Docs

Readiness checks

# Readiness checks

Use the following list to ensure that your organizations are ready for use in a production environment.

# User account management

To ensure the readiness of user accounts of your organizations:

  • Verify groups and roles assigned to users.
  • Enable/disable self-registration based on the business requirement. Learn more
  • Enable/disable account recovery based on the business requirement. Learn more
  • If you have added a user store, configure high availability. Learn more

# Applications

Use the following sections to verify if your applications are ready for production.

OIDC

To ensure the readiness of the OIDC applications of your organizations:

  • Confirm whether the allowed access URL is from the production application's domain. Make sure not to include access URLs that include localhost.
  • Configure the recommended grant type depending on your application requirements. Learn more
  • Confirm whether the allowed callback URLs are only from the production application domain. Make sure not to include callback URLs that include localhost. Learn more
  • Use only the HTTP origins that host your web application, not localhost. Learn more
  • Verify token type matches the business application. Learn more
  • Verify the token binding type matches the requirements.
  • Configure access, refresh, and id token expiry times.
  • Provide the correct certificate. Learn more
  • Securing application secrets in the clients.

An application’s client secret and client ID can be used to invoke APIs. Hence, securely store and minimize access to only authorized people for your applications' client id and client secret.

SAML

To ensure the readiness of the SAML applications of your organizations:

  • Confirm whether the allowed access URL is only from the production application domain. Make sure not to include access URLs that include localhost.
  • Confirm whether the Assertion consumer service URLs(ACS) are only from the production application domain. Learn more
  • Make sure not to include ACS URLs that include localhost. Learn more
  • Select the default ACS URL when there are multiple ACS URLs. Learn more
  • Enable Response Signing. Configure signing and digest algorithms. Learn more
  • Enable/Disable Single logout (SLO) based on the application requirement. Learn more
  • If SLO is enabled, verify logout request and logout response URLs are configured, not localhost.
  • Provide certificates for the application. Learn more
Single Page Applications

To ensure the readiness of the single-page applications of your organizations:

  • Confirm whether the allowed access URL is only from the production application domain. Make sure not to include access URLs that include localhost.
  • Configure the recommended grant type depending on your application. Learn more
  • Confirm whether the allowed callback URLs are only from the production application domain. Make sure not to include callback URLs that include localhost. Learn more
  • Use only the HTTP origins that host your web application, not localhost. Learn more
  • Configure PKCE as mandatory. Learn more
  • Verify token type matches the business application. Learn more
  • Verify the token binding type matches the requirements.
  • Configure access, refresh, and id token expiry times.
  • Provide the correct certificate. Learn more
  • Securing application secrets in the clients.

An application’s client secret and client ID can be used to invoke APIs. Hence, securely store and minimize access to only authorized people for your applications' client id and client secret.

# Connections

Verify authorized redirect URL and home page URL of social connections are updated with the production environment's values.

# Branding

By default, Asgardeo interfaces presented to users are themed according to Asgardeo’s default branding. Make sure to customize the UIs according to your organization’s branding styles. The following is the list of branding changes required. Learn more

General To ensure the readiness of the general branding of your organizations:

  • Configure the site title.
  • Configure the Copyright Text.
  • Configure the help email for the organization where end-users need to contact your organization for help.

Design To ensure the readiness of the design branding of your organizations:

  • Configure logo, favicon, and side images.
  • Configure the heading text.
  • Customize branding styles to UIs provided by Asgardeo provided according to your organization’s branding guidelines.

Advanced To ensure the readiness of the advanced branding of your organizations:

  • Configure the Cookie Policy.
  • Configure the Privacy Policy.
  • Configure the Terms of Service.
  • Configure the Self Signup page.

# Using a custom domain

By default, the interfaces provided by Asgardeo (such as the login page) are presented to your end users over Asgardeo domains. You can customize the URL domain to your organization-preferred host. Learn more

The free-tier users do not have the capability to configure domain branding.

# Customize email template

By default, all the emails triggered by Asgardeo for your end users have Asgardeo’s default branding. If you wish to change the branding and content of the emails, you can customize them via the APIs. Learn more

Asgardeo rolled out this feature on Sep 20, 2022. Therefore this new feature is only applied to the Asgardeo organizations created after Sep 20, 2022. If you wish to use that capability for older organizations, you can send a request to the Asgardeo team at [email protected].

# Manage subscriptions

Make sure to check the resource limits to verify the allowed Monthly Active User (MAU) limits, groups, etc., to ensure your scaling requirements are within the range of your subscription. Learn more

© 2024 WSO2 LLC.