feat(ui): replace the SSO setup confirmation step with an Activate step

[iagodahlem]

Summary

Replaces the final step of the self-serve SSO setup wizard — previously a static "Confirmation" summary — with an explicit Activate step, so configuring a connection and turning it on become distinct, intentional actions.

After the Test step, the user lands on Activate:

• Confirms the connection is configured ("SSO connection configured"), noting that once activated, anyone signing in with the verified domain must use the identity provider
• Activate SSO — activates the connection and returns to the Security overview
• Skip for now — returns to the overview without activating (they can activate later)

Also renames the wizard step labels to Domains → Connection → Test → Activate.

Follows #8864 (Security ↔ wizard navigation).

Test plan

• Configure and test a connection, land on Activate, click Activate SSO → connection becomes active, returns to the Security overview
• On Activate, click Skip for now → returns to the overview, connection stays inactive
• ConfigureSSO + OrganizationSecurityPage unit suites pass

Summary by CodeRabbit

• New Features
  • Added an explicit Activate step to the SSO setup flow after configuration and testing, with Activate SSO or Skip for now (including an “active” state with a Done button).
  • Updated step labels in the wizard to Domains → Connection → Test → Activate.
  • Enabled appearance theming hooks for the new SSO Activate step.
• Refactor
  • Replaced the prior static confirmation experience with the interactive activation flow.
• Tests
  • Added/updated navigation and component tests to cover activation/active-state behavior.

[changeset-bot]

🦋 Changeset detected

Latest commit: b705adc

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 21 packages

Name	Type
@clerk/localizations	Patch
@clerk/shared	Patch
@clerk/ui	Patch
@clerk/react	Patch
@clerk/astro	Patch
@clerk/backend	Patch
@clerk/chrome-extension	Patch
@clerk/clerk-js	Patch
@clerk/expo-passkeys	Patch
@clerk/expo	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/hono	Patch
@clerk/msw	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch
@clerk/vue	Patch
@clerk/swingset	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jun 17, 2026 6:48pm
swingset	Ready	Preview, Comment	Jun 17, 2026 6:48pm

[coderabbitai]

📝 Walkthrough

Walkthrough

The Configure SSO wizard's final step is changed from a static ConfirmationStep to an interactive ActivateStep. The new step lets users explicitly activate an enterprise SSO connection or skip activation for later. Localization keys, appearance element descriptors, WizardStepId types, stepper labels, and tests are all updated accordingly.

Changes

SSO Wizard: Replace ConfirmationStep with ActivateStep

Layer / File(s)	Summary
Type contracts and localization keys packages/ui/src/components/ConfigureSSO/types.ts, packages/shared/src/types/localization.ts, packages/localizations/src/en-US.ts, packages/ui/src/customizables/elementDescriptors.ts, packages/ui/src/internal/appearance.ts, packages/ui/src/elements/contexts/index.tsx, packages/ui/src/icons/index.ts	WizardStepId changes 'confirmation' → 'activate'; localization confirmation block replaced with activate (title, domain-parameterized subtitle, activateButton, skipButton, activeTitle, activeSubtitle, doneButton); six new configureSSOActivate* appearance keys added; FlowMetadata.part gains 'ssoActivate'; DuotoneShieldCheck icon exported.
ActivateStep component packages/ui/src/components/ConfigureSSO/steps/ActivateStep.tsx, packages/ui/src/components/ConfigureSSO/steps/index.ts, packages/ui/src/components/ConfigureSSO/elements/Step.tsx	New ActivateStep derives a domain string from the enterprise connection, implements an async handleActivate (calls setConnectionActive, triggers onExit, surfaces errors via card state), and renders title/subtitle, conditional error alert, and activate/skip buttons (or done button when already active). ConfirmationStep removed. Barrel updated; FooterReset localization key corrected to resetConnectionDialog.resetButton.
Wizard step wiring packages/ui/src/components/ConfigureSSO/ConfigureSSOWizard.tsx	Imports ActivateStep instead of ConfirmationStep; renames stepper labels to Domains/Connection/Activate; final step definition changed to 'activate' with hasSuccessfulTestRun || isActive guard; Wizard.Match block now renders ActivateStep within CardStateProvider.
Tests packages/ui/src/components/ConfigureSSO/steps/__tests__/ActivateStep.test.tsx, packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx, packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.navigation.test.tsx	New ActivateStep unit tests cover rendering, single/multi-domain subtitle interpolation, activation success/failure, skip, and already-active state. Existing wizard tests updated to assert activate-step text for active and successful-test-run scenarios, and to verify test step displays when no successful test run. New navigation test verifies renamed stepper labels and activate-step short-circuit.
Changeset .changeset/moody-carrots-make.md	Patch release changeset for @clerk/localizations, @clerk/shared, and @clerk/ui documenting the activate-step change.

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant ConfigureSSOWizard
  participant ActivateStep
  participant CardState
  participant ClerkAPI

  User->>ConfigureSSOWizard: completes test step (hasSuccessfulTestRun=true)
  ConfigureSSOWizard->>ActivateStep: render activate step
  ActivateStep-->>User: show title, domain subtitle, Activate/Skip buttons

  alt User clicks "Activate SSO"
    User->>ActivateStep: click Activate SSO
    ActivateStep->>CardState: setLoading(true)
    ActivateStep->>ClerkAPI: setConnectionActive(id, true)
    ClerkAPI-->>ActivateStep: success
    ActivateStep->>ConfigureSSOWizard: onExit()
  else User clicks "Skip for now"
    User->>ActivateStep: click Skip for now
    ActivateStep->>ConfigureSSOWizard: onExit()
  else Activation fails
    ClerkAPI-->>ActivateStep: ClerkRuntimeError
    ActivateStep->>CardState: handleError(err)
    ActivateStep-->>User: show error alert
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• clerk/javascript#8799: Extracts and rewires the Configure SSO flow into ConfigureSSOWizard, which this PR then modifies to replace the terminal step.
• clerk/javascript#8864: Changes ConfigureSSOWizard header/initial-step/exit wiring via ConfigureSSOContext.onExit, which the new ActivateStep depends on.
• clerk/javascript#8813: Modifies ConfirmationStep and ResetConnectionDialog behavior, overlapping with the component removal in this PR.

Suggested reviewers

• LauraBeatris

🐰 The confirmation page has left the chat,
An Activate button now tips its hat.
Click to go live, or skip for the day,
The shield icon guards while you find your way.
Hop along, SSO—you're here to stay! 🛡️

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: replacing the SSO setup confirmation step with an Activate step, which is the primary focus across the entire changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8882

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8882

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8882

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8882

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8882

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8882

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8882

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8882

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8882

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8882

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8882

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8882

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8882

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8882

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8882

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8882

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8882

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8882

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8882

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8882

commit: b705adc

[github-actions]

API Changes Report

Generated by Break Check on 2026-06-17T18:51:20.480Z

Summary

Metric	Count
Packages analyzed	19
Packages with changes	2
🔴 Breaking changes	0
🟡 Non-breaking changes	2
🟢 Additions	0

🤖 This report was reviewed by claude-sonnet-4-6.

---

@clerk/shared

Current version: 4.18.0
Recommended bump: MINOR → 4.19.0

Subpath ./types

🟡 Non-breaking Changes (1)

Modified: __internal_LocalizationResource

// ... 1765 unchanged lines elided ...
          };
        };
      };
-     confirmation: {
-       statusSection: {
-         title: LocalizationValue;
-         activeBadge: LocalizationValue;
-         inactiveBadge: LocalizationValue;
-       };
-       enableSection: {
-         title: LocalizationValue;
-       };
-       domainSection: {
-         title: LocalizationValue;
-       };
-       configurationSection: {
-         title: LocalizationValue;
-         ssoUrlLabel: LocalizationValue;
-         issuerLabel: LocalizationValue;
-         certificateLabel: LocalizationValue;
-         configureAgainLink: LocalizationValue;
-       };
-       resetSection: {
-         title: LocalizationValue;
-         warning: LocalizationValue;
-         confirmationFieldLabel: LocalizationValue<'name'>;
-         submitButton: LocalizationValue;
-       };
-       inactiveBanner: {
-         title: LocalizationValue;
-       };
+     activate: {
+       title: LocalizationValue;
+       subtitle: LocalizationValue<'domain'>;
+       activateButton: LocalizationValue;
+       skipButton: LocalizationValue;
+       activeTitle: LocalizationValue;
+       activeSubtitle: LocalizationValue<'domain'>;
+       doneButton: LocalizationValue;
      };
    };
    apiKeys: {
// ... 153 unchanged lines elided ...

Static analyzer: Breaking change in type alias __internal_LocalizationResource: Type changed: {locale:string;maintenanceMode:import("@clerk/shared").LocalizationValue;roles:{[r:string]:import("@clerk/shared").Loca… → {locale:string;maintenanceMode:import("@clerk/shared").LocalizationValue;roles:{[r:string]:import("@clerk/shared").Loca…

🤖 AI review (reclassified as non-breaking) (60%): The visible structure of __internal_LocalizationResource is identical in both snippets; the only diff is '1872 lines elided' vs '1852 lines elided', suggesting ~20 lines were removed from the middle section. __internal_LocalizationResource is used as the source type for LocalizationResource which extends DeepPartial<DeepLocalizationWithoutObjects<__internal_LocalizationResource>>, meaning consumers only read/implement this as an output/partial shape — any removed fields would only affect consumers who explicitly reference those removed keys. Without seeing which specific fields were dropped, confidence is reduced, but since all visible required fields remain unchanged and the type is consumed via DeepPartial, removal of fields is non-breaking for consumers of LocalizationResource.

---

@clerk/ui

Current version: 1.17.0
Recommended bump: MINOR → 1.18.0

Subpath ./internal

🟡 Non-breaking Changes (1)

Modified: ElementsConfig

// ... 523 unchanged lines elided ...
    configureSSOTestRunHowToFixDocsLink: WithOptions;
    configureSSOTestRunParsedUserInfo: WithOptions;
    configureSSOTestError: WithOptions;
-   configureSSOConfirmationStatusBadge: WithOptions<string>;
-   configureSSOConfirmationDomainLink: WithOptions;
-   configureSSOConfirmationConfigDetailsLabel: WithOptions;
-   configureSSOConfirmationConfigDetailsValue: WithOptions;
-   configureSSOConfirmationConfigDetailsLink: WithOptions;
-   configureSSOConfirmationInactiveBanner: WithOptions;
-   configureSSOConfirmationReconfigureButton: WithOptions;
-   configureSSOConfirmationResetButton: WithOptions;
+   configureSSOActivate: WithOptions;
+   configureSSOActivateIcon: WithOptions;
+   configureSSOActivateTitle: WithOptions;
+   configureSSOActivateSubtitle: WithOptions;
+   configureSSOActivateButton: WithOptions;
+   configureSSOActivateSkipButton: WithOptions;
    configureSSOResetConnectionDialog: WithOptions;
    configureSSOResetConnectionDialogCancelButton: WithOptions;
    configureSSOResetConnectionDialogConfirmationInput: WithOptions;
// ... 11 unchanged lines elided ...

Static analyzer: Breaking change in type alias ElementsConfig: Type changed: {button:import("@clerk/ui").~WithOptions<string>;input:import("@clerk/ui").~WithOptions;checkbox:import("@clerk/ui").~W… → {button:import("@clerk/ui").~WithOptions<string>;input:import("@clerk/ui").~WithOptions;checkbox:import("@clerk/ui").~W…

🤖 AI review (reclassified as non-breaking) (90%): The change only adds new keys (configureSSOActivate, configureSSOActivateIcon, configureSSOActivateTitle, configureSSOActivateSubtitle, configureSSOActivateButton, configureSSOActivateSkipButton) to ElementsConfig and removes configureSSOConfirmation* keys; ElementsConfig is used exclusively as the index source for the output Elements type alias, not as a consumer-provided input type, so consumers never construct values of this type — they only read the resulting Elements union.

---

Report generated by Break Check

_{Last ran on b705adc.}

[coderabbitai]

🧹 Nitpick comments (1)

packages/ui/src/components/ConfigureSSO/steps/index.ts (1)

1-1: ⚡ Quick win

Avoid expanding the steps/index.ts barrel.

This adds another re-export to an index.ts barrel; prefer direct imports (e.g., ./ActivateStep) in callers to keep dependency edges explicit and reduce circular-dependency risk.

As per coding guidelines, **/index.ts: “Avoid barrel files (index.ts re-exports) as they can cause circular dependencies.”

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/ui/src/components/ConfigureSSO/steps/index.ts` at line 1, The export
statement in steps/index.ts is a barrel re-export that violates coding
guidelines and increases circular-dependency risk. Remove the `export {
ActivateStep } from './ActivateStep'` statement from the index.ts file and
update all callers to use direct imports instead, importing ActivateStep
directly from `./ActivateStep` rather than from the barrel file.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@packages/ui/src/components/ConfigureSSO/steps/index.ts`:
- Line 1: The export statement in steps/index.ts is a barrel re-export that
violates coding guidelines and increases circular-dependency risk. Remove the
`export { ActivateStep } from './ActivateStep'` statement from the index.ts file
and update all callers to use direct imports instead, importing ActivateStep
directly from `./ActivateStep` rather than from the barrel file.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 4f1edacc-05b0-4cb1-9b61-1eeb1517222c

📥 Commits

Reviewing files that changed from the base of the PR and between d97a887 and 5b650fd.

⛔ Files ignored due to path filters (1)

• packages/ui/src/icons/duotone-shield-check.svg is excluded by !**/*.svg

📒 Files selected for processing (16)

• .changeset/moody-carrots-make.md
• packages/localizations/src/en-US.ts
• packages/shared/src/types/localization.ts
• packages/ui/src/components/ConfigureSSO/ConfigureSSOWizard.tsx
• packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.navigation.test.tsx
• packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx
• packages/ui/src/components/ConfigureSSO/elements/Step.tsx
• packages/ui/src/components/ConfigureSSO/steps/ActivateStep.tsx
• packages/ui/src/components/ConfigureSSO/steps/ConfirmationStep.tsx
• packages/ui/src/components/ConfigureSSO/steps/__tests__/ActivateStep.test.tsx
• packages/ui/src/components/ConfigureSSO/steps/index.ts
• packages/ui/src/components/ConfigureSSO/types.ts
• packages/ui/src/customizables/elementDescriptors.ts
• packages/ui/src/elements/contexts/index.tsx
• packages/ui/src/icons/index.ts
• packages/ui/src/internal/appearance.ts

💤 Files with no reviewable changes (1)

• packages/ui/src/components/ConfigureSSO/steps/ConfirmationStep.tsx

[LauraBeatris]

I don't see references on the codebase of relying on px as unit for maxWidth, perhaps we should rely on sizes from the theme variable or REM

[LauraBeatris]

We just need to follow up with product design to get the UI prototype updated for when the user lands on this screen with an already enabled connection

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/ui/src/components/ConfigureSSO/steps/ActivateStep.tsx (1)

33-35: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Validate activation result before exiting the flow.

At Line 33, setConnectionActive can resolve to undefined per its contract, but Line 34 still calls onExit?.(). That can navigate away without a confirmed activation.

Suggested fix

-      await setConnectionActive(enterpriseConnection.id, true);
-      onExit?.();
+      const updatedConnection = await setConnectionActive(enterpriseConnection.id, true);
+      if (!updatedConnection) {
+        throw new Error('Failed to activate SSO connection.');
+      }
+      onExit?.();

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/ui/src/components/ConfigureSSO/steps/ActivateStep.tsx` around lines
33 - 35, The code calls onExit?.() on line 34 without validating that
setConnectionActive actually succeeded. Since setConnectionActive can resolve to
undefined per its contract, the flow may navigate away without confirming
activation. Capture the return value of the setConnectionActive call for
enterpriseConnection.id and only invoke onExit?.() if the result confirms
successful activation, preventing navigation when activation fails or returns
undefined.

🧹 Nitpick comments (1)

packages/ui/src/components/ConfigureSSO/steps/__tests__/ActivateStep.test.tsx (1)

81-91: ⚡ Quick win

Add a regression test for nullable activation results.

Please add a case where setConnectionActive resolves undefined and assert onExit is not called. This protects the nullable mutation contract edge case.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/ui/src/components/ConfigureSSO/steps/__tests__/ActivateStep.test.tsx`
around lines 81 - 91, Add a new test case in the ActivateStep.test.tsx file that
tests the scenario where setConnectionActive resolves to undefined instead of a
valid response object. In this new test, mock setConnectionActive to resolve
with undefined, render the step, click the "Activate SSO" button, and then
assert that onExit is not called (verify it was called zero times). This ensures
the component properly handles the nullable return value from
setConnectionActive and does not incorrectly exit when the activation result is
undefined.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@packages/ui/src/components/ConfigureSSO/steps/ActivateStep.tsx`:
- Around line 33-35: The code calls onExit?.() on line 34 without validating
that setConnectionActive actually succeeded. Since setConnectionActive can
resolve to undefined per its contract, the flow may navigate away without
confirming activation. Capture the return value of the setConnectionActive call
for enterpriseConnection.id and only invoke onExit?.() if the result confirms
successful activation, preventing navigation when activation fails or returns
undefined.

---

Nitpick comments:
In
`@packages/ui/src/components/ConfigureSSO/steps/__tests__/ActivateStep.test.tsx`:
- Around line 81-91: Add a new test case in the ActivateStep.test.tsx file that
tests the scenario where setConnectionActive resolves to undefined instead of a
valid response object. In this new test, mock setConnectionActive to resolve
with undefined, render the step, click the "Activate SSO" button, and then
assert that onExit is not called (verify it was called zero times). This ensures
the component properly handles the nullable return value from
setConnectionActive and does not incorrectly exit when the activation result is
undefined.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: ab01f162-2729-48f3-bfaf-23c9aa75c543

📥 Commits

Reviewing files that changed from the base of the PR and between 24f4ee0 and b705adc.

📒 Files selected for processing (6)

• packages/localizations/src/en-US.ts
• packages/shared/src/types/localization.ts
• packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.navigation.test.tsx
• packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx
• packages/ui/src/components/ConfigureSSO/steps/ActivateStep.tsx
• packages/ui/src/components/ConfigureSSO/steps/__tests__/ActivateStep.test.tsx

✅ Files skipped from review due to trivial changes (1)

• packages/localizations/src/en-US.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/shared/src/types/localization.ts