> **Building with AI coding agents?** If you're using an AI coding agent, install the official Scalekit plugin. It gives your agent full awareness of the Scalekit API — reducing hallucinations and enabling faster, more accurate code generation. > > - **Claude Code**: `/plugin marketplace add scalekit-inc/claude-code-authstack` then `/plugin install @scalekit-auth-stack` > - **GitHub Copilot CLI**: `copilot plugin marketplace add scalekit-inc/github-copilot-authstack` then `copilot plugin install @scalekit-auth-stack` > - **Codex**: run the bash installer, restart, then open Plugin Directory and enable `` > - **Skills CLI** (Windsurf, Cline, 40+ agents): `npx skills add scalekit-inc/skills --list` then `--skill ` > > `` / ``: `agent-auth`, `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` — [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/) --- # SSO simulator Scalekit provides an **SSO simulator** so you can test SSO flows before you connect to real enterprise identity providers. You use it when you are implementing SSO with Scalekit and want to verify your application’s behavior end to end. Without the simulator, you often need to configure multiple providers—such as Microsoft Entra ID, PingIdentity, and Okta—and create test tenants and users just to prove that your SSO flow works. Instead, the SSO simulator lets you trigger the authentication flow with test email domains like `@example.com` and verify how your application handles successful logins and failures, without doing any external IdP configuration. Before you use the SSO simulator, make sure you have: - SSO flow integrated in your app with Scalekit. For example, you have completed setup that generates an authorization URL and handles the callback either with [Modular SSO](/authenticate/sso/add-modular-sso) or [Full stack Authentication](/authenticate/auth-methods/enterprise-sso). - Access to the [Scalekit Dashboard](https://app.scalekit.com) for viewing organizations and connection details. Your development environment includes a **Test Organization** that has connection already setup to the SSO simulator. This organization is safe to use for SSO testing and does not affect real customers. 1. **Locate the test organization** Open **Dashboard → Organizations** and look for an entry named **Test Organization**. The details page shows the test organization's identifier (for example, `org_32656XXXXXX0438`) and any connected SSO integrations. ![Test Organization](@/assets/docs/sso/testing-sso/2.png) 2. **Copy the organization ID** From the **Test Organization** details page, copy the **Organization ID**. You pass this value to the SDK when you generate an SSO authorization URL. ```javascript title="Express.js" wrap "org_32656XXXXXX0438" const options = { organizationId: 'org_32656XXXXXX0438', } const authorizationUrl = await scalekit.getAuthorizationUrl( 'https://your-app.example.com/auth/callback', options, ) ``` ```python title="Flask" wrap "org_32656XXXXXX0438" options = { "organizationId": "org_32656XXXXXX0438", } authorization_url = scalekit_client.get_authorization_url( "https://your-app.example.com/auth/callback", options, ) ``` ```go title="Gin" wrap "org_32656XXXXXX0438" options := scalekit.AuthorizationUrlOptions{ OrganizationId: "org_32656XXXXXX0438", } authorizationURL, err := scalekitClient.GetAuthorizationUrl( "https://your-app.example.com/auth/callback", options, ) ``` ```java title="Spring Boot" wrap "org_32656XXXXXX0438" AuthorizationUrlOptions options = new AuthorizationUrlOptions(); options.setOrganizationId("org_32656XXXXXX0438"); URI authorizationUrl = scalekitClient .authentication() .getAuthorizationUrl("https://your-app.example.com/auth/callback", options); ``` ```sh title="Authorization URL" showLineNumbers=false "org_32656XXXXXX0438" /oauth/authorize? response_type=code& client_id=& redirect_uri=& scope=openid%20profile%20email& organization_id=org_32656XXXXXX0438 ``` **example email addresses:** In developer environments, SSO simulator can be accessed by passing an `example.org` or an `example.com` email addresses. This is useful for starting a SSO simulator 3. **Simulate a SSO login** Generated authorization URL redirects the users to SSO simulator. 1. Select **User login via SSO** from the dropdown menu 2. Enter test user details (email, name, etc.) to simulate authentication 3. Click **Submit** to complete the simulation
![SSO Simulator form](@/assets/docs/manual/fundamentals/testing-sso/with-idp-simulator/2.1.png)
After submitting the form, your application receives an `idToken` containing the user details you entered:
![ID token response](@/assets/docs/manual/fundamentals/testing-sso/with-idp-simulator/2.2.png)
**Custom user attributes:** To test custom attributes from the SSO Simulator, first register them at **Dashboard > Development > Single Sign-On > Custom Attributes**. ### Full stack authentication vs modular SSO How you reach the SSO simulator depends on how you use Scalekit: - **Modular SSO:** You can route users to the SSO simulator by including `login_hint=name@example.com` (or `organization_id=`) in the authorization URL. You are not limited to passing only the organization ID. - **Full stack authentication:** You do not need to pass any parameters when creating the authorization URL. Redirect users to Scalekit’s hosted login page; when they enter an email with a domain such as `example.com` or `example.org`, the login screen automatically sends them to the SSO simulator. --- ## More Scalekit documentation | Resource | What it contains | When to use it | |----------|-----------------|----------------| | [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content | | [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas | | [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |