Testing single sign-on configuration

Edit online

Review guidance about how to effectively test single sign-on (SSO) configuration in IBM® Envizi ESG Suite.

Before you begin

Configure SSO in Envizi ESG Suite by completing the steps in Setting up single sign-on.

About this task

Important: If for some reason the SSO test fails, it blocks all users who have the same SSO email domain from accessing the system. Therefore, you must set aside a login that is non-SSO. If the test fails, you can use the non-SSO login to access the system to disable SSO and perform troubleshooting.

Procedure

  1. Create a test login in Envizi ESG Suite.
    The test login’s username must be available in both Envizi ESG Suite and in your IdP directory. If it is not possible to obtain a new test user email, see whether it possible to use a colleague’s login for the test.
  2. In Envizi ESG Suite, do the following steps:
    1. Click Admin > Single Sign-On.
    2. Right-click the SSO setting that you want to test, and then click Edit SSO metadata.
    3. Set Enable SSO to on.
    4. Click Save and load metadata.
  3. Either retain your own login, or create another login, as a non-SSO login.
    If the test fails, you can still log back into the system by using a username and password.
    1. Click Manage > Contacts & Logins.
    2. In the Contacts & Logins page, right-click a contact and then click Login.
    3. In the Contact Login page, right-click the contact and click Set as Non-SSO.
  4. Log out of the system, and log back in by entering the username that you chose to do the SSO test.
    1. Follow the steps to enter credentials and perform any secondary factor authentication as required by your organization’s identity management system.
  5. If you observe an issue during the test, log back into the system by using the non-SSO login that you previously configured, and review the SSO log files for more debugging information.
    1. To access the most recent SSO log files, click Admin > Single Sign-On > SSO Logs.
    SSO log files contain information such as usernames, IdP user group names, and other related information that is provided in the SAML assertion. Sometimes issues can arise from the settings in your IdP application. Work with your IT department to resolve the issues.
  6. After you finish the SSO test, disable SSO on the SSO Settings page, assuming that you want to enable SSO later after you inform all of your users and your IT department.
    1. To disable SSO, use the non-SSO login that you previously configured, regardless of whether the SSO test is successful.