This phase validates the behavior of your SSO configuration using the AFS UAT environment. It confirms your IdP is communicating correctly with AFS and that assertions, user attributes, and provisioning logic are functioning as intended.

UAT Checklist

Use the following checklist to guide your testing in the UAT environment:

Authentication & Connection

• Confirm the required Entity ID, Sign On URL, and Certificate settings have been configured correctly in AFS UAT portal

• Confirm the optional Log Out URL, Force SSO, and Auto-Provision Users settings have been configured correctly in AFS UAT portal

• Ensure users can be redirected from the AFS UAT portal to the IdP (SP-initiated)

• Ensure the IdP can initiate login and post a valid SAML Response to AFS (IdP-initiated)

User Creation Behavior

If automated user provisioning is disabled:

• Create test users in the UAT portal prior to testing login flows

If automated user provisioning is enabled:

• Confirm new users are created automatically upon successful login

• Validate existing users are updated with the latest provided attributes

• If UserRoles is provided, confirm the correct roles and accounts are assigned to the user

• If Status is provided, determine if the user is Active, Disabled, or Deleted

• If BusinessClientId is provided, confirm the user is assigned to the correct Business Client (Positive Pay only)

Portal Access Behavior

• Confirm users are not able to login directly to the portal if Force SSO is enabled

• Validate logout behavior redirect users to the appropriate URL if a Log Out URL is defined