Pre-Production Testing

Before you deploy your application to production, you MUST confirm that it meets the application requirements and that you have completed the integration requirements. To confirm, follow the verification steps below in your STG environment and DoITT's NYC.ID NON-PRD environment.

	Requirements	Verification Steps
	Application Header	Verify that your Application Header: appears at the very top—above all content and navigation elements—of all pages within your application, and includes the correct elements—the official NYC logo, application name, Log In link, Profile link, Log Out link, and divider.
	Brand Banner, if implemented	Verify that your Brand Banner: appears on the Login page, appears on the Create Account page after the Create Account link is clicked on the Login page, appears on the Forgot Password page after the Forgot Password link is clicked on the Login page, and appears on the Create Account page when linked to from your application. appears on the Account Profile: Email Address page when linked to from your application.
	Email Validation Web Service	If your application does not authorize users with usernames, follow these steps: log in to your application with a username, and verify that you are prompted to change your username to an email address. If your application only authorizes users with validated email addresses, follow these steps: log in to your application with an un-validated email address, and verify that you are prompted to validate your email address. NOTE: After validating your email address, your application should detect that you have a validated email address without asking you to log out and log in.
	Enrollment	To verify this step: log in to your application, log in to your Account Profile, verify that your application appears in the list of enrolled applications, click the link with your application name, and verify that the link takes you to your application. NOTE: If the link does not take you to your application, refer to the Frequently Asked Questions page to learn what to do.
	Login, and, if implemented, login via federated identity providers	Verify that you can log in to your application using: a NYC.ID account, and a NYC Employees account, and a Facebook account, with and without providing your email address, and a Google account, and a LinkedIn account, and a Microsoft account, and a Yahoo account.
	Logout	To verify this step: log in to your application, log out of your application, click the login link within your application, and verify that you are prompted to log in, then visit the Login page, and verify that you are not logged in.
	SAML 2.0 Single Logout	Verify that logging out of your application destroys the user's active session with all applications he or she is logged into via these steps: Part 1: Logging out of your application via Account Profile: log in to your application, visit your Account Profile, log out of your Account Profile by clicking the Logout link, verify that the Logout Success page displays, visit your application, and verify that you are no longer logged in. Part 2: Logging out of Account Profile via your application: log in to your Account Profile, log in to your application, log out of your application, visit your Account Profile, and verify that you are not logged in.
	Session Timeout Warning	Verify that your application displays a Session Timeout Warning Dialog on all pages where the user is authenticated, even if he or she has not yet been authorized to use your application.