Verifying SSO in DAI
After you perform the steps to enable SSO in your DAI installation, there are a few ways to verify the success of your implementation. Following are some scenarios you can walk through to verify that single sign-on (SSO) with DAI is working correctly.
- First Login
- Subsequent Login
- Link Accounts (optional)
- Logout
- View My Account Details
- Update Account Details
- Access DAI as an Admin
First Login
Verify you experience the following process the first time you log into DAI with SSO:
- Enter your DAI URL (for example, type the domain without the path
https://{dai_domain}
into a browser). - You should be redirected to Entra ID and prompted to log in (with your Entra ID credentials). You should be able to log in successfully. Note that you may be required to use multi-factor authentication instead of, or as well as, a username and password challenge.
- You are redirected back to DAI.
- You can access DAI. Any login failure is handled by Entra ID. Your first login will create a user in Keycloak that is linked to the user in Entra ID. You can confirm this in the Keycloak Admin Console, or you can follow the View My Account Details or Access DAI as an Admin workflows because these will get their data from the Keycloak User records.
Subsequent Login
Follow the exact process described in First Login, but with a user who has already logged into DAI at least once. SSO will be configured for this user and an account should exist in Keycloak from the first login. This time you are checking that another Keycloak user does not get created, either in Keycloak Admin Console or from the Manage Users page in DAI. If the claim mapping is not configured properly, then this might result in an error or result in duplicate accounts being created.