Skip to content

Go Live

Use this page before real users depend on your SigID workspace.

Going live means the business settings, support process, and developer integration are ready together. Do not treat sign-in as ready until users can start in the real app, complete SigID sign-in, and return to the app.

Production Checklist

Area Check
Billing Billing owner, plan, and invoicing path are confirmed.
Support Users know where to get help for login, recovery, and account questions.
Domains Production domains, redirect URLs, and allowed origins are registered exactly.
Branding App name, logo, and consent prompts match what users recognize.
Login methods Passkeys, passwords, magic links, MFA, and SSO choices are tested.
Secrets Client secrets and webhook secrets are stored outside browser code.
Tokens Developers confirm backend token validation checks issuer, audience, tenant, expiry, scopes, and subject type.
Webhooks Receivers verify signatures and handle retries safely, if events are used.
SSO Enterprise login and fallback process are tested, if SSO is used.
Audit Operators can review important identity and access events.
Recovery Account recovery expectations are documented.

Launch Sign-Off

Before launch, run one complete test as each audience:

  • an individual starts from the app, signs in with SigID, and returns to the app
  • a business operator updates a user, app, or organization setting
  • a developer verifies the backend rejects an invalid token
  • an SSO user completes SSO, if applicable
  • support can explain what to do when login or recovery fails

Rollback Plan

Keep a rollback plan for:

  • sign-in method changes
  • redirect URL mistakes
  • SSO misconfiguration
  • app branding mistakes
  • bad scopes or consent prompts
  • webhook receiver failures
  • backend token validation errors

If launch fails, tell users to return to the original app or support channel instead of trying random SigID links.