Testing Your Single Sign-On Connection

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu.

This topic describes how an administrator can test the OpenID Connect (OIDC) connection between Single Sign‑On for VMware Tanzu and Azure Active Directory (Azure AD).

You can test your identity provider integration by deploying the Pivotal Single Sign-On Service Sample Applications.

Follow the steps below to test your Single Sign‑On connection.

  1. Log in to Apps Manager at https://apps.SYSTEM-DOMAIN and navigate to the org and space where your app is located.

  2. Under Services, locate the service instance of the Single Sign‑On plan bound to your app.

    Azure oidc instance

  3. Select the service instance and click Manage.

    Azure oidc manage instance

  4. Under the Apps tab, select your app.

    Azure oidc app

  5. Under Identity Providers, select the Azure AD identity provider. Remove any other identity providers.

    Azure oidc app idp

  6. Return to Apps Manager and click the URL listed below your app to access your app.

    Azure oidc app url

  7. Navigate to your login. You will be redirected to the identity provider to authenticate.

    Azure oidc app prompt

  8. On the identity provider sign-in page, enter your credentials and sign in.

    Azure oidc login

  9. If the app prompts for authorization to the necessary scopes, click Accept.

    Azure oidc accept

  10. If you are now logged into your app, your Azure AD OIDC to Single Sign‑On connection works.

    Azure oidc confirm