--- title: Step 4. Authenticate to AM description: Now that you have completed Step 3. Configure AM, you can use the myAuthTree tree you created to authenticate a user. component: pingam version: 7.5 page_id: pingam:evaluation:step-4-try-am canonical_url: https://docs.pingidentity.com/pingam/7.5/evaluation/step-4-try-am.html keywords: ["Evaluation", "Authentication", "Sessions"] page_aliases: ["eval-guide:step-4-try-am.adoc"] --- # Step 4. Authenticate to AM Now that you have completed [Step 3. Configure AM](step-3-configure-am.html), you can use the `myAuthTree` tree you created to authenticate a user. To test your authentication tree in a web browser, go to a URL similar to the following: ``` http://openam.example.com:8080/openam/XUI/?realm=/&service=myAuthTree#login ``` Use the correct FQDN, port number, and deployment path for your environment. Also ensure you use the correct authentication tree name, in the example above, the tree is named `myAuthTree`. Log in as the built-in `demo` user, with the password `Ch4ng31t`. ![Log in as the default demo user as described in the instructions.](_images/openam-login.png) On successful login, AM creates a cookie named `iPlanetDirectoryPro` in your browser for your domain; for example, `example.com`. That cookie is then available to all servers in the `example.com` domain, such as `openam.example.com`. If you examine this cookie, you see that it has a value such as `AQI5wM2L...*AAJTS...`. This is the SSO token value. The value is an encrypted reference to the session that is stored only by AM. Only AM can determine whether you are actually logged in, or whether the session is no longer valid, and you need to reauthenticate. The AM session is used for SSO. When the browser presents the cookie to a server in the domain, the agent on the server can check with AM using the SSO Token as a reference to the session. This lets AM make policy decisions based on who is authenticated, or prompt for additional authentication, if necessary. Your SSO session can end in a few ways. For example, when examining the cookie in your browser, you should notice that it expires when the browser session ends (when you shut down your browser). Alternatively, you can log out of AM explicitly. Sessions can also expire. AM sets two limits: one that causes your session to expire if it remains inactive for a configurable period of time (default: 30 minutes), and another that caps the session lifetime (default: 2 hours). Congratulations on authenticating your first user with AM! See what else can AM do for you by reading [Next steps](next-steps.html).