/alt.service";
+import { User } from "../entities/user/user.model";
 
 @Injectable()
 export class SsoService {
@@ -34,14 +35,19 @@ export class SsoService {
       ...tokens,
     });
 
+    const registerAlt = get(session, "registerAlt");
     const loggedInUserId = getUserId(session);
-    if (loggedInUserId) {
-      this.altService.addAlt(esiCharacter, loggedInUserId);
+
+    let user: User;
+
+    if (loggedInUserId && registerAlt) {
+      user = await this.altService.addAlt(esiCharacter, loggedInUserId);
     } else {
-      const user = await this.authenticationService.ssoLogin(esiCharacter);
-      setUserId(session, user.id);
+      user = await this.authenticationService.ssoLogin(esiCharacter);
     }
 
+    setUserId(session, user.id);
+
     return (
       get(session, "afterLoginUrl") ||
       this.moduleConfigService.config.afterLoginUrl