Testing the SaaS Journeys That Break Across Tabs, Tenants, Regions, and Email
The most important SaaS workflows rarely stay inside one clean browser tab. A user starts on the application, opens an OAuth popup, completes MFA, returns to the original tab, receives an email, follows a verification link, and lands on a different domain. Their account belongs to one tenant, their data is stored in a particular region, and their locale changes the date format that the test expected. Each step may work in isolation. The complete journey still fails. That is why testing SaaS applications requires more than a collection of page-level tests. The real risk lives in the handoffs between systems, identities, windows, tenants, regions, and communication channels. Authentication is a state machine, not a login form A simple login test usually covers one path: Enter email and password. Submit. Reach the dashboard. Real authentication has many branches: OAuth consent already granted. OAuth consent required. Popup blocked. Identity provider opens in a new tab. MFA requested. MFA remembered on the device. Session expired during the handoff. User belongs to multiple organizations. Original tab resumes before the token is available. Callback lands on the wrong environment. This review of testing OAuth popups, MFA prompts, and cross-tab login handoffs with Endtest highlights the operational difficulty of these flows. Model authentication as a state machine. Record the expected transitions and test the failure paths between them. For example: Unauthenticated → OAuth opened → Provider authenticated → Callback received → Session created → Tenant selected → Application ready A test that only checks the last page cannot tell you where the handoff failed. Capture: Current window and newly opened windows. Redirect URLs and callback parameters. Cookie and storage changes. Network failures during token exchange. Visible provider errors. The tenant selected after authentication. Whether the original tab updates automatically or requires refresh. Multi-tenant testing must pr