Skip to content
Scalekit Docs
Talk to an Engineer Start implementing

Production launch checklist

A focused checklist for launching your Scalekit SSO integration, based on the core enterprise authentication launch checks.

As you prepare to launch enterprise SSO to production, you should confirm that your configuration satisfies the core enterprise checks from the authentication launch checklist.

This page extracts the SSO-specific items from the main authentication production readiness checklist and organizes them for your SSO rollout.

Use this checklist alongside the main launch checklist to validate that your SSO flows, admin experience, and network access are ready for enterprise customers.

Verify SSO integrations with identity providers

Test SSO integrations with your target identity providers (for example, Okta, Azure AD, Google Workspace) using your production environment URL and credentials.

Configure SSO attribute mapping and identifiers

Configure SSO user attribute mapping (email, name, groups) and ensure you use consistent user identifiers (for example, email or userPrincipalName) across all SSO connections.

Verify redirect URIs and state validation

Confirm that your redirect URIs are correctly configured in both Scalekit and your identity providers, and that you validate the state parameter in callbacks to prevent CSRF attacks.

Test SP-initiated and IdP-initiated SSO flows

Test both SP-initiated and IdP-initiated SSO flows end-to-end in a staging environment before enabling them for production tenants. See test SSO flows for detailed scenarios.

Validate JIT provisioning and default roles

Register all organization domains for JIT provisioning, configure appropriate default roles for JIT-provisioned users, and test new, existing, and deactivated user scenarios.

Finalize admin portal setup and branding

Configure the self-service admin portal, apply your branding (logo, accent colors), and verify that enterprise admins can manage SSO connections and users as expected.

Review admin portal URL and DNS

Customize the admin portal URL to match your domain (for example, https://sso.b2b-app.com), update your .env configuration after CNAME setup, and confirm that your customers can access the portal from their networks.

Verify customer network and firewall access

Ask your enterprise customers to whitelist your Scalekit environment domain and related endpoints so SSO redirects and admin portal access work behind their VPNs and firewalls.

Harden error handling and monitoring for SSO

Test SSO error scenarios (for example, misconfigured connections, invalid assertions, and deactivated users), and set up logging and alerts so you can quickly detect and remediate SSO issues.