Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( Https ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Production deployment

Once you’ve tested your integration in our sandbox environment, you can request deployment to the Login.gov production environment.

Production endpoints

Our integration documentation includes endpoint urls for our sandbox environment https://idp.int.identitysandbox.gov/. Our production environment is located at https://secure.login.gov/. The URL path to each endpoint remains the same. Only the domain will change. For example, the authorization endpoint will change as follows:

Please be aware that the IDP certificate (X509 Certificate) in the production environment is different from the IDP certificate in the sandbox environment. The production IDP certificates can be found here:

Deployments

All changes to integrations between login.gov and your application must be reviewed and deployed. We ask for at least 1 week notice for new integrations and changes to existing integrations. Push Notification URLs may require 2 weeks notice in order to allow the domain for outbound communication. Regular deployments occur every Thursday by the close of the business day. If the regular deployment occurs on a holiday, then it will be completed the following Monday.

Confirm IAA

You must have a signed IAA (Inter Agency Agreement) with login.gov with your integration explicitly listed in it in order to deploy to production. You will need to provide the IAA number this application will be billed under. The IAA number format will include GTC-Order-Mod (e.g. LGABCFY210001-0001-0000), where GTC stands for General Terms & Conditions. You may also hear these referred to as forms 7600A and 7600B.

Please reach out to your agency IAA contact if you have any questions. If your agency does not already have an IAA, then ask your agency contact to reach out to partners@login.gov to begin the IAA process, which can take up to 6 weeks to complete.

Staging environment

Many partners choose to create a separate staging app in our sandbox environment for testing their staging environment, because changes take effect immediately without waiting for review and deployment.

If you are testing an IAL2 integration, then we also offer an ATO-ed staging environment for limited testing. You must have a signed IAA in order to deploy to Staging. Our staging environment is approved for PII, which can be useful in certain test cases. However, any configuration changes in the staging environment must be reviewed and deployed.

If you wish to deploy an application to our staging environment, then create a “staging” configuration app like the “production” configuration app described in the next section.

Production configuration

Before you can deploy your application to the production environment, you will need to create a separate app on our dashboard that contains your production certificate, urls and logo. Here are the steps to complete your production configuration app:

  1. Create a new app on the dashboard https://dashboard.int.identitysandbox.gov/
  2. Enter a Friendly Name with “Production” in the title
  3. Enter the production urls and configuration into the app

Please note: The following items are required to promote your app to production:

  • All production urls should have .gov .mil or a dedicated .com address and point to an ATO-ed environment.
  • You must include a logo for your application. You can find the logo guidelines here.
  • If this is a SAML integration (Not OpenID Connect), then please ensure that:
    • Assertion Consumer Logout Service URL is defined.
    • SAML Assertion Encryption is enabled.
      • If you are using a service which does not support SAML encryption, then please send a message to partners@login.gov for further guidance.

Request deployment

Once you have:

  1. Confirmed that this integration is listed in a signed IAA
  2. Created a production configuration

Please submit the login.gov production integration request form.

Changes to production applications

Please update your production configuration app in the dashboard and test the changes you wish to deploy. After you have confirmed the change, then please submit the login.gov integration change request form.