SSO simulator

Test SSO flows end to end using Scalekit’s built-in IdP simulator and a pre-configured test organization.

Scalekit provides an SSO simulator so you can test SSO flows before you connect to real enterprise identity providers. You use it when you are implementing SSO with Scalekit and want to verify your application’s behavior end to end.

Without the simulator, you often need to configure multiple providers—such as Microsoft Entra ID, PingIdentity, and Okta—and create test tenants and users just to prove that your SSO flow works. Instead, the SSO simulator lets you trigger the authentication flow with test email domains like @example.com and verify how your application handles successful logins and failures, without doing any external IdP configuration.

Before you use the SSO simulator, make sure you have:

SSO flow integrated in your app with Scalekit. For example, you have completed setup that generates an authorization URL and handles the callback either with Modular SSO or Full stack Authentication.
Access to the Scalekit Dashboard for viewing organizations and connection details.

Your development environment includes a Test Organization that has connection already setup to the SSO simulator. This organization is safe to use for SSO testing and does not affect real customers.

Locate the test organization

Open Dashboard → Organizations and look for an entry named Test Organization.

The details page shows the test organization’s identifier (for example, org_32656XXXXXX0438) and any connected SSO integrations.
Copy the organization ID

From the Test Organization details page, copy the Organization ID. You pass this value to the SDK when you generate an SSO authorization URL.
Express.js
1 const options = { 2 organizationId: 'org_32656XXXXXX0438', 3 } 4 5 const authorizationUrl = await scalekit.getAuthorizationUrl( 6 'https://your-app.example.com/auth/callback', 7 options, 8 )
Flask
1 options = { 2 "organizationId": "org_32656XXXXXX0438", 3 } 4 5 authorization_url = scalekit_client.get_authorization_url( 6 "https://your-app.example.com/auth/callback", 7 options, 8 )
Gin
1 options := scalekit.AuthorizationUrlOptions{ 2 OrganizationId: "org_32656XXXXXX0438", 3 } 4 5 authorizationURL, err := scalekitClient.GetAuthorizationUrl( 6 "https://your-app.example.com/auth/callback", 7 options, 8 )
Spring Boot
1 AuthorizationUrlOptions options = new AuthorizationUrlOptions(); 2 options.setOrganizationId("org_32656XXXXXX0438"); 3 4 URI authorizationUrl = scalekitClient 5 .authentication() 6 .getAuthorizationUrl("https://your-app.example.com/auth/callback", options);
Authorization URL
<SCALEKIT_ENVIRONMENT_URL>/oauth/authorize? response_type=code& client_id=<SCALEKIT_CLIENT_ID>& redirect_uri=<REDIRECT_URI>& scope=openid%20profile%20email& organization_id=org_32656XXXXXX0438
In developer environments, SSO simulator can be accessed by passing an example.org or an example.com email addresses. This is useful for starting a SSO simulator
Simulate a SSO login

Generated authorization URL redirects the users to SSO simulator.
1. Select User login via SSO from the dropdown menu
2. Enter test user details (email, name, etc.) to simulate authentication
3. Click Submit to complete the simulation
After submitting the form, your application receives an idToken containing the user details you entered:

Full stack authentication vs modular SSO

How you reach the SSO simulator depends on how you use Scalekit:

Modular SSO: You can route users to the SSO simulator by including login_hint=name@example.com (or organization_id=<test_org_id>) in the authorization URL. You are not limited to passing only the organization ID.
Full stack authentication: You do not need to pass any parameters when creating the authorization URL. Redirect users to Scalekit’s hosted login page; when they enter an email with a domain such as example.com or example.org, the login screen automatically sends them to the SSO simulator.