Test SSO integration with Okta
Using our Quickstart, you would have integrated Scalekit and implemented the SSO authentication in your sandbox environment. Now, it’s time to test your SSO integration for all possible customer scenarios.
Before getting started, we recommend you signup for an Okta developer account so that you can test and verify SSO integration with Scalekit.
Setup your environment for testing
Section titled “Setup your environment for testing”For effective testing purposes, lets simulate a real scenario of onboarding an enterprise organization to your application. Assume the organization uses Okta as identity provider and is expecting to Single Sign-on with Okta.
- Create an organization in the Scalekit Dashboard with a name that reflects your customer
- Generate an Admin Portal link in the overview section of the created organization
- Open the Admin Portal link and follow our Okta Integration guide to setup an active SSO connection using Okta
Now that you have an active SSO connection, make sure that you have successfully validated the below scenarios.
Single Sign-on scenarios to validate
Section titled “Single Sign-on scenarios to validate”SP Initiated SSO Scenario 1
Section titled “SP Initiated SSO ”In this scenario, user starts the Single Sign-on flow from your application’s login page.
Validate the following:
- Scalekit redirects the user to the appropriate identity provider based on the Authorization URL you provided
- Your application can retrieve the user details by exchanging the
code
you received in the above step
IdP Initiated SSO Scenario 2
Section titled “IdP Initiated SSO ”In this scenario, user is logged in the identity provider and selects your application. The SSO flow gets initiated from the identity provider (IdP). Diagram below explains the workflow
Validate the following:
- User is redirected to the default Redirect URI with request parameters. This Redirect URI is configured in the Scalekit dashboard
- Your application detects this as IdP-initiated SSO (based on the request parameters) and initiates the SP-initiated SSO. For step-by-step details, check out this guide on the implementing Idp-initiated SSO
- User is redirected to the appropriate identity provider based on the Authorization URL provided
- After the user is authenticated by the identity provider, they are navigated to the Redirect URI with a one time
code
along with thestate
parameter sent in the Authorization URL - Your application can retrieve the user details by exchanging the
code
you received in the above step
Handling errors Scenario 3
Section titled “Handling errors ”Sometimes, SSO login could fail due to improper SSO configuration, incomplete user profiles, or integration issues with the identity provider.
Handle errors and display appropriate error messages to your users. Go through the possible error codes.