Test Entra ID integrations

You can create end-to-end integration tests for applications using Entra ID Single Sign-On (SSO). Use test users in development and staging environments to test your GitHub pull request pipelines.

Request test users

The Identity and Access Management (IDAM) team provides test users in the DEVL environment for automated testing.

To get test users and configure your application registration:

1. Raise a demand request with the Demand team.
2. Wait for the IDAM team to create the users and configure your application registration.

Configure multifactor authentication (MFA)

Security Warning: Your automated testing framework must support MFA. We cannot disable MFA for automated test accounts in the development tenant.

Most testing frameworks handle MFA by generating and storing an MFA seed during the test user’s first login.

Review the following examples to see how to configure MFA in popular frameworks:

• Playwright
• ZAP

Restrict automated testing to the DEVL environment

Compliance Note: Do not run automated tests against the NLE (Non-Live Environment) or LIVE environments.

Testing in NLE or LIVE violates security and governance standards for the following reasons:

• Conditional Access Policies block logins from GitHub ephemeral environments.
• Compliance rules block automated access for NLE and LIVE users.
• Shared generic test user passwords create security risks and can break pipelines if disabled.

Only include the Entra ID login flow in your DEVL integration tests.

Mock the OAuth provider

Use a mock OAuth provider in your pipelines for NLE and LIVE testing. This gives you full control over authorisation scenarios and provides faster feedback.

Review the OPG Sirius mock OAuth provider codebase for an example Entra ID integration.

Related documentation

• Tenant Overview
• Integration Testing
• Token Lifetime Policy

Resources

• EUCS IDAM Team Shared Inbox