Adding Test SSNs to the Sandbox for Partners
By default, the Login.gov sandbox only permits users going through the Identity Verification workflow to enter Social Security Numbers (SSNs) that begin with either
666 since they are guaranteed not to be valid1.
On rare occasions, a partner may require us to permit a validly-formatted SSN in the sandbox so that validations in downstream systems pass during testing. If this is the case, we can update the configuration of the IdP to permit specific SSNs.
- Have the partner provide a list of specific SSNs that need to be permitted
- Have the latest version of the
- Have sandbox access in AWS and AWS Vault set up
Update the IdP Configuration
From the devops repo, run the following command to edit the configuration file for the IdP in the sandbox (see the Secrets and Configuration page for more details:
bin/awsv sandbox bin/app-s3-secret --app idp --env int --edit
This should open the
application.yml file for the sandbox IdP in your text editor. Edit the
test_ssn_allowed_list config value to add additional SSNs - the setting should be written as a comma-separated string of SSNs with no dashes or spaces, e.g.
Save and quit your text editor and confirm that the diff looks correct to save the file. The changes will take effect when the sandbox environment recycles, which happens automatically most weekdays. If the change needs to take effect immediately, you can recycle the sandbox environment with this command.
aws-vault exec sandbox-power -- ./bin/asg-recycle int idp