Test SSO

Verify SSO Connection using Okta as the identity provider

Using our Quickstart guide, you would have integrated Scalekit and implemented the SSO authentication in your sandbox environment. Now, it's time to test your SSO integration for all possible customer scenarios.

Before getting started, we recommend you signup for an Okta developer account so that you can test and verify SSO integration with Scalekit.

Setup your environment for testing

For effective testing purposes, lets simulate a real scenario of onboarding an enterprise organization to your application. Assume the organization uses Okta as identity provider and is expecting to Single Sign-on with Okta.

1. Create an organization in the Scalekit Dashboard with a name that reflects your customer.
2. Generate an Admin Portal link in the overview section of the created organization.
3. Open the Admin Portal link and follow our Okta Integration guide to setup an active SSO connection using Okta.

tip

You can customize the admin portal and theme it according to your application's brand guidelines to give a more polished experience.

Now that you have an active SSO connection, make sure that you have successfully validated the below scenarios.

Single Sign-on Scenarios to validate

Scenario 1: SP Initiated SSO

In this scenario, user starts the Single Sign-on flow from your application's login page.

SP initiated SSO workflow

Validate the following:

• Scalekit redirects the user to the appropriate identity provider based on the Authorization URL you provided.
• Your application can retrieve the user details by exchanging the code you received in the above step.

Scenario 2: IdP Initiated SSO

In this scenario, user is logged in the identity provider and selects your application. The SSO flow gets initiated from the identity provider (IdP). Diagram below explains the workflow

Scalekit's recommended workflow for IdP initiated SSO

Validate the following:

• User is redirected to the default Redirect URI with request parameters. This Redirect URI is configured in the Scalekit dashboard.
• Your application detects this as IdP-initiated SSO (based on the request parameters) and initiates the SP-initiated SSO. For step-by-step details, check out this guide on the implementing Idp-initiated SSO
• User is redirected to the appropriate identity provider based on the Authorization URL provided.
• After the user is authenticated by the identity provider, they are navigated to the Redirect URI with a one time code along with the state parameter sent in the Authorization URL.
• Your application can retrieve the user details by exchanging the code you received in the above step.

Scenario 3: Handling Errors

Sometimes, SSO login could fail due to improper SSO configuration, incomplete user profiles, or integration issues with Scalekit.

Handle errors and display appropriate error messages to your users. Go through the possible error codes.

Next Steps

After validating all scenarios, you are ready to go live. Visit our Launch Checklist guide before you start onboarding real customers in your production environment.