--- title: Step 5. Authenticate to AM description: After you've completed Step 4. Configure AM, you can use the myAuthTree you created to authenticate bjensen in the alpha realm. component: pingam version: 8.1 page_id: pingam:evaluation:step-5-try-am canonical_url: https://docs.pingidentity.com/pingam/8.1/evaluation/step-5-try-am.html keywords: ["Evaluation", "Authentication", "Sessions"] page_aliases: ["eval-guide:step-5-try-am.adoc"] --- # Step 5. Authenticate to AM After you've completed [Step 4. Configure AM](step-4-configure-am.html), you can use the `myAuthTree` you created to authenticate `bjensen` in the `alpha` realm. To test your authentication tree in a web browser, go to a URL similar to the following: ```none http://am.example.com:8080/am/XUI/?realm=alpha&service=myAuthTree ``` Use the correct FQDN, port number, and deployment path for your environment. Also make sure you use the correct authentication tree name and realm. In the example above, the tree is named `myAuthTree` and the realm is called `alpha`. Log in as `bjensen`, with the password `Ch4ng31t`. ![Log in as bjensen as described in the instructions.](_images/openam-login.png) On successful login, AM creates a cookie named `iPlanetDirectoryPro` in your browser for your domain; for example, `example.com`. That cookie is then available to all servers in the `example.com` domain, such as `am.example.com`. If you examine this cookie, you see that it has a value such as `AQI5wM2L...*AAJTS...`. This is the SSO token value. The value is an encrypted reference to the session that is stored only by AM. Only AM can determine whether you are actually logged in, or whether the authenticated session is no longer valid, and you need to reauthenticate. The AM authenticated session is used for SSO. When the browser presents the cookie to a server in the domain, the agent on the server can check with AM using the SSO Token as a reference to the session. This lets AM make policy decisions based on who is authenticated, or prompt for additional authentication, if necessary. Your authenticated session can end in a few ways. For example, when examining the cookie in your browser, you should notice that it expires when the browser session ends (when you shut down your browser). Alternatively, you can log out of AM explicitly. Authenticated sessions can also expire. AM sets two limits: one that causes your authenticated session to expire if it remains inactive for a configurable period of time (default: 30 minutes), and another that caps the authenticated session lifetime (default: 2 hours). Congratulations on authenticating your first user with AM! See what else can AM do for you by reading [Next steps](next-steps.html).