Production Readiness Checks: Non-Critical Fixes
The following checks see if you’ve completed all recommendations (which are optional) for successful deployment to Production.
For more information about your checks output, see Run Production Checks.
| Check | Description |
|---|---|
| Configure Log Streaming | Ensure you stream tenant log entries to an external storage location or provider. We recommend that you configure a log streaming service to retain logs over 30 days and enable better analysis and alerting. |
| Custom Domain should be configured | Use custom domains with Universal Login for the most seamless and secure experience for your end users. |
| Custom Error Page should be configured | Configure a Custom Error Page with your application-specific details and corporate branding. |
| Enable Universal Login | Ensure you’re using the latest version of Universal Login. We recommend updating your login page from the Classic experience to Universal Login to benefit from better accessibility and performance, no-code customization, and new features. |
| Email Templates should be configured | Configure custom email templates with your application specific details and corporate branding. |
| Multi-factor Auth should be configured | It is recommended that you consider multifactor authentication as a secure practice for authenticating your users. |
| MFA for Tenant Administrators is enabled | Enable multi-factor authentication for tenant administrators. |
| Redirect Logout URL should be defined | Review the Allowed Redirect Logout URLs for your Application. |
| Applications should use RS256 instead of HS256 for JSON Web Token (JWT) Signature Algorithm | Set the JSON Web Token (JWT) Signature Algorithm to RS256 instead of HS256 for each application. |
| Set Application Login URI | Indicate a Application Login URI for all interactive Applications. |
| Set Tenant Allowed Logout URL | Create at least one publicly-accessible logout route and update tenant settings to point there. |
| Set Tenant Login URI | Publish a default login route and update your tenant settings to point there. |
| Enable WCAG 2.2 AA Compliant UI for Universal Login | Use of legacy non-compliant UI for Universal Login is deprecated. The ability to opt-in will be removed in a future release. |