Skip to content

Test SSO

After implementing Single Sign-On using our Quickstart guide, you need to validate your integration for all possible scenarios. We have set up your development environment with two key components to make testing comprehensive and straightforward:

  1. Identity Provider Simulator: Test all possible Single Sign-On scenarios without requiring external services like Okta or Microsoft Entra ID.
  2. Test organization: Access a pre-configured organization with an SSO connection to our IdP Simulator and domains like @example.com or @example.org for testing.

To ensure a successful SSO implementation, test all three scenarios described in this guide before deploying to production.

Service provider (SP) initiated SSO Scenario 1

Section titled “Service provider (SP) initiated SSO ”

In this common scenario, users start the Single Sign-On process from your application’s login page.

How SP-initiated SSO works

SP initiated SSO

SP (Your application) Initiated SSO

Locating your test organization

SP initiated SSO

Use the following code to generate an authorization URL with your organization ID (as shown in step 2 of the sequence diagram). See the Authorization URL documentation for more details.

const options = {};
options['organizationId'] = 'org_32656XXXXXX0438';
// Generate Authorization Url
const authorizationURL = scalekit.getAuthorizationUrl(redirectUrl, options);
res.redirect(authorizationUrl);
  1. The user will be redirected to the Identity Provider (IdP) Simulator
  2. Select “User login via SSO” to view the simulation form
  3. Enter user details to simulate a user signing in via SSO

IdP Simulator

After entering the user details, your application will receive an idToken indicating successful simulation. The token contains the following details:

IdP Simulator

Identity Provider (IdP) initiated SSO Scenario 2

Section titled “Identity Provider (IdP) initiated SSO ”

In this scenario, users start the sign-in process from the Identity Provider, typically through an applications catalog. This allows users to conveniently access applications available within their organization.

If you haven’t implemented IdP-initiated SSO in your application yet, follow our guide for implementing IdP-initiated SSO before testing this scenario.

How IdP-initiated SSO works

  1. Generate the authorization URL using the Test organization
  2. Get redirected to the IdP Simulator
  3. Select “IdP initiated SSO” from the dropdown menu
  4. Enter test user details to simulate the login

IdP initiated SSO

Implement logic in your callback handler to identify and process IdP-initiated requests from Scalekit. Learn more about implementing IdP-initiated SSO.

IdP initiated SSO

For IdP-initiated callbacks, retrieve necessary details (such as connection_id or organization_id) from Scalekit to construct an authorization URL. This effectively converts an IdP-initiated SSO into an SP-initiated SSO.

Error handling Scenario 3

Section titled “Error handling ”

Your application should gracefully handle error scenarios to provide a good user experience.

To test error handling:

Error scenario

  1. Redirect to the authorization URL
  2. Select the “Error” scenario in the IdP simulator
  3. Process the error in your callback handler