From 25338c6c61da849cedaec4fd15be61e169a1cc48 Mon Sep 17 00:00:00 2001
From: Antoine LAURENT <antoine.laurent@inclusion.gouv.fr>
Date: Tue, 8 Oct 2024 11:05:30 +0200
Subject: [PATCH] pro_connect: Add a new SSO

---
 CHANGELOG_breaking_changes.md                 |   6 +
 config/settings/base.py                       |   6 +
 config/urls.py                                |   2 +
 itou/openid_connect/pro_connect/__init__.py   |   0
 itou/openid_connect/pro_connect/apps.py       |   6 +
 itou/openid_connect/pro_connect/constants.py  |  21 +
 itou/openid_connect/pro_connect/enums.py      |  10 +
 .../pro_connect/migrations/0001_initial.py    |  31 +
 .../pro_connect/migrations/__init__.py        |   0
 itou/openid_connect/pro_connect/models.py     |  63 ++
 itou/openid_connect/pro_connect/urls.py       |  13 +
 itou/openid_connect/pro_connect/views.py      | 350 +++++++
 itou/static/css/itou.css                      |  16 +
 itou/static/img/illustration-pc.svg           |  27 +
 itou/static/img/pro_connect_bouton.svg        |   1 +
 itou/static/img/pro_connect_bouton_hover.svg  |   1 +
 .../activate_inclusion_connect_account.html   |  75 +-
 itou/templates/account/login_generic.html     |  16 +-
 itou/templates/dashboard/edit_user_info.html  |  29 +-
 .../includes/description.html                 |  25 +-
 itou/users/adapter.py                         |   9 +
 itou/users/enums.py                           |   1 +
 itou/users/migrations/0001_initial.py         |   1 +
 itou/utils/perms/middleware.py                |   3 +-
 itou/www/dashboard/views.py                   |  11 +-
 itou/www/invitations_views/views.py           |  10 +-
 itou/www/login/views.py                       |  24 +-
 itou/www/signup/views.py                      |  30 +-
 .../openid_connect/inclusion_connect/test.py  | 127 ++-
 .../openid_connect/inclusion_connect/tests.py | 478 ++++-----
 tests/openid_connect/pro_connect/__init__.py  |   0
 tests/openid_connect/pro_connect/test.py      | 136 +++
 tests/openid_connect/pro_connect/tests.py     | 973 ++++++++++++++++++
 tests/openid_connect/test.py                  |  20 +
 ...ccount.py => test_activate_sso_account.py} |  37 +-
 tests/www/dashboard/test_edit_user_info.py    |  54 +-
 .../invitations_views/test_company_accept.py  | 207 ++--
 .../test_prescriber_organization.py           | 116 +--
 tests/www/login/tests.py                      | 100 +-
 tests/www/signup/test_prescriber.py           | 562 +++++-----
 tests/www/signup/test_siae.py                 | 263 +++--
 tests/www/welcoming_tour/tests.py             |  17 +-
 42 files changed, 2911 insertions(+), 966 deletions(-)
 create mode 100644 itou/openid_connect/pro_connect/__init__.py
 create mode 100644 itou/openid_connect/pro_connect/apps.py
 create mode 100644 itou/openid_connect/pro_connect/constants.py
 create mode 100644 itou/openid_connect/pro_connect/enums.py
 create mode 100644 itou/openid_connect/pro_connect/migrations/0001_initial.py
 create mode 100644 itou/openid_connect/pro_connect/migrations/__init__.py
 create mode 100644 itou/openid_connect/pro_connect/models.py
 create mode 100644 itou/openid_connect/pro_connect/urls.py
 create mode 100644 itou/openid_connect/pro_connect/views.py
 create mode 100644 itou/static/img/illustration-pc.svg
 create mode 100644 itou/static/img/pro_connect_bouton.svg
 create mode 100644 itou/static/img/pro_connect_bouton_hover.svg
 create mode 100644 tests/openid_connect/pro_connect/__init__.py
 create mode 100644 tests/openid_connect/pro_connect/test.py
 create mode 100644 tests/openid_connect/pro_connect/tests.py
 create mode 100644 tests/openid_connect/test.py
 rename tests/www/dashboard/{test_activate_ic_account.py => test_activate_sso_account.py} (68%)

diff --git a/CHANGELOG_breaking_changes.md b/CHANGELOG_breaking_changes.md
index 226e296140..5dc90f5d20 100644
--- a/CHANGELOG_breaking_changes.md
+++ b/CHANGELOG_breaking_changes.md
@@ -1,4 +1,10 @@
 # Journal des changements techniques majeurs
+## 2024-09-23
+
+- Ajout des variables d'environnement `PRO_CONNECT_*`
+  la recette ProConnect peut être utilisée en créant une recette jetable
+  et en suivant les indications de la note bitwarden
+
 ## 2024-09-22
 
 - Ajout de la variable d'environnement `API_PARTICULIER_TOKEN` pour appeler l'API en local.
diff --git a/config/settings/base.py b/config/settings/base.py
index 582a8f4613..e72c363074 100644
--- a/config/settings/base.py
+++ b/config/settings/base.py
@@ -84,6 +84,7 @@
     "itou.openid_connect.france_connect",
     "itou.openid_connect.inclusion_connect",
     "itou.openid_connect.pe_connect",
+    "itou.openid_connect.pro_connect",
     "itou.invitations",
     "itou.external_data",
     "itou.metabase",
@@ -417,6 +418,11 @@
 INCLUSION_CONNECT_CLIENT_ID = os.getenv("INCLUSION_CONNECT_CLIENT_ID")
 INCLUSION_CONNECT_CLIENT_SECRET = os.getenv("INCLUSION_CONNECT_CLIENT_SECRET")
 
+PRO_CONNECT_BASE_URL = os.getenv("PRO_CONNECT_BASE_URL")
+PRO_CONNECT_CLIENT_ID = os.getenv("PRO_CONNECT_CLIENT_ID")
+PRO_CONNECT_CLIENT_SECRET = os.getenv("PRO_CONNECT_CLIENT_SECRET")
+PRO_CONNECT_FT_IDP_HINT = os.getenv("PRO_CONNECT_FT_IDP_HINT")
+
 TALLY_URL = os.getenv("TALLY_URL")
 
 METABASE_HOST = os.getenv("METABASE_HOST")
diff --git a/config/urls.py b/config/urls.py
index 80b4402869..402026aac2 100644
--- a/config/urls.py
+++ b/config/urls.py
@@ -48,6 +48,8 @@
     path("franceconnect/", include("itou.openid_connect.france_connect.urls")),
     # Inclusion Connect URLs.
     path("inclusion_connect/", include("itou.openid_connect.inclusion_connect.urls")),
+    # ProConnect URLs.
+    path("pro_connect/", include("itou.openid_connect.pro_connect.urls")),
     # --------------------------------------------------------------------------------------
     # API.
     path("api/v1/", include("itou.api.urls", namespace="v1")),
diff --git a/itou/openid_connect/pro_connect/__init__.py b/itou/openid_connect/pro_connect/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/itou/openid_connect/pro_connect/apps.py b/itou/openid_connect/pro_connect/apps.py
new file mode 100644
index 0000000000..28aae3dd1a
--- /dev/null
+++ b/itou/openid_connect/pro_connect/apps.py
@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class ProConnectConfig(AppConfig):
+    name = "itou.openid_connect.pro_connect"
+    verbose_name = "ProConnect"
diff --git a/itou/openid_connect/pro_connect/constants.py b/itou/openid_connect/pro_connect/constants.py
new file mode 100644
index 0000000000..a1debea19b
--- /dev/null
+++ b/itou/openid_connect/pro_connect/constants.py
@@ -0,0 +1,21 @@
+from django.conf import settings
+
+
+# https://github.com/numerique-gouv/agentconnect-documentation/blob/main/doc_fs/donnees_fournies.md
+# We should not need to add the email, given_name and usual_name but it doesn"t work without them...
+PRO_CONNECT_SCOPES = "openid email given_name usual_name custom"
+
+PRO_CONNECT_CLIENT_ID = settings.PRO_CONNECT_CLIENT_ID
+PRO_CONNECT_CLIENT_SECRET = settings.PRO_CONNECT_CLIENT_SECRET
+
+PRO_CONNECT_ENDPOINT_AUTHORIZE = f"{settings.PRO_CONNECT_BASE_URL}/authorize"
+PRO_CONNECT_ENDPOINT_TOKEN = f"{settings.PRO_CONNECT_BASE_URL}/token"
+PRO_CONNECT_ENDPOINT_USERINFO = f"{settings.PRO_CONNECT_BASE_URL}/userinfo"
+PRO_CONNECT_ENDPOINT_LOGOUT = f"{settings.PRO_CONNECT_BASE_URL}/session/end"
+
+# This timeout (in seconds) has been chosen arbitrarily.
+PRO_CONNECT_TIMEOUT = 60
+
+PRO_CONNECT_SESSION_KEY = "pro_connect"
+
+PRO_CONNECT_FT_IDP_HINT = settings.PRO_CONNECT_FT_IDP_HINT
diff --git a/itou/openid_connect/pro_connect/enums.py b/itou/openid_connect/pro_connect/enums.py
new file mode 100644
index 0000000000..79ee0a8e3e
--- /dev/null
+++ b/itou/openid_connect/pro_connect/enums.py
@@ -0,0 +1,10 @@
+import enum
+
+
+class ProConnectChannel(str, enum.Enum):
+    """This enum is stored in the session, and allow us to change the error message
+    in the callback view depending on where the user came from.
+    """
+
+    INVITATION = "invitation"
+    MAP_CONSEILLER = "map_conseiller"
diff --git a/itou/openid_connect/pro_connect/migrations/0001_initial.py b/itou/openid_connect/pro_connect/migrations/0001_initial.py
new file mode 100644
index 0000000000..ba0d61d316
--- /dev/null
+++ b/itou/openid_connect/pro_connect/migrations/0001_initial.py
@@ -0,0 +1,31 @@
+# Generated by Django 5.0.3 on 2024-03-22 09:37
+
+import django.utils.timezone
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    initial = True
+
+    dependencies = []
+
+    operations = [
+        migrations.CreateModel(
+            name="ProConnectState",
+            fields=[
+                ("id", models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name="ID")),
+                (
+                    "created_at",
+                    models.DateTimeField(
+                        db_index=True, default=django.utils.timezone.now, verbose_name="date de création"
+                    ),
+                ),
+                ("used_at", models.DateTimeField(null=True, verbose_name="date d'utilisation")),
+                ("data", models.JSONField(blank=True, default=dict, verbose_name="données de session")),
+                ("state", models.CharField(max_length=12, unique=True)),
+            ],
+            options={
+                "abstract": False,
+            },
+        ),
+    ]
diff --git a/itou/openid_connect/pro_connect/migrations/__init__.py b/itou/openid_connect/pro_connect/migrations/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/itou/openid_connect/pro_connect/models.py b/itou/openid_connect/pro_connect/models.py
new file mode 100644
index 0000000000..5a063d80f3
--- /dev/null
+++ b/itou/openid_connect/pro_connect/models.py
@@ -0,0 +1,63 @@
+import dataclasses
+import logging
+from typing import ClassVar
+
+from django.db import models
+
+from itou.prescribers.models import PrescriberOrganization
+from itou.users.enums import IdentityProvider, UserKind
+from itou.users.models import User
+
+from ..models import OIDConnectState, OIDConnectUserData
+
+
+logger = logging.getLogger(__name__)
+
+
+class ProConnectState(OIDConnectState):
+    data = models.JSONField(verbose_name="données de session", default=dict, blank=True)
+
+
+@dataclasses.dataclass
+class ProConnectUserData(OIDConnectUserData):
+    @staticmethod
+    def user_info_mapping_dict(user_info: dict):
+        return {
+            "username": user_info["sub"],
+            "first_name": user_info["given_name"],
+            "last_name": user_info["usual_name"],
+            "email": user_info["email"],
+        }
+
+    def join_org(self, user: User, safir: str):
+        if not user.is_prescriber:
+            raise ValueError("Invalid user kind: %s", user.kind)
+        try:
+            organization = PrescriberOrganization.objects.get(code_safir_pole_emploi=safir)
+        except PrescriberOrganization.DoesNotExist:
+            logger.error(f"Organization with SAFIR {safir} does not exist. Unable to add user {user.email}.")
+            raise
+        if not organization.has_member(user):
+            organization.add_or_activate_member(user)
+
+
+@dataclasses.dataclass
+class ProConnectPrescriberData(ProConnectUserData):
+    kind: UserKind = UserKind.PRESCRIBER
+    identity_provider: IdentityProvider = IdentityProvider.PRO_CONNECT
+    login_allowed_user_kinds: ClassVar[tuple[UserKind]] = (UserKind.PRESCRIBER, UserKind.EMPLOYER)
+    allowed_identity_provider_migration: ClassVar[tuple[IdentityProvider]] = (
+        IdentityProvider.DJANGO,
+        IdentityProvider.INCLUSION_CONNECT,
+    )
+
+
+@dataclasses.dataclass
+class ProConnectEmployerData(ProConnectUserData):
+    kind: UserKind = UserKind.EMPLOYER
+    identity_provider: IdentityProvider = IdentityProvider.PRO_CONNECT
+    login_allowed_user_kinds: ClassVar[tuple[UserKind]] = (UserKind.PRESCRIBER, UserKind.EMPLOYER)
+    allowed_identity_provider_migration: ClassVar[tuple[IdentityProvider]] = (
+        IdentityProvider.DJANGO,
+        IdentityProvider.INCLUSION_CONNECT,
+    )
diff --git a/itou/openid_connect/pro_connect/urls.py b/itou/openid_connect/pro_connect/urls.py
new file mode 100644
index 0000000000..e93b0cf770
--- /dev/null
+++ b/itou/openid_connect/pro_connect/urls.py
@@ -0,0 +1,13 @@
+from django.urls import path
+
+from . import views
+
+
+app_name = "pro_connect"
+
+urlpatterns = [
+    path("authorize", views.pro_connect_authorize, name="authorize"),
+    path("callback", views.pro_connect_callback, name="callback"),
+    path("logout", views.pro_connect_logout, name="logout"),
+    path("logout_callback", views.pro_connect_logout_callback, name="logout_callback"),
+]
diff --git a/itou/openid_connect/pro_connect/views.py b/itou/openid_connect/pro_connect/views.py
new file mode 100644
index 0000000000..2c805d4e94
--- /dev/null
+++ b/itou/openid_connect/pro_connect/views.py
@@ -0,0 +1,350 @@
+import dataclasses
+import logging
+
+import httpx
+import jwt
+from allauth.account.adapter import get_adapter
+from django.conf import settings
+from django.contrib import messages
+from django.contrib.auth import login
+from django.http import HttpResponseRedirect
+from django.urls import reverse
+from django.utils import crypto
+from django.utils.html import format_html
+from django.utils.http import url_has_allowed_host_and_scheme, urlencode
+
+from itou.prescribers.models import PrescriberOrganization
+from itou.users.enums import KIND_EMPLOYER, KIND_PRESCRIBER, UserKind
+from itou.users.models import User
+from itou.utils import constants as global_constants
+from itou.utils.constants import ITOU_HELP_CENTER_URL
+from itou.utils.urls import add_url_params, get_absolute_url
+
+from ..models import EmailInUseException, InvalidKindException, MultipleUsersFoundException
+from . import constants
+from .enums import ProConnectChannel
+from .models import (
+    ProConnectEmployerData,
+    ProConnectPrescriberData,
+    ProConnectState,
+)
+
+
+logger = logging.getLogger(__name__)
+
+USER_DATA_CLASSES = {
+    KIND_PRESCRIBER: ProConnectPrescriberData,
+    KIND_EMPLOYER: ProConnectEmployerData,
+}
+
+
+@dataclasses.dataclass
+class ProConnectStateData:
+    previous_url: str = None
+    next_url: str = None
+    user_email: str = None
+    user_kind: str = None
+    channel: str = None
+    # Tells us where did the user came from so that we can adapt
+    # error messages in the callback view.
+    is_login: bool = False  # Used to skip kind check and allow login through the wrong user kind
+    prescriber_session_data: dict = None
+
+
+@dataclasses.dataclass
+class ProConnectSession:
+    key: str = constants.PRO_CONNECT_SESSION_KEY
+    token: str = None
+    state: str = None
+
+    def bind_to_request(self, request):
+        request.session[self.key] = dataclasses.asdict(self)
+
+
+def _redirect_to_login_page_on_error(error_msg=None, request=None):
+    if request:
+        messages.error(request, "Une erreur technique est survenue. Merci de recommencer.")
+    if error_msg:
+        logger.error(error_msg, exc_info=True)
+    return HttpResponseRedirect(reverse("search:employers_home"))
+
+
+def _generate_pro_params_from_session(pc_data):
+    redirect_uri = get_absolute_url(reverse("pro_connect:callback"))
+    state = ProConnectState.save_state(data=pc_data)
+    data = {
+        "response_type": "code",
+        "client_id": constants.PRO_CONNECT_CLIENT_ID,
+        "redirect_uri": redirect_uri,
+        "acr_values": "eidas1",
+        "scope": constants.PRO_CONNECT_SCOPES,
+        "state": state,
+        "nonce": crypto.get_random_string(length=12),
+    }
+    if pc_data.get("channel") == ProConnectChannel.MAP_CONSEILLER:
+        data["idp_hint"] = constants.PRO_CONNECT_FT_IDP_HINT
+    if user_email := pc_data.get("user_email"):
+        data["login_hint"] = user_email
+    return data
+
+
+def _add_user_kind_error_message(request, existing_user, new_user_kind):
+    messages.error(
+        request,
+        format_html(
+            "Un compte {} existe déjà avec cette adresse e-mail. "
+            "Vous devez créer un compte ProConnect avec une autre adresse e-mail pour "
+            "devenir {} sur la plateforme. Besoin d'aide ? "
+            "<a href='{}/requests/new' target='_blank'>Contactez-nous</a>.",
+            existing_user.get_kind_display(),
+            UserKind(new_user_kind).label,
+            ITOU_HELP_CENTER_URL,
+        ),
+    )
+
+
+def pro_connect_authorize(request):
+    # Start a new session.
+    user_kind = request.GET.get("user_kind")
+    previous_url = request.GET.get("previous_url", reverse("search:employers_home"))
+    next_url = request.GET.get("next_url")
+    if next_url and not url_has_allowed_host_and_scheme(next_url, settings.ALLOWED_HOSTS, request.is_secure()):
+        return _redirect_to_login_page_on_error(error_msg="Forbidden external url")
+    register = request.GET.get("register")
+    if not user_kind:
+        return _redirect_to_login_page_on_error(error_msg="User kind missing.")
+    if user_kind not in USER_DATA_CLASSES:
+        return _redirect_to_login_page_on_error(error_msg="Wrong user kind.")
+
+    pc_data = ProConnectStateData(
+        user_kind=user_kind, previous_url=previous_url, next_url=next_url, is_login=not register
+    )
+
+    if channel := request.GET.get("channel"):
+        pc_data.channel = channel
+
+    if user_email := request.GET.get("user_email"):
+        pc_data.user_email = user_email
+
+    if session_data := request.session.get(global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY):
+        pc_data.prescriber_session_data = {global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY: session_data}
+
+    data = _generate_pro_params_from_session(dataclasses.asdict(pc_data))
+    # Store the state in session to allow the user to use resume registration view
+    pc_session = ProConnectSession(state=data["state"])
+    pc_session.bind_to_request(request)
+
+    base_url = constants.PRO_CONNECT_ENDPOINT_AUTHORIZE
+    return HttpResponseRedirect(f"{base_url}?{urlencode(data)}")
+
+
+def _get_token(request, code):
+    # Retrieve token from ProConnect
+    token_redirect_uri = get_absolute_url(reverse("pro_connect:callback"))
+    data = {
+        "client_id": constants.PRO_CONNECT_CLIENT_ID,
+        "client_secret": constants.PRO_CONNECT_CLIENT_SECRET,
+        "code": code,
+        "grant_type": "authorization_code",
+        "redirect_uri": token_redirect_uri,
+    }
+    response = httpx.post(
+        constants.PRO_CONNECT_ENDPOINT_TOKEN,
+        data=data,
+        timeout=constants.PRO_CONNECT_TIMEOUT,
+    )
+    # Contains access_token, token_type, expires_in, id_token
+    if response.status_code != 200:
+        return None, _redirect_to_login_page_on_error(error_msg="Impossible to get token.", request=request)
+    return response.json(), None
+
+
+def _get_user_info(request, access_token):
+    response = httpx.get(
+        constants.PRO_CONNECT_ENDPOINT_USERINFO,
+        params={"schema": "openid"},
+        headers={"Authorization": "Bearer " + access_token},
+        timeout=constants.PRO_CONNECT_TIMEOUT,
+    )
+    if response.status_code != 200:
+        return None, _redirect_to_login_page_on_error(error_msg="Impossible to get user infos.", request=request)
+    decoded_id_token = jwt.decode(
+        response.content,
+        key=constants.PRO_CONNECT_CLIENT_SECRET,
+        algorithms=["HS256"],
+        audience=constants.PRO_CONNECT_CLIENT_ID,
+    )
+    return decoded_id_token, None
+
+
+def pro_connect_callback(request):
+    code = request.GET.get("code")
+    state = request.GET.get("state")
+    if code is None or state is None:
+        return _redirect_to_login_page_on_error(error_msg="Missing code or state.", request=request)
+
+    # Get access token now to have more data in sentry
+    token_data, error_redirection = _get_token(request, code)
+    if error_redirection:
+        return error_redirection
+    access_token = token_data.get("access_token")
+    if not access_token:
+        return _redirect_to_login_page_on_error(error_msg="Access token field missing.", request=request)
+
+    # Check if state is valid and session exists
+    pro_connect_state = ProConnectState.get_from_state(state)
+    if pro_connect_state is None or not pro_connect_state.is_valid():
+        return _redirect_to_login_page_on_error(request=request)
+    pc_session = ProConnectSession(state=state, token=token_data["id_token"])
+    pc_session.bind_to_request(request)
+
+    # A token has been provided so it's time to fetch associated user infos
+    # because the token is only valid for 5 seconds.
+    # We don't really need to access user_info since all we need is already in the access_token.
+    # Should we remove this ?
+    user_data, error_redirection = _get_user_info(request, access_token)
+    if error_redirection:
+        return error_redirection
+
+    if "sub" not in user_data:
+        # 'sub' is the unique identifier from ProConnect, we need that to match a user later on.
+        return _redirect_to_login_page_on_error(error_msg="Sub parameter error.", request=request)
+
+    user_kind = pro_connect_state.data["user_kind"]
+    is_successful = True
+    pc_user_data = USER_DATA_CLASSES[user_kind].from_user_info(user_data)
+    pc_session_email = pro_connect_state.data.get("user_email")
+
+    if pc_session_email and pc_session_email.lower() != pc_user_data.email.lower():
+        if pro_connect_state.data["channel"] == ProConnectChannel.INVITATION:
+            error = (
+                "L’adresse e-mail que vous avez utilisée pour vous connecter avec ProConnect "
+                f"({pc_user_data.email}) "
+                f"ne correspond pas à l’adresse e-mail de l’invitation ({pc_session_email})."
+            )
+        else:
+            error = (
+                "L’adresse e-mail que vous avez utilisée pour vous connecter avec ProConnect "
+                f"({pc_user_data.email}) "
+                f"est différente de celle que vous avez indiquée précédemment ({pc_session_email})."
+            )
+        messages.error(request, error)
+        is_successful = False
+
+    try:
+        user, _ = pc_user_data.create_or_update_user(is_login=pro_connect_state.data.get("is_login"))
+    except InvalidKindException:
+        existing_user = User.objects.get(email=user_data["email"])
+        _add_user_kind_error_message(request, existing_user, user_kind)
+        is_successful = False
+    except EmailInUseException as e:
+        redacted_name = e.user.get_redacted_full_name()
+        msg_who = (
+            format_html(
+                " au nom de <strong>{}</strong>",
+                redacted_name,
+            )
+            if redacted_name
+            else ""
+        )
+
+        error = format_html(
+            "Vous avez essayé de vous connecter avec un compte ProConnect, mais un compte"
+            "{} a déjà été créé avec cette adresse e-mail. "
+            "Veuillez vous rapprocher du support pour débloquer la situation en suivant "
+            "<a href='{}'>ce lien</a>.",
+            msg_who,
+            global_constants.ITOU_HELP_CENTER_URL,
+        )
+        messages.error(request, error)
+        is_successful = False
+    except MultipleUsersFoundException as e:
+        # Here we have a user trying to update his email, but with an already existing email
+        # let him login, but display a message because we didn't update his email
+        messages.error(
+            request,
+            format_html(
+                "L'adresse e-mail que nous a transmis ProConnect est différente de celle qui est enregistrée "
+                "sur la plateforme des emplois, et est déjà associé à un autre compte. "
+                "Nous n'avons donc pas pu mettre à jour {} en {}. "
+                "Veuillez vous rapprocher du support pour débloquer la situation en suivant "
+                "<a href='{}'>ce lien</a>.",
+                e.users[0].email,
+                e.users[1].email,
+                global_constants.ITOU_HELP_CENTER_URL,
+            ),
+        )
+        user = e.users[0]
+
+    code_safir_pole_emploi = user_data.get("custom", {}).get("structureTravail")
+    # Only handle user creation for the moment, not updates.
+    if is_successful and user.is_prescriber and code_safir_pole_emploi:
+        try:
+            pc_user_data.join_org(user=user, safir=code_safir_pole_emploi)
+        except PrescriberOrganization.DoesNotExist:
+            messages.warning(
+                request,
+                format_html(
+                    "L'agence indiquée par NEPTUNE (code SAFIR {}) n'est pas référencée dans notre service. "
+                    "Cela arrive quand vous appartenez à un Point Relais mais que vous êtes rattaché à une agence "
+                    "mère sur la plateforme des emplois. "
+                    "Si vous pensez qu'il y a une erreur, vérifiez que le code SAFIR est le bon "
+                    "puis <a href='{}'>contactez le support</a> en indiquant le code SAFIR.",
+                    code_safir_pole_emploi,
+                    global_constants.ITOU_HELP_CENTER_URL,
+                ),
+            )
+
+    if not is_successful:
+        logout_url_params = {
+            "redirect_url": pro_connect_state.data["previous_url"],
+        }
+        next_url = f"{reverse('pro_connect:logout')}?{urlencode(logout_url_params)}"
+        return HttpResponseRedirect(next_url)
+
+    # Because we have more than one Authentication backend in our settings, we need to specify
+    # the one we want to use in login
+    login(request, user, backend="django.contrib.auth.backends.ModelBackend")
+
+    # reattach prescriber session
+    if prescriber_session_data := pro_connect_state.data.get("prescriber_session_data"):
+        request.session.update(prescriber_session_data)
+
+    next_url = pro_connect_state.data["next_url"] or get_adapter(request).get_login_redirect_url(request)
+    return HttpResponseRedirect(next_url)
+
+
+def pro_connect_logout(request):
+    token = request.GET.get("token")
+    post_logout_redirect_url = reverse("pro_connect:logout_callback")
+    redirect_url = request.GET.get("redirect_url", reverse("search:employers_home"))
+
+    # Fallback on session data.
+    if not token:
+        pc_session = request.session.get(constants.PRO_CONNECT_SESSION_KEY)
+        if not pc_session:
+            raise KeyError("Missing session key.")
+        token = pc_session["token"]
+
+    logout_state = ProConnectState.save_state(data={"redirect_url": redirect_url})
+
+    params = {
+        "id_token_hint": token,
+        "state": logout_state,
+        "post_logout_redirect_uri": get_absolute_url(post_logout_redirect_url),
+    }
+    complete_url = add_url_params(constants.PRO_CONNECT_ENDPOINT_LOGOUT, params)
+    return HttpResponseRedirect(complete_url)
+
+
+def pro_connect_logout_callback(request):
+    state = request.GET.get("state")
+    if state is None:
+        return _redirect_to_login_page_on_error(error_msg="Missing state.", request=request)
+
+    # Check if state is valid and session exists
+    pro_connect_state = ProConnectState.get_from_state(state)
+    if pro_connect_state is None or not pro_connect_state.is_valid():
+        return _redirect_to_login_page_on_error(request=request)
+
+    return HttpResponseRedirect(pro_connect_state.data["redirect_url"])
diff --git a/itou/static/css/itou.css b/itou/static/css/itou.css
index 15da34e05f..b47e78186b 100644
--- a/itou/static/css/itou.css
+++ b/itou/static/css/itou.css
@@ -416,3 +416,19 @@ an input field being invalid, generating an uncontrolled red box-shadow. */
 .w-lg-400px .select2-selection__rendered {
     white-space: nowrap !important;
 }
+
+
+/* Pro Connect button theme */
+.proconnect-button {
+  background-color: transparent !important;
+  background-image: url("../img/pro_connect_bouton.svg");
+  background-position: 50% 50%;
+  background-repeat: no-repeat;
+  width: 214px;
+  height: 56px;
+  display: inline-block;
+}
+
+.proconnect-button:hover {
+  background-image: url("../img/pro_connect_bouton_hover.svg");
+}
diff --git a/itou/static/img/illustration-pc.svg b/itou/static/img/illustration-pc.svg
new file mode 100644
index 0000000000..2ad51be694
--- /dev/null
+++ b/itou/static/img/illustration-pc.svg
@@ -0,0 +1,27 @@
+<svg width="286" height="274" viewBox="0 0 143 137" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M69.1993 122.238C69.0489 122.238 70.3487 123.087 50.5194 109.54C43.2866 104.602 37.3688 97.9731 33.2802 90.2285C29.1916 82.4839 27.0559 73.8581 27.0586 65.1005V25.7549C27.0587 25.7041 27.0718 25.654 27.0965 25.6096C27.1213 25.5651 27.1569 25.5277 27.2 25.5007C27.2466 25.4706 31.9945 22.4995 39.5043 19.5719C46.4365 16.864 57.2154 13.6477 69.1993 13.6477C81.1832 13.6477 91.9606 16.8686 98.8928 19.5719C106.404 22.4995 111.152 25.4706 111.199 25.5007C111.242 25.5277 111.277 25.5651 111.302 25.6096C111.327 25.654 111.34 25.7041 111.34 25.7549V65.1005C111.342 73.8588 109.205 82.485 105.115 90.2296C101.025 97.9743 95.1059 104.603 87.8717 109.54C68.0319 123.099 69.3437 122.238 69.1993 122.238ZM27.6603 25.9249V65.1005C27.6576 73.7599 29.7693 82.2891 33.812 89.9469C37.8547 97.6047 43.7062 104.16 50.8579 109.042L69.1993 121.572L87.5407 109.042C94.6925 104.16 100.544 97.6047 104.587 89.9469C108.629 82.2891 110.741 73.7599 110.738 65.1005V25.9249C109.902 25.4164 105.407 22.7567 98.6611 20.1285C91.7801 17.4462 81.0824 14.2509 69.1993 14.2509C57.3162 14.2509 46.6186 17.4462 39.7375 20.1285C32.9919 22.7567 28.4968 25.4164 27.6603 25.9249Z" fill="#000091"/>
+<path d="M54.0833 104.323C47.6996 99.9646 42.4767 94.1138 38.8682 87.2784C35.2596 80.443 33.3746 72.8299 33.377 65.1005V29.2827C39.1478 26.274 53.1475 19.9676 69.1993 19.9676C85.251 19.9676 99.2433 26.2679 105.022 29.2827V65.1005C105.024 72.8299 103.139 80.443 99.5304 87.2784C95.9219 94.1138 90.6989 99.9646 84.3153 104.323L69.1993 114.649L54.0833 104.323Z" fill="#FCC63A"/>
+<path d="M0.736328 85.9227H71.6288V98.6302H0.736328V85.9227Z" fill="#18753C"/>
+<path d="M9.87998 95.9704C9.80018 95.9704 9.72365 95.9387 9.66723 95.8823C9.6108 95.8259 9.5791 95.7493 9.5791 95.6695V88.7103C9.5791 88.6305 9.6108 88.5539 9.66723 88.4975C9.72365 88.4411 9.80018 88.4094 9.87998 88.4094C9.95978 88.4094 10.0363 88.4411 10.0927 88.4975C10.1492 88.5539 10.1809 88.6305 10.1809 88.7103V95.6695C10.1809 95.7493 10.1492 95.8259 10.0927 95.8823C10.0363 95.9387 9.95978 95.9704 9.87998 95.9704Z" fill="white"/>
+<path d="M6.86675 94.2299C6.80062 94.2297 6.73636 94.2078 6.68393 94.1675C6.63149 94.1272 6.5938 94.0708 6.57667 94.0069C6.55954 93.943 6.56394 93.8753 6.58918 93.8141C6.61443 93.753 6.6591 93.7019 6.71631 93.6687L12.7504 90.1891C12.7846 90.1673 12.8229 90.1527 12.863 90.1461C12.903 90.1395 12.944 90.1411 12.9834 90.1508C13.0228 90.1604 13.0598 90.1779 13.0923 90.2023C13.1248 90.2266 13.152 90.2573 13.1723 90.2924C13.1926 90.3276 13.2056 90.3664 13.2105 90.4067C13.2154 90.447 13.2121 90.4879 13.2008 90.5268C13.1895 90.5658 13.1704 90.6021 13.1447 90.6335C13.119 90.6649 13.0872 90.6908 13.0513 90.7096C6.60499 94.4284 6.9856 94.2299 6.86675 94.2299Z" fill="white"/>
+<path d="M12.901 94.2299C12.7806 94.2299 13.1522 94.4224 6.72247 90.7096C6.65698 90.668 6.61011 90.6027 6.59165 90.5273C6.57319 90.4519 6.58456 90.3723 6.6234 90.3051C6.66223 90.2379 6.72552 90.1884 6.80005 90.1667C6.87458 90.1451 6.95459 90.1531 7.02335 90.1891L13.0514 93.6687C13.1086 93.7019 13.1533 93.753 13.1785 93.8142C13.2038 93.8753 13.2082 93.943 13.191 94.0069C13.1739 94.0708 13.1362 94.1272 13.0838 94.1675C13.0314 94.2078 12.9671 94.2297 12.901 94.2299ZM20.4921 96.0291C20.4123 96.0291 20.3357 95.9974 20.2793 95.941C20.2229 95.8846 20.1912 95.808 20.1912 95.7282V88.7675C20.1912 88.6877 20.2229 88.6111 20.2793 88.5547C20.3357 88.4983 20.4123 88.4666 20.4921 88.4666C20.5719 88.4666 20.6484 88.4983 20.7048 88.5547C20.7612 88.6111 20.7929 88.6877 20.7929 88.7675V95.7282C20.7929 95.808 20.7612 95.8846 20.7048 95.941C20.6484 95.9974 20.5719 96.0291 20.4921 96.0291Z" fill="white"/>
+<path d="M17.4791 94.2885C17.4129 94.2884 17.3487 94.2665 17.2962 94.2262C17.2438 94.1859 17.2061 94.1294 17.189 94.0656C17.1718 94.0017 17.1762 93.9339 17.2015 93.8728C17.2267 93.8117 17.2714 93.7606 17.3286 93.7274L23.3567 90.2478C23.3909 90.226 23.4292 90.2114 23.4693 90.2048C23.5093 90.1982 23.5503 90.1998 23.5897 90.2094C23.6291 90.2191 23.6661 90.2366 23.6986 90.261C23.7311 90.2853 23.7583 90.316 23.7786 90.3511C23.7989 90.3862 23.8119 90.4251 23.8168 90.4654C23.8217 90.5057 23.8184 90.5465 23.807 90.5855C23.7957 90.6245 23.7767 90.6608 23.751 90.6922C23.7253 90.7236 23.6935 90.7495 23.6575 90.7683C17.2158 94.4856 17.5964 94.2885 17.4791 94.2885Z" fill="white"/>
+<path d="M23.5055 94.2885C23.3866 94.2885 23.7567 94.4811 17.327 90.7683C17.2615 90.7266 17.2146 90.6613 17.1961 90.5859C17.1777 90.5106 17.1891 90.431 17.2279 90.3638C17.2667 90.2966 17.33 90.247 17.4045 90.2254C17.4791 90.2038 17.5591 90.2118 17.6278 90.2478L23.6559 93.7274C23.7131 93.7606 23.7578 93.8117 23.783 93.8728C23.8083 93.9339 23.8127 94.0017 23.7955 94.0656C23.7784 94.1294 23.7407 94.1859 23.6883 94.2262C23.6358 94.2665 23.5716 94.2884 23.5055 94.2885ZM31.1041 96.0863C31.0243 96.0863 30.9478 96.0546 30.8913 95.9981C30.8349 95.9417 30.8032 95.8652 30.8032 95.7854V88.8261C30.8032 88.7463 30.8349 88.6698 30.8913 88.6134C30.9478 88.5569 31.0243 88.5252 31.1041 88.5252C31.1839 88.5252 31.2604 88.5569 31.3168 88.6134C31.3733 88.6698 31.405 88.7463 31.405 88.8261V95.7854C31.405 95.8652 31.3733 95.9417 31.3168 95.9981C31.2604 96.0546 31.1839 96.0863 31.1041 96.0863Z" fill="white"/>
+<path d="M28.095 94.3547C28.0284 94.3552 27.9635 94.3335 27.9105 94.2931C27.8575 94.2527 27.8194 94.1959 27.8022 94.1315C27.785 94.0672 27.7896 93.9989 27.8154 93.9375C27.8411 93.8761 27.8866 93.8249 27.9445 93.7921L33.9621 90.3049C34.0313 90.265 34.1135 90.2542 34.1907 90.275C34.2678 90.2957 34.3336 90.3462 34.3735 90.4155C34.4134 90.4847 34.4242 90.5669 34.4034 90.6441C34.3827 90.7213 34.3322 90.787 34.2629 90.8269C27.8257 94.5442 28.2078 94.3547 28.095 94.3547Z" fill="white"/>
+<path d="M34.113 94.3547C33.9941 94.3547 34.3657 94.5458 27.936 90.8345C27.8668 90.7946 27.8162 90.7288 27.7955 90.6516C27.7747 90.5745 27.7855 90.4922 27.8254 90.423C27.8653 90.3538 27.9311 90.3032 28.0082 90.2825C28.0854 90.2618 28.1676 90.2725 28.2369 90.3124L34.2634 93.7846C34.3256 93.8153 34.3753 93.8665 34.404 93.9297C34.4328 93.9929 34.4388 94.064 34.4211 94.1311C34.4034 94.1982 34.3631 94.2571 34.3069 94.2978C34.2508 94.3386 34.1822 94.3587 34.113 94.3547ZM41.7131 96.1449C41.6333 96.1449 41.5568 96.1132 41.5004 96.0568C41.4439 96.0004 41.4122 95.9238 41.4122 95.8441V88.8833C41.4122 88.8035 41.4439 88.7269 41.5004 88.6705C41.5568 88.6141 41.6333 88.5824 41.7131 88.5824C41.7929 88.5824 41.8694 88.6141 41.9259 88.6705C41.9823 88.7269 42.014 88.8035 42.014 88.8833V95.8441C42.014 95.9238 41.9823 96.0004 41.9259 96.0568C41.8694 96.1132 41.7929 96.1449 41.7131 96.1449Z" fill="white"/>
+<path d="M38.6998 94.4044C38.6336 94.4043 38.5694 94.3824 38.5169 94.3421C38.4645 94.3018 38.4268 94.2453 38.4097 94.1814C38.3926 94.1175 38.3969 94.0498 38.4222 93.9887C38.4474 93.9275 38.4921 93.8764 38.5493 93.8432L44.5759 90.3636C44.6101 90.3418 44.6484 90.3272 44.6884 90.3206C44.7285 90.3141 44.7694 90.3156 44.8089 90.3253C44.8483 90.3349 44.8853 90.3525 44.9178 90.3768C44.9503 90.4012 44.9775 90.4318 44.9978 90.467C45.0181 90.5021 45.0311 90.541 45.036 90.5813C45.0409 90.6215 45.0375 90.6624 45.0262 90.7014C45.0149 90.7403 44.9959 90.7766 44.9702 90.808C44.9445 90.8394 44.9127 90.8653 44.8767 90.8841C38.438 94.603 38.8186 94.4044 38.6998 94.4044Z" fill="white"/>
+<path d="M44.7261 94.4044C44.6073 94.4044 44.9788 94.5969 38.5491 90.8841C38.5132 90.8653 38.4814 90.8394 38.4557 90.808C38.43 90.7766 38.4109 90.7403 38.3996 90.7014C38.3883 90.6624 38.385 90.6215 38.3899 90.5813C38.3948 90.541 38.4078 90.5021 38.4281 90.467C38.4484 90.4318 38.4756 90.4012 38.5081 90.3768C38.5405 90.3525 38.5776 90.3349 38.617 90.3253C38.6564 90.3156 38.6974 90.3141 38.7374 90.3206C38.7774 90.3272 38.8157 90.3418 38.85 90.3636L44.8765 93.8432C44.9337 93.8764 44.9784 93.9275 45.0037 93.9887C45.0289 94.0498 45.0333 94.1175 45.0162 94.1814C44.9991 94.2453 44.9614 94.3018 44.9089 94.3421C44.8565 94.3824 44.7922 94.4043 44.7261 94.4044ZM54.7107 95.5582H48.1034C48.0236 95.5582 47.9471 95.5265 47.8907 95.4701C47.8343 95.4137 47.8026 95.3372 47.8026 95.2574C47.8026 95.1776 47.8343 95.101 47.8907 95.0446C47.9471 94.9882 48.0236 94.9565 48.1034 94.9565H54.7152C54.795 94.9565 54.8715 94.9882 54.9279 95.0446C54.9844 95.101 55.0161 95.1776 55.0161 95.2574C55.0161 95.3372 54.9844 95.4137 54.9279 95.4701C54.8715 95.5265 54.795 95.5582 54.7152 95.5582H54.7107ZM65.4986 95.5582H58.8868C58.807 95.5582 58.7305 95.5265 58.6741 95.4701C58.6177 95.4137 58.586 95.3372 58.586 95.2574C58.586 95.1776 58.6177 95.101 58.6741 95.0446C58.7305 94.9882 58.807 94.9565 58.8868 94.9565H65.4986C65.5784 94.9565 65.6549 94.9882 65.7113 95.0446C65.7678 95.101 65.7995 95.1776 65.7995 95.2574C65.7995 95.3372 65.7678 95.4137 65.7113 95.4701C65.6549 95.5265 65.5784 95.5582 65.4986 95.5582Z" fill="white"/>
+<path d="M80.4869 58.0269H76.6552V48.6561C76.6552 46.6788 75.8697 44.7824 74.4715 43.3842C73.0733 41.9859 71.1769 41.2004 69.1995 41.2004C67.2221 41.2004 65.3257 41.9859 63.9275 43.3842C62.5293 44.7824 61.7438 46.6788 61.7438 48.6561V58.0269H57.9121V48.6561C57.9121 45.6625 59.1013 42.7916 61.2181 40.6748C63.3349 38.558 66.2059 37.3688 69.1995 37.3688C72.1931 37.3688 75.0641 38.558 77.1809 40.6748C79.2977 42.7916 80.4869 45.6625 80.4869 48.6561V58.0269Z" fill="#B34000"/>
+<path d="M82.4663 51.3384H55.932C54.714 51.3384 53.7266 52.3258 53.7266 53.5439V72.8737C53.7266 74.0917 54.714 75.0791 55.932 75.0791H82.4663C83.6843 75.0791 84.6717 74.0917 84.6717 72.8737V53.5439C84.6717 52.3258 83.6843 51.3384 82.4663 51.3384Z" fill="#CE0500"/>
+<path d="M69.1994 64.0896C70.6401 64.0896 71.808 62.9217 71.808 61.481C71.808 60.0403 70.6401 58.8724 69.1994 58.8724C67.7587 58.8724 66.5908 60.0403 66.5908 61.481C66.5908 62.9217 67.7587 64.0896 69.1994 64.0896Z" fill="white"/>
+<path d="M67.9873 62.4739H70.4124V67.5451H67.9873V62.4739Z" fill="white"/>
+<path d="M132.041 125.309C137.932 125.309 142.708 120.533 142.708 114.641C142.708 108.75 137.932 103.974 132.041 103.974C126.149 103.974 121.373 108.75 121.373 114.641C121.373 120.533 126.149 125.309 132.041 125.309Z" fill="#000091"/>
+<path d="M136.64 117.828C138.4 117.828 139.827 116.401 139.827 114.641C139.827 112.882 138.4 111.455 136.64 111.455C134.881 111.455 133.454 112.882 133.454 114.641C133.454 116.401 134.881 117.828 136.64 117.828Z" fill="white"/>
+<path d="M128.485 110.44V118.843H117.924C117.895 118.378 117.689 117.942 117.349 117.623C117.009 117.304 116.56 117.127 116.094 117.127C115.628 117.127 115.18 117.304 114.84 117.623C114.5 117.942 114.294 118.378 114.264 118.843H109.312L107.367 117.551L105.468 118.843L103.488 117.551L101.984 118.843H96.5923L93.3594 114.75L96.5923 110.44H128.485Z" fill="#000091"/>
+<path d="M121.59 114.404H98.5323C98.4525 114.404 98.376 114.372 98.3196 114.316C98.2631 114.259 98.2314 114.183 98.2314 114.103C98.2314 114.023 98.2631 113.946 98.3196 113.89C98.376 113.834 98.4525 113.802 98.5323 113.802H121.59C121.67 113.802 121.746 113.834 121.803 113.89C121.859 113.946 121.891 114.023 121.891 114.103C121.891 114.183 121.859 114.259 121.803 114.316C121.746 114.372 121.67 114.404 121.59 114.404Z" fill="white"/>
+<path d="M133.197 99.2048C133.117 99.2048 133.041 99.1731 132.984 99.1167C132.928 99.0603 132.896 98.9838 132.896 98.904V97.0987C132.896 97.0189 132.928 96.9424 132.984 96.886C133.041 96.8295 133.117 96.7978 133.197 96.7978C133.277 96.7978 133.354 96.8295 133.41 96.886C133.466 96.9424 133.498 97.0189 133.498 97.0987V98.904C133.498 98.9838 133.466 99.0603 133.41 99.1167C133.354 99.1731 133.277 99.2048 133.197 99.2048ZM133.197 95.5943C133.117 95.5943 133.041 95.5626 132.984 95.5062C132.928 95.4498 132.896 95.3732 132.896 95.2934V93.4882C132.896 93.4084 132.928 93.3319 132.984 93.2754C133.041 93.219 133.117 93.1873 133.197 93.1873C133.277 93.1873 133.354 93.219 133.41 93.2754C133.466 93.3319 133.498 93.4084 133.498 93.4882V95.2934C133.498 95.3732 133.466 95.4498 133.41 95.5062C133.354 95.5626 133.277 95.5943 133.197 95.5943ZM133.197 91.9838C133.117 91.9838 133.041 91.9521 132.984 91.8957C132.928 91.8393 132.896 91.7627 132.896 91.6829V89.8777C132.896 89.7979 132.928 89.7214 132.984 89.6649C133.041 89.6085 133.117 89.5768 133.197 89.5768C133.277 89.5768 133.354 89.6085 133.41 89.6649C133.466 89.7214 133.498 89.7979 133.498 89.8777V91.6829C133.498 91.7627 133.466 91.8393 133.41 91.8957C133.354 91.9521 133.277 91.9838 133.197 91.9838ZM133.197 88.3733C133.117 88.3733 133.041 88.3416 132.984 88.2852C132.928 88.2288 132.896 88.1522 132.896 88.0724V86.2672C132.896 86.1874 132.928 86.1108 132.984 86.0544C133.041 85.998 133.117 85.9663 133.197 85.9663C133.277 85.9663 133.354 85.998 133.41 86.0544C133.466 86.1108 133.498 86.1874 133.498 86.2672V88.0724C133.498 88.1522 133.466 88.2288 133.41 88.2852C133.354 88.3416 133.277 88.3733 133.197 88.3733ZM133.197 84.7628C133.117 84.7628 133.041 84.7311 132.984 84.6747C132.928 84.6182 132.896 84.5417 132.896 84.4619V82.6566C132.896 82.5769 132.928 82.5003 132.984 82.4439C133.041 82.3875 133.117 82.3558 133.197 82.3558C133.277 82.3558 133.354 82.3875 133.41 82.4439C133.466 82.5003 133.498 82.5769 133.498 82.6566V84.4619C133.498 84.5417 133.466 84.6182 133.41 84.6747C133.354 84.7311 133.277 84.7628 133.197 84.7628ZM133.197 81.1523C133.117 81.1523 133.041 81.1206 132.984 81.0641C132.928 81.0077 132.896 80.9312 132.896 80.8514V79.0461C132.896 78.9663 132.928 78.8898 132.984 78.8334C133.041 78.777 133.117 78.7453 133.197 78.7453C133.277 78.7453 133.354 78.777 133.41 78.8334C133.466 78.8898 133.498 78.9663 133.498 79.0461V80.8514C133.498 80.9312 133.466 81.0077 133.41 81.0641C133.354 81.1206 133.277 81.1523 133.197 81.1523ZM133.197 77.5418C133.117 77.5418 133.041 77.5101 132.984 77.4536C132.928 77.3972 132.896 77.3207 132.896 77.2409V75.4356C132.896 75.3558 132.928 75.2793 132.984 75.2229C133.041 75.1664 133.117 75.1347 133.197 75.1347C133.277 75.1347 133.354 75.1664 133.41 75.2229C133.466 75.2793 133.498 75.3558 133.498 75.4356V77.2409C133.498 77.3207 133.466 77.3972 133.41 77.4536C133.354 77.5101 133.277 77.5418 133.197 77.5418ZM133.197 73.9312C133.117 73.9312 133.041 73.8995 132.984 73.8431C132.928 73.7867 132.896 73.7102 132.896 73.6304V71.8251C132.896 71.7453 132.928 71.6688 132.984 71.6124C133.041 71.5559 133.117 71.5242 133.197 71.5242C133.277 71.5242 133.354 71.5559 133.41 71.6124C133.466 71.6688 133.498 71.7453 133.498 71.8251V73.6304C133.498 73.7102 133.466 73.7867 133.41 73.8431C133.354 73.8995 133.277 73.9312 133.197 73.9312ZM133.197 70.3207C133.117 70.3207 133.041 70.289 132.984 70.2326C132.928 70.1762 132.896 70.0996 132.896 70.0198V68.2146C132.896 68.1348 132.928 68.0583 132.984 68.0018C133.041 67.9454 133.117 67.9137 133.197 67.9137C133.277 67.9137 133.354 67.9454 133.41 68.0018C133.466 68.0583 133.498 68.1348 133.498 68.2146V70.0198C133.498 70.0996 133.466 70.1762 133.41 70.2326C133.354 70.289 133.277 70.3207 133.197 70.3207ZM133.197 66.7102C133.117 66.7102 133.041 66.6785 132.984 66.6221C132.928 66.5657 132.896 66.4891 132.896 66.4093V64.6041C132.896 64.5243 132.928 64.4477 132.984 64.3913C133.041 64.3349 133.117 64.3032 133.197 64.3032C133.277 64.3032 133.354 64.3349 133.41 64.3913C133.466 64.4477 133.498 64.5243 133.498 64.6041V66.4093C133.498 66.4891 133.466 66.5657 133.41 66.6221C133.354 66.6785 133.277 66.7102 133.197 66.7102ZM133.197 63.0997C133.117 63.0997 133.041 63.068 132.984 63.0116C132.928 62.9551 132.896 62.8786 132.896 62.7988V60.9936C132.896 60.9138 132.928 60.8372 132.984 60.7808C133.041 60.7244 133.117 60.6927 133.197 60.6927C133.277 60.6927 133.354 60.7244 133.41 60.7808C133.466 60.8372 133.498 60.9138 133.498 60.9936V62.7988C133.498 62.8786 133.466 62.9551 133.41 63.0116C133.354 63.068 133.277 63.0997 133.197 63.0997ZM132.216 60.47H130.411C130.331 60.47 130.255 60.4383 130.198 60.3819C130.142 60.3255 130.11 60.249 130.11 60.1692C130.11 60.0894 130.142 60.0128 130.198 59.9564C130.255 59.9 130.331 59.8683 130.411 59.8683H132.216C132.296 59.8683 132.373 59.9 132.429 59.9564C132.486 60.0128 132.517 60.0894 132.517 60.1692C132.517 60.249 132.486 60.3255 132.429 60.3819C132.373 60.4383 132.296 60.47 132.216 60.47ZM128.606 60.47H126.801C126.721 60.47 126.644 60.4383 126.588 60.3819C126.531 60.3255 126.5 60.249 126.5 60.1692C126.5 60.0894 126.531 60.0128 126.588 59.9564C126.644 59.9 126.721 59.8683 126.801 59.8683H128.606C128.686 59.8683 128.762 59.9 128.819 59.9564C128.875 60.0128 128.907 60.0894 128.907 60.1692C128.907 60.249 128.875 60.3255 128.819 60.3819C128.762 60.4383 128.686 60.47 128.606 60.47ZM124.995 60.47H123.19C123.11 60.47 123.034 60.4383 122.977 60.3819C122.921 60.3255 122.889 60.249 122.889 60.1692C122.889 60.0894 122.921 60.0128 122.977 59.9564C123.034 59.9 123.11 59.8683 123.19 59.8683H124.995C125.075 59.8683 125.152 59.9 125.208 59.9564C125.264 60.0128 125.296 60.0894 125.296 60.1692C125.296 60.249 125.264 60.3255 125.208 60.3819C125.152 60.4383 125.075 60.47 124.995 60.47ZM121.385 60.47H119.58C119.5 60.47 119.423 60.4383 119.367 60.3819C119.31 60.3255 119.279 60.249 119.279 60.1692C119.279 60.0894 119.31 60.0128 119.367 59.9564C119.423 59.9 119.5 59.8683 119.58 59.8683H121.385C121.465 59.8683 121.541 59.9 121.598 59.9564C121.654 60.0128 121.686 60.0894 121.686 60.1692C121.686 60.249 121.654 60.3255 121.598 60.3819C121.541 60.4383 121.465 60.47 121.385 60.47ZM117.774 60.47H115.969C115.889 60.47 115.813 60.4383 115.756 60.3819C115.7 60.3255 115.668 60.249 115.668 60.1692C115.668 60.0894 115.7 60.0128 115.756 59.9564C115.813 59.9 115.889 59.8683 115.969 59.8683H117.774C117.854 59.8683 117.931 59.9 117.987 59.9564C118.043 60.0128 118.075 60.0894 118.075 60.1692C118.075 60.249 118.043 60.3255 117.987 60.3819C117.931 60.4383 117.854 60.47 117.774 60.47ZM114.164 60.47H112.358C112.279 60.47 112.202 60.4383 112.146 60.3819C112.089 60.3255 112.058 60.249 112.058 60.1692C112.058 60.0894 112.089 60.0128 112.146 59.9564C112.202 59.9 112.279 59.8683 112.358 59.8683H114.164C114.244 59.8683 114.32 59.9 114.377 59.9564C114.433 60.0128 114.465 60.0894 114.465 60.1692C114.465 60.249 114.433 60.3255 114.377 60.3819C114.32 60.4383 114.244 60.47 114.164 60.47Z" fill="#000091"/>
+<path d="M104.036 12.9165C103.992 12.9173 103.948 12.9081 103.907 12.8897C103.867 12.8713 103.831 12.8442 103.802 12.8102C103.773 12.7763 103.752 12.7363 103.741 12.6933C103.729 12.6503 103.727 12.6053 103.736 12.5615L105.906 0.64681C105.921 0.56821 105.965 0.498455 106.031 0.452892C106.097 0.407329 106.178 0.389689 106.256 0.403853C106.335 0.418017 106.404 0.462825 106.45 0.52842C106.496 0.594014 106.513 0.675021 106.499 0.753621L104.331 12.6668C104.319 12.7364 104.283 12.7996 104.229 12.8453C104.175 12.8909 104.107 12.9162 104.036 12.9165ZM111.828 16.6038C111.77 16.6035 111.714 16.587 111.666 16.556C111.618 16.5251 111.58 16.4811 111.556 16.4291C111.532 16.3771 111.523 16.3194 111.531 16.2627C111.538 16.2059 111.562 16.1526 111.599 16.1088L119.437 6.87495C119.488 6.8141 119.562 6.77628 119.642 6.76979C119.721 6.7633 119.8 6.78868 119.861 6.84035C119.922 6.89202 119.96 6.96574 119.966 7.0453C119.973 7.12486 119.947 7.20374 119.896 7.26458L112.056 16.4985C112.028 16.5315 111.993 16.558 111.953 16.5762C111.914 16.5944 111.871 16.6038 111.828 16.6038ZM115.465 24.1467C115.403 24.1469 115.342 24.1278 115.291 24.0919C115.24 24.0561 115.202 24.0053 115.181 23.9467C115.154 23.8717 115.159 23.7892 115.193 23.7173C115.227 23.6454 115.288 23.5899 115.363 23.563L128.036 19.0319C128.111 19.0051 128.194 19.0094 128.266 19.0436C128.338 19.0779 128.393 19.1394 128.42 19.2146C128.447 19.2898 128.443 19.3726 128.408 19.4447C128.374 19.5168 128.313 19.5723 128.237 19.599C114.642 24.4597 115.545 24.1467 115.465 24.1467ZM16.0752 136.694C13.3455 136.695 10.6631 135.981 8.29455 134.624C8.26027 134.604 8.23023 134.578 8.20612 134.547C8.18201 134.515 8.16432 134.479 8.15405 134.441C8.14378 134.403 8.14114 134.363 8.14628 134.324C8.15141 134.285 8.16422 134.247 8.18398 134.213C8.20373 134.178 8.23005 134.148 8.26142 134.124C8.29279 134.1 8.3286 134.082 8.3668 134.072C8.40501 134.062 8.44487 134.059 8.48409 134.064C8.52332 134.069 8.56115 134.082 8.59543 134.102C11.9205 136.008 15.8471 136.576 19.5758 135.689C23.3045 134.801 26.5548 132.526 28.6649 129.327C30.7751 126.127 31.5863 122.243 30.9334 118.467C30.2805 114.69 28.2126 111.304 25.1508 108.998C22.089 106.693 18.2635 105.641 14.4534 106.057C10.6432 106.473 7.13492 108.326 4.64286 111.238C2.1508 114.15 0.862376 117.902 1.03996 121.731C1.21755 125.56 2.84778 129.177 5.5987 131.845C5.64099 131.903 5.66113 131.975 5.65548 132.046C5.64983 132.118 5.61877 132.185 5.56791 132.236C5.51704 132.286 5.44973 132.317 5.37813 132.323C5.30652 132.328 5.23535 132.308 5.17747 132.265C2.57587 129.737 0.934092 126.383 0.533277 122.778C0.132462 119.172 0.997549 115.54 2.98039 112.502C4.96324 109.464 7.94049 107.211 11.4023 106.127C14.8641 105.042 18.5951 105.196 21.9564 106.56C25.3177 107.924 28.1002 110.414 29.8274 113.604C31.5545 116.794 32.1189 120.486 31.4239 124.046C30.7289 127.606 28.8177 130.814 26.0177 133.121C23.2176 135.427 19.7028 136.688 16.0752 136.688V136.694Z" fill="#18753C"/>
+<path d="M27.2197 127.466C26.0926 129.426 24.4688 131.054 22.5119 132.186C20.5551 133.318 18.3344 133.914 16.0737 133.914C13.813 133.914 11.5923 133.318 9.63549 132.186C7.67864 131.054 6.05481 129.426 4.92773 127.466C6.05523 125.507 7.67911 123.88 9.63577 122.749C11.5924 121.617 13.8127 121.022 16.0729 121.022C18.3332 121.022 20.5535 121.617 22.5101 122.749C24.4668 123.88 26.0907 125.507 27.2182 127.466H27.2197Z" fill="#18753C"/>
+<path d="M16.0751 121.583C19.1816 121.583 21.7 119.064 21.7 115.958C21.7 112.851 19.1816 110.333 16.0751 110.333C12.9685 110.333 10.4502 112.851 10.4502 115.958C10.4502 119.064 12.9685 121.583 16.0751 121.583Z" fill="#18753C"/>
+<path d="M43.3242 121.199H41.519C41.4392 121.199 41.3627 121.167 41.3062 121.111C41.2498 121.054 41.2181 120.978 41.2181 120.898C41.2181 120.818 41.2498 120.742 41.3062 120.685C41.3627 120.629 41.4392 120.597 41.519 120.597H43.3242C43.404 120.597 43.4806 120.629 43.537 120.685C43.5934 120.742 43.6251 120.818 43.6251 120.898C43.6251 120.978 43.5934 121.054 43.537 121.111C43.4806 121.167 43.404 121.199 43.3242 121.199ZM39.7137 121.199H37.9085C37.8287 121.199 37.7521 121.167 37.6957 121.111C37.6393 121.054 37.6076 120.978 37.6076 120.898C37.6076 120.818 37.6393 120.742 37.6957 120.685C37.7521 120.629 37.8287 120.597 37.9085 120.597H39.7137C39.7935 120.597 39.87 120.629 39.9265 120.685C39.9829 120.742 40.0146 120.818 40.0146 120.898C40.0146 120.978 39.9829 121.054 39.9265 121.111C39.87 121.167 39.7935 121.199 39.7137 121.199ZM36.1032 121.199H34.2979C34.2181 121.199 34.1416 121.167 34.0852 121.111C34.0288 121.054 33.9971 120.978 33.9971 120.898C33.9971 120.818 34.0288 120.742 34.0852 120.685C34.1416 120.629 34.2181 120.597 34.2979 120.597H36.1032C36.183 120.597 36.2595 120.629 36.316 120.685C36.3724 120.742 36.4041 120.818 36.4041 120.898C36.4041 120.978 36.3724 121.054 36.316 121.111C36.2595 121.167 36.183 121.199 36.1032 121.199ZM44.8286 120.898C44.7488 120.898 44.6723 120.866 44.6159 120.81C44.5594 120.753 44.5277 120.677 44.5277 120.597V118.792C44.5277 118.712 44.5594 118.636 44.6159 118.579C44.6723 118.523 44.7488 118.491 44.8286 118.491C44.9084 118.491 44.9849 118.523 45.0414 118.579C45.0978 118.636 45.1295 118.712 45.1295 118.792V120.597C45.1295 120.677 45.0978 120.753 45.0414 120.81C44.9849 120.866 44.9084 120.898 44.8286 120.898ZM44.8286 117.287C44.7488 117.287 44.6723 117.256 44.6159 117.199C44.5594 117.143 44.5277 117.066 44.5277 116.987V115.181C44.5277 115.102 44.5594 115.025 44.6159 114.969C44.6723 114.912 44.7488 114.88 44.8286 114.88C44.9084 114.88 44.9849 114.912 45.0414 114.969C45.0978 115.025 45.1295 115.102 45.1295 115.181V116.987C45.1295 117.066 45.0978 117.143 45.0414 117.199C44.9849 117.256 44.9084 117.287 44.8286 117.287ZM44.8286 113.677C44.7488 113.677 44.6723 113.645 44.6159 113.589C44.5594 113.532 44.5277 113.456 44.5277 113.376V111.571C44.5277 111.491 44.5594 111.415 44.6159 111.358C44.6723 111.302 44.7488 111.27 44.8286 111.27C44.9084 111.27 44.9849 111.302 45.0414 111.358C45.0978 111.415 45.1295 111.491 45.1295 111.571V113.376C45.1295 113.456 45.0978 113.532 45.0414 113.589C44.9849 113.645 44.9084 113.677 44.8286 113.677ZM44.8286 110.066C44.7488 110.066 44.6723 110.035 44.6159 109.978C44.5594 109.922 44.5277 109.845 44.5277 109.766V107.96C44.5277 107.881 44.5594 107.804 44.6159 107.748C44.6723 107.691 44.7488 107.659 44.8286 107.659C44.9084 107.659 44.9849 107.691 45.0414 107.748C45.0978 107.804 45.1295 107.881 45.1295 107.96V109.766C45.1295 109.845 45.0978 109.922 45.0414 109.978C44.9849 110.035 44.9084 110.066 44.8286 110.066ZM44.8286 106.456C44.7488 106.456 44.6723 106.424 44.6159 106.368C44.5594 106.311 44.5277 106.235 44.5277 106.155V104.35C44.5277 104.27 44.5594 104.193 44.6159 104.137C44.6723 104.081 44.7488 104.049 44.8286 104.049C44.9084 104.049 44.9849 104.081 45.0414 104.137C45.0978 104.193 45.1295 104.27 45.1295 104.35V106.155C45.1295 106.235 45.0978 106.311 45.0414 106.368C44.9849 106.424 44.9084 106.456 44.8286 106.456ZM44.8286 102.845C44.7488 102.845 44.6723 102.814 44.6159 102.757C44.5594 102.701 44.5277 102.624 44.5277 102.545V100.739C44.5277 100.659 44.5594 100.583 44.6159 100.527C44.6723 100.47 44.7488 100.438 44.8286 100.438C44.9084 100.438 44.9849 100.47 45.0414 100.527C45.0978 100.583 45.1295 100.659 45.1295 100.739V102.545C45.1295 102.624 45.0978 102.701 45.0414 102.757C44.9849 102.814 44.9084 102.845 44.8286 102.845Z" fill="#000091"/>
+</svg>
diff --git a/itou/static/img/pro_connect_bouton.svg b/itou/static/img/pro_connect_bouton.svg
new file mode 100644
index 0000000000..289890596c
--- /dev/null
+++ b/itou/static/img/pro_connect_bouton.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="211" height="58" fill="none"><path fill="#000091" d="M0 0h211v58H0z"/><path fill="#fff" d="m69.986 26.368 1.156-1.071c.833 1.054 1.819 1.598 2.941 1.598 1.292 0 2.04-.816 2.04-1.904 0-2.55-5.627-2.244-5.627-6.035 0-1.734 1.428-3.196 3.451-3.196 1.683 0 2.907.765 3.791 1.938l-1.19 1.037c-.697-1.003-1.547-1.547-2.584-1.547-1.105 0-1.836.748-1.836 1.734 0 2.567 5.627 2.244 5.627 6.052 0 2.023-1.581 3.349-3.655 3.349-1.768 0-3.077-.663-4.114-1.955Zm10.817-5.712H79.46l1.445-4.556h1.649l-1.751 4.556Zm4.818-3.451c-.56 0-1.02-.459-1.02-1.02a1.02 1.02 0 0 1 1.02-1.003c.561 0 1.003.459 1.003 1.003 0 .561-.442 1.02-1.003 1.02ZM84.891 28v-8.568h1.444V28H84.89Zm3.767-4.284c0-2.499 1.717-4.624 4.403-4.624 1.241 0 2.261.459 3.043 1.292V15.25h1.445V28h-1.445v-.952c-.782.833-1.802 1.292-3.043 1.292-2.686 0-4.403-2.125-4.403-4.624Zm1.53 0c0 1.819 1.224 3.264 3.043 3.264 1.19 0 2.21-.578 2.873-1.598V22.05c-.68-1.037-1.7-1.598-2.873-1.598-1.819 0-3.043 1.445-3.043 3.264Zm18.023 2.873c-.799 1.071-2.074 1.751-3.672 1.751-2.89 0-4.675-2.125-4.675-4.624 0-2.601 1.666-4.624 4.318-4.624 2.329 0 3.842 1.581 3.842 3.723 0 .34-.051.68-.102.918h-6.562v.034c0 1.887 1.292 3.264 3.213 3.264 1.088 0 2.006-.51 2.567-1.275l1.071.833Zm-4.012-6.256c-1.394 0-2.38.782-2.72 2.261h5.083c-.051-1.241-.952-2.261-2.363-2.261ZM110.473 28v-8.568h1.445v.969c.697-.765 1.581-1.309 2.856-1.309 1.921 0 3.349 1.292 3.349 3.723V28h-1.462v-5.134c0-1.53-.85-2.414-2.176-2.414-1.241 0-2.023.714-2.567 1.615V28h-1.445Zm11.052-2.873v-4.369h-1.615v-1.326h1.615V17.29h1.462v2.142h2.975v1.326h-2.975v4.369c0 1.343.68 1.717 1.717 1.717.561 0 .952-.068 1.275-.204v1.292c-.408.17-.867.238-1.479.238-1.904 0-2.975-.952-2.975-3.043Zm7.377-7.922c-.561 0-1.02-.459-1.02-1.02a1.02 1.02 0 0 1 1.02-1.003c.561 0 1.003.459 1.003 1.003 0 .561-.442 1.02-1.003 1.02ZM128.171 28v-8.568h1.445V28h-1.445Zm3.377-8.568h1.615v-1.054c0-1.836 1.207-3.128 3.043-3.128.952 0 1.7.34 2.21.833l-.901 1.054a1.633 1.633 0 0 0-1.292-.578c-.935 0-1.598.68-1.598 1.785v1.088h2.975v1.326h-2.975V28h-1.462v-7.242h-1.615v-1.326Zm8.543-2.227c-.561 0-1.02-.459-1.02-1.02a1.02 1.02 0 0 1 1.02-1.003c.561 0 1.003.459 1.003 1.003 0 .561-.442 1.02-1.003 1.02ZM139.36 28v-8.568h1.445V28h-1.445Zm12.115-1.411c-.799 1.071-2.074 1.751-3.672 1.751-2.89 0-4.675-2.125-4.675-4.624 0-2.601 1.666-4.624 4.318-4.624 2.329 0 3.842 1.581 3.842 3.723 0 .34-.051.68-.102.918h-6.562v.034c0 1.887 1.292 3.264 3.213 3.264 1.088 0 2.006-.51 2.567-1.275l1.071.833Zm-4.012-6.256c-1.394 0-2.38.782-2.72 2.261h5.083c-.051-1.241-.952-2.261-2.363-2.261ZM153.737 28v-8.568h1.445v1.071c.629-.748 1.411-1.241 2.499-1.241.272 0 .527.034.731.102v1.496a3.105 3.105 0 0 0-.85-.119c-1.122 0-1.853.578-2.38 1.445V28h-1.445Zm13.685.34c-1.683 0-2.822-.952-2.822-2.448 0-1.326.986-2.278 2.822-2.567l2.873-.476v-.595c0-1.19-.85-1.87-2.057-1.87-1.003 0-1.836.442-2.329 1.19l-1.088-.833c.748-1.02 1.955-1.649 3.451-1.649 2.176 0 3.468 1.275 3.468 3.162V28h-1.445v-1.088c-.646.901-1.717 1.428-2.873 1.428Zm-1.377-2.499c0 .731.629 1.292 1.615 1.292 1.139 0 2.04-.595 2.635-1.581V23.92l-2.533.442c-1.19.187-1.717.731-1.717 1.479Zm7.252-6.409h1.564l2.737 7.055 2.737-7.055h1.564L178.55 28h-1.904l-3.349-8.568Zm17.856 7.157c-.799 1.071-2.074 1.751-3.672 1.751-2.89 0-4.675-2.125-4.675-4.624 0-2.601 1.666-4.624 4.318-4.624 2.329 0 3.842 1.581 3.842 3.723 0 .34-.051.68-.102.918h-6.562v.034c0 1.887 1.292 3.264 3.213 3.264 1.088 0 2.006-.51 2.567-1.275l1.071.833Zm-4.012-6.256c-1.394 0-2.38.782-2.72 2.261h5.083c-.051-1.241-.952-2.261-2.363-2.261Zm10.185 6.647c1.054 0 1.904-.51 2.431-1.275l1.156.884c-.799 1.071-2.04 1.751-3.604 1.751-2.839 0-4.658-2.125-4.658-4.624 0-2.499 1.819-4.624 4.658-4.624 1.547 0 2.805.697 3.604 1.751l-1.156.884a2.925 2.925 0 0 0-2.448-1.275c-1.836 0-3.145 1.445-3.145 3.264 0 1.836 1.309 3.264 3.162 3.264ZM70.854 45V32.4h4.158c2.772 0 4.464 1.422 4.464 3.762 0 2.322-1.692 3.744-4.464 3.744H73.41V45h-2.556Zm4.266-10.422h-1.71v3.15h1.71c1.08 0 1.728-.576 1.728-1.602 0-.954-.648-1.548-1.728-1.548ZM81.249 45v-9.072h2.286v.9c.594-.612 1.368-1.08 2.394-1.08.306 0 .576.054.792.126v2.394a3.938 3.938 0 0 0-1.008-.126c-1.116 0-1.836.612-2.178 1.17V45h-2.286Zm11.386-9.432c2.952 0 4.968 2.178 4.968 4.896s-2.016 4.896-4.968 4.896-4.968-2.178-4.968-4.896 2.016-4.896 4.968-4.896Zm.036 7.632c1.458 0 2.556-1.17 2.556-2.736 0-1.584-1.098-2.736-2.556-2.736-1.512 0-2.628 1.152-2.628 2.736 0 1.584 1.116 2.736 2.628 2.736Zm13.172-.234c1.44 0 2.574-.702 3.294-1.728l2.016 1.548c-1.152 1.566-3.024 2.574-5.31 2.574-3.978 0-6.696-3.06-6.696-6.66s2.718-6.66 6.696-6.66c2.286 0 4.158 1.026 5.31 2.556l-2.016 1.566c-.72-1.026-1.854-1.728-3.294-1.728-2.376 0-4.068 1.854-4.068 4.266s1.692 4.266 4.068 4.266Zm11.366-7.398c2.952 0 4.968 2.178 4.968 4.896s-2.016 4.896-4.968 4.896-4.968-2.178-4.968-4.896 2.016-4.896 4.968-4.896Zm.036 7.632c1.458 0 2.556-1.17 2.556-2.736 0-1.584-1.098-2.736-2.556-2.736-1.512 0-2.628 1.152-2.628 2.736 0 1.584 1.116 2.736 2.628 2.736Zm7.018 1.8v-9.072h2.286v.72c.63-.612 1.476-1.08 2.682-1.08 1.962 0 3.528 1.35 3.528 4.032V45h-2.322v-5.31c0-1.206-.666-1.962-1.782-1.962-1.152 0-1.764.774-2.106 1.35V45h-2.286Zm11.091 0v-9.072h2.286v.72c.63-.612 1.476-1.08 2.682-1.08 1.962 0 3.528 1.35 3.528 4.032V45h-2.322v-5.31c0-1.206-.666-1.962-1.782-1.962-1.152 0-1.764.774-2.106 1.35V45h-2.286Zm19.444-1.476c-.846 1.134-2.25 1.836-3.96 1.836-3.222 0-5.04-2.25-5.04-4.896 0-2.682 1.692-4.896 4.662-4.896 2.52 0 4.176 1.692 4.176 4.068 0 .504-.072.99-.144 1.296h-6.354c.144 1.494 1.188 2.376 2.736 2.376.99 0 1.8-.432 2.286-1.08l1.638 1.296Zm-4.338-6.048c-1.116 0-1.872.54-2.178 1.728h4.086c-.036-.9-.702-1.728-1.908-1.728Zm10.696 5.724c.882 0 1.584-.432 2.016-1.062l1.818 1.386c-.846 1.116-2.178 1.836-3.834 1.836-3.132 0-5.004-2.25-5.004-4.896s1.872-4.896 5.004-4.896c1.656 0 2.988.72 3.834 1.836l-1.818 1.386c-.432-.63-1.116-1.062-2.052-1.062-1.494 0-2.592 1.152-2.592 2.736 0 1.602 1.098 2.736 2.628 2.736Zm6.204-1.512v-3.672h-1.692v-2.088h1.692V33.66h2.304v2.268h2.772v2.088h-2.772v3.672c0 1.008.54 1.404 1.44 1.404.63 0 1.044-.072 1.35-.198v1.998c-.45.198-.99.288-1.746.288-2.268 0-3.348-1.278-3.348-3.492Z"/><path fill="#000091" d="M46.992 19.098 31.998 10.42l-14.994 8.76a.606.606 0 0 0-.306.525v16.948a.666.666 0 0 0 .306.524l14.992 8.6 14.994-8.706a.666.666 0 0 0 .306-.524V19.626a.604.604 0 0 0-.304-.528Z"/><path fill="#FCC63A" d="m26.641 19.598-5.029 8.628-4.557-9.175 5.39-3.113 4.489 3.16-.293.5Zm20.656 16.98V19.62a.6.6 0 0 0-.306-.523L31.998 10.42"/><path fill="#0063CB" d="M16.7 36.578 32 10.42v35.362l-14.996-8.605a.665.665 0 0 1-.306-.524V19.706l.002 16.872Zm24.669-20.735 5.458 3.155-4.489 9.15-5.387-9.236 4.418-3.07Z"/><path fill="#fff" d="m51.606 16.303-19.19-11.02a.933.933 0 0 0-.832 0l-19.19 11.02a.887.887 0 0 0-.394.695v22a.885.885 0 0 0 .394.7l19.189 11.02a.932.932 0 0 0 .832 0l19.191-11.02a.886.886 0 0 0 .394-.7v-22a.887.887 0 0 0-.394-.695ZM22.789 34.059h.079c-.042 0-.079.007-.079.05 0 .1.151 0 .2.1a.912.912 0 0 0-.629.276c0 .05.1.05.151.05-.075.1-.226.05-.277.152a.176.176 0 0 0 .1.05c-.05 0-.1 0-.1.05v.152c-.126 0-.176.1-.277.15.2.152.327 0 .528 0-.528.2-.956.479-1.484.63-.1 0 0 .15-.1.15.151.1.227-.05.377-.05-.654.378-1.333.7-2.037 1.133a.351.351 0 0 0-.1.2h-.2c-.1.05-.05.176-.151.277.226.15.5-.2.654 0 .05 0-.1.05-.2.05-.05 0-.05.1-.1.1h-.154c-.1.075-.2.126-.2.276a.22.22 0 0 0-.226.1 9.031 9.031 0 0 0 3.144-.578 7.683 7.683 0 0 0 2.088-1.56.176.176 0 0 1 .05.1c-.147.437-.43.816-.806 1.08-.277.152-.478.378-.7.479a4.057 4.057 0 0 0-.428.276c-.632.197-1.281.335-1.939.412l-.305.044c-.225.033-.449.069-.671.108l-1.993-1.138a.647.647 0 0 1-.288-.411.57.57 0 0 0 .094-.063.266.266 0 0 0-.113-.071v-.65a12.782 12.782 0 0 0 3.038-.942 8.746 8.746 0 0 0-3.037-1.343v-1.515a11.67 11.67 0 0 1 1.639.392 6.42 6.42 0 0 1 1.182.578c.147.14.307.267.478.377a.91.91 0 0 0 .8.05h.33a3.961 3.961 0 0 0 1.937-.905c0 .05.05.05.1.05a3.629 3.629 0 0 1-.428 1.132c.003.05-.048.152.053.202Zm2.817 3.57c.251-.1.4-.276.629-.376-.05.05-.05.15-.1.2a3.699 3.699 0 0 0-.528.4 15.965 15.965 0 0 0-1.585 1.61c-.252.3-.528.578-.8.855-.096.09-.2.172-.31.245l-2.527-1.45c.36.03.721.013 1.076-.053.294-.083.58-.192.855-.327v.1c.7-.277 1.232-.906 1.937-1.132.025 0 .126.1.226.05a1.883 1.883 0 0 1 1.509-.7c0 .05 0 .1.05.1h.025c-.151.126-.327.25-.5.377-.057.052-.007.102.043.102Zm-8.908-6.163v-.186a5.817 5.817 0 0 1 1.588-.188 1.52 1.52 0 0 1 .478 0 5.86 5.86 0 0 0-2.066.374Zm30.6 5.088a.665.665 0 0 1-.306.524l-10.079 5.85a32.296 32.296 0 0 1-3.408-1.184 2.826 2.826 0 0 1-.05-2.245c.08-.308.198-.605.352-.883.025-.025.05-.05.05-.076a.025.025 0 0 0 .025-.025 4.32 4.32 0 0 1 .377-.555l.015-.015.02-.021.015-.015c0-.025.025-.05.05-.076.025-.051.075-.076.1-.126.176-.186.37-.354.579-.5.213-.077.431-.136.654-.177.811.06 1.617.17 2.415.328a.752.752 0 0 1 .277.1c.301.059.612.041.905-.05a1.137 1.137 0 0 0 .855-.706 1.212 1.212 0 0 0 .05-1.06c-.178-.275-.013-.436.181-.59l.068-.054c.086-.061.164-.134.231-.216.126-.252-.1-.4-.151-.63-.05-.1-.226-.05-.327-.2.352-.151.855-.43.629-.857-.151-.227-.377-.63-.1-.857.352-.2.855-.151 1.006-.48a1.137 1.137 0 0 0-.292-1.084l-.075-.108a4.754 4.754 0 0 1-.211-.32 6.905 6.905 0 0 0-.528-.757 4.297 4.297 0 0 1-.528-1.01c-.151-.377.05-.705.05-1.083a6.347 6.347 0 0 0-.327-2.144c-.126-.353-.176-.731-.327-1.06a1.12 1.12 0 0 0-.226-.58.374.374 0 0 1 0-.327c.205-.145.399-.305.579-.48a.567.567 0 0 0-.2-.705c-.327-.151-.3.328-.528.429h-.151c-.05-.126.05-.177.151-.277 0-.05 0-.151-.05-.151-.2 0-.377-.051-.428-.151a3.957 3.957 0 0 0-1.861-1.286c.188.058.382.091.579.1.338.071.69.036 1.006-.1.227-.076.277-.48.377-.706a.8.8 0 0 0-.151-.631 2.19 2.19 0 0 0-.906-.756 9.13 9.13 0 0 1-.679-.353.956.956 0 0 0-.251-.126c-2.965-1.485-9.069-.2-9.534 0h-.009a8.254 8.254 0 0 0-1.249.475 3.922 3.922 0 0 0-2.365 2.465 3.83 3.83 0 0 0-1.333 1.509c-.428.8-1.056 1.509-.956 2.414.1.78.277 1.484.428 2.289.043.272.11.54.2.8.1.276 0 .629.151.855.075.15.025.327.227.428v.2c.05.05.05.1.151.1v.2c.435.423.807.906 1.107 1.434.1.276-.478.15-.7.05a5.977 5.977 0 0 1-1.132-.956.176.176 0 0 0-.051.1c.2.352.906.78.528 1.006-.2.1-.428-.151-.629.05-.05.076 0 .177 0 .277-.277-.2-.578-.1-.855-.2-.2-.05-.252-.427-.478-.427a15.191 15.191 0 0 0-1.811-.327 15.144 15.144 0 0 0-1.739-.16V19.707a.606.606 0 0 1 .306-.524l14.987-8.761 14.994 8.677a.605.605 0 0 1 .306.524v16.932Zm-7.954-8.261a.325.325 0 0 1-.282.149 2.84 2.84 0 0 0-.282.273c.1 0 0 .149.1.149-.205.223.077.694-.205.793-.37.099-.758.099-1.127 0a.727.727 0 0 1 .167-.016h.085a.382.382 0 0 0 .337-.132v-.2c0-.05-.051-.05-.1-.05a.16.16 0 0 1-.1.05.223.223 0 0 0-.154-.2.806.806 0 0 1-.718-.273.67.67 0 0 1 .436-.05c.128 0 .077-.223.231-.322h.154c.307-.372.871-.471.974-.843 0-.1-.282-.1-.487-.15a2.26 2.26 0 0 0-.82.05c-.36.05-.712.142-1.051.274.28-.206.592-.365.923-.471.232-.09.473-.157.718-.2l.132-.026.133-.027a.97.97 0 0 1 .556 0c.231.1.615.1.666.248.1.273-.154.545-.435.744-.057.08.149.135.149.23Z"/><rect width="29.56" height="13.302" x="37" y="5" fill="#FCC63A" rx="2"/><path fill="#161616" d="M39.562 16.168V7.316h2.921c.97 0 1.732.236 2.289.708.565.472.847 1.117.847 1.935 0 .81-.282 1.45-.847 1.922-.557.472-1.32.708-2.289.708h-1.125v3.579h-1.796Zm2.997-7.322h-1.201v2.213h1.2c.38 0 .675-.097.886-.29.22-.195.329-.473.329-.836 0-.337-.11-.602-.329-.796-.21-.194-.506-.291-.885-.291ZM47.23 16.168V7.316h2.707c.97 0 1.736.236 2.301.708.565.472.847 1.117.847 1.935 0 .53-.126.995-.379 1.39-.244.389-.59.688-1.037.899l2.782 3.92h-2.15l-2.352-3.579h-.923v3.579h-1.795Zm2.808-7.322h-1.012v2.213h1.012c.38 0 .674-.097.885-.29.21-.195.316-.473.316-.836 0-.337-.105-.602-.316-.796-.21-.194-.506-.291-.885-.291ZM59.549 7.063c.69 0 1.323.126 1.896.38.582.252 1.08.59 1.492 1.011.414.421.734.919.962 1.492.227.565.341 1.164.341 1.796 0 .632-.114 1.235-.341 1.808a4.485 4.485 0 0 1-.962 1.48c-.413.421-.91.758-1.492 1.011a4.648 4.648 0 0 1-1.896.38 4.738 4.738 0 0 1-3.402-1.391 4.484 4.484 0 0 1-.961-1.48 4.855 4.855 0 0 1-.342-1.808c0-.633.114-1.231.342-1.796.227-.573.548-1.07.961-1.492.413-.422.91-.759 1.492-1.012a4.737 4.737 0 0 1 1.91-.379Zm0 7.676a2.8 2.8 0 0 0 1.138-.228c.354-.16.653-.37.898-.632.252-.27.45-.586.594-.949a3.27 3.27 0 0 0 .215-1.188 3.17 3.17 0 0 0-.215-1.176 2.791 2.791 0 0 0-.595-.949 2.548 2.548 0 0 0-.897-.632 2.673 2.673 0 0 0-1.138-.24c-.413 0-.797.08-1.151.24a2.678 2.678 0 0 0-.91.632 2.899 2.899 0 0 0-.582.949 3.17 3.17 0 0 0-.215 1.176c0 .421.071.817.215 1.188.143.363.337.679.581.949.253.261.557.472.91.632.355.152.739.228 1.152.228Z"/></svg>
\ No newline at end of file
diff --git a/itou/static/img/pro_connect_bouton_hover.svg b/itou/static/img/pro_connect_bouton_hover.svg
new file mode 100644
index 0000000000..fcdd7df7ff
--- /dev/null
+++ b/itou/static/img/pro_connect_bouton_hover.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="211" height="58" fill="none"><g clip-path="url(#a)"><path fill="#1212FF" d="M211 0H0v58h211V0Z"/><path fill="#fff" d="m69.986 26.368 1.156-1.071c.833 1.054 1.819 1.598 2.941 1.598 1.292 0 2.04-.816 2.04-1.904 0-2.55-5.627-2.244-5.627-6.035 0-1.734 1.428-3.196 3.451-3.196 1.683 0 2.907.765 3.791 1.938l-1.19 1.037c-.697-1.003-1.547-1.547-2.584-1.547-1.105 0-1.836.748-1.836 1.734 0 2.567 5.627 2.244 5.627 6.052 0 2.023-1.581 3.349-3.655 3.349-1.768 0-3.077-.663-4.114-1.955Zm10.817-5.712H79.46l1.445-4.556h1.649l-1.751 4.556Zm4.818-3.451c-.56 0-1.02-.459-1.02-1.02a1.02 1.02 0 0 1 1.02-1.003c.561 0 1.003.459 1.003 1.003 0 .561-.442 1.02-1.003 1.02ZM84.891 28v-8.568h1.444V28H84.89Zm3.767-4.284c0-2.499 1.717-4.624 4.403-4.624 1.241 0 2.261.459 3.043 1.292V15.25h1.445V28h-1.445v-.952c-.782.833-1.802 1.292-3.043 1.292-2.686 0-4.403-2.125-4.403-4.624Zm1.53 0c0 1.819 1.224 3.264 3.043 3.264 1.19 0 2.21-.578 2.873-1.598V22.05c-.68-1.037-1.7-1.598-2.873-1.598-1.819 0-3.043 1.445-3.043 3.264Zm18.023 2.873c-.799 1.071-2.074 1.751-3.672 1.751-2.89 0-4.675-2.125-4.675-4.624 0-2.601 1.666-4.624 4.318-4.624 2.329 0 3.842 1.581 3.842 3.723 0 .34-.051.68-.102.918h-6.562v.034c0 1.887 1.292 3.264 3.213 3.264 1.088 0 2.006-.51 2.567-1.275l1.071.833Zm-4.012-6.256c-1.394 0-2.38.782-2.72 2.261h5.083c-.051-1.241-.952-2.261-2.363-2.261ZM110.473 28v-8.568h1.445v.969c.697-.765 1.581-1.309 2.856-1.309 1.921 0 3.349 1.292 3.349 3.723V28h-1.462v-5.134c0-1.53-.85-2.414-2.176-2.414-1.241 0-2.023.714-2.567 1.615V28h-1.445Zm11.052-2.873v-4.369h-1.615v-1.326h1.615V17.29h1.462v2.142h2.975v1.326h-2.975v4.369c0 1.343.68 1.717 1.717 1.717.561 0 .952-.068 1.275-.204v1.292c-.408.17-.867.238-1.479.238-1.904 0-2.975-.952-2.975-3.043Zm7.377-7.922c-.561 0-1.02-.459-1.02-1.02a1.02 1.02 0 0 1 1.02-1.003c.561 0 1.003.459 1.003 1.003 0 .561-.442 1.02-1.003 1.02ZM128.171 28v-8.568h1.445V28h-1.445Zm3.377-8.568h1.615v-1.054c0-1.836 1.207-3.128 3.043-3.128.952 0 1.7.34 2.21.833l-.901 1.054a1.633 1.633 0 0 0-1.292-.578c-.935 0-1.598.68-1.598 1.785v1.088h2.975v1.326h-2.975V28h-1.462v-7.242h-1.615v-1.326Zm8.543-2.227c-.561 0-1.02-.459-1.02-1.02a1.02 1.02 0 0 1 1.02-1.003c.561 0 1.003.459 1.003 1.003 0 .561-.442 1.02-1.003 1.02ZM139.36 28v-8.568h1.445V28h-1.445Zm12.115-1.411c-.799 1.071-2.074 1.751-3.672 1.751-2.89 0-4.675-2.125-4.675-4.624 0-2.601 1.666-4.624 4.318-4.624 2.329 0 3.842 1.581 3.842 3.723 0 .34-.051.68-.102.918h-6.562v.034c0 1.887 1.292 3.264 3.213 3.264 1.088 0 2.006-.51 2.567-1.275l1.071.833Zm-4.012-6.256c-1.394 0-2.38.782-2.72 2.261h5.083c-.051-1.241-.952-2.261-2.363-2.261ZM153.737 28v-8.568h1.445v1.071c.629-.748 1.411-1.241 2.499-1.241.272 0 .527.034.731.102v1.496a3.105 3.105 0 0 0-.85-.119c-1.122 0-1.853.578-2.38 1.445V28h-1.445Zm13.685.34c-1.683 0-2.822-.952-2.822-2.448 0-1.326.986-2.278 2.822-2.567l2.873-.476v-.595c0-1.19-.85-1.87-2.057-1.87-1.003 0-1.836.442-2.329 1.19l-1.088-.833c.748-1.02 1.955-1.649 3.451-1.649 2.176 0 3.468 1.275 3.468 3.162V28h-1.445v-1.088c-.646.901-1.717 1.428-2.873 1.428Zm-1.377-2.499c0 .731.629 1.292 1.615 1.292 1.139 0 2.04-.595 2.635-1.581V23.92l-2.533.442c-1.19.187-1.717.731-1.717 1.479Zm7.252-6.409h1.564l2.737 7.055 2.737-7.055h1.564L178.55 28h-1.904l-3.349-8.568Zm17.856 7.157c-.799 1.071-2.074 1.751-3.672 1.751-2.89 0-4.675-2.125-4.675-4.624 0-2.601 1.666-4.624 4.318-4.624 2.329 0 3.842 1.581 3.842 3.723 0 .34-.051.68-.102.918h-6.562v.034c0 1.887 1.292 3.264 3.213 3.264 1.088 0 2.006-.51 2.567-1.275l1.071.833Zm-4.012-6.256c-1.394 0-2.38.782-2.72 2.261h5.083c-.051-1.241-.952-2.261-2.363-2.261Zm10.185 6.647c1.054 0 1.904-.51 2.431-1.275l1.156.884c-.799 1.071-2.04 1.751-3.604 1.751-2.839 0-4.658-2.125-4.658-4.624 0-2.499 1.819-4.624 4.658-4.624 1.547 0 2.805.697 3.604 1.751l-1.156.884a2.925 2.925 0 0 0-2.448-1.275c-1.836 0-3.145 1.445-3.145 3.264 0 1.836 1.309 3.264 3.162 3.264ZM70.854 45V32.4h4.158c2.772 0 4.464 1.422 4.464 3.762 0 2.322-1.692 3.744-4.464 3.744H73.41V45h-2.556Zm4.266-10.422h-1.71v3.15h1.71c1.08 0 1.728-.576 1.728-1.602 0-.954-.648-1.548-1.728-1.548ZM81.249 45v-9.072h2.286v.9c.594-.612 1.368-1.08 2.394-1.08.306 0 .576.054.792.126v2.394a3.938 3.938 0 0 0-1.008-.126c-1.116 0-1.836.612-2.178 1.17V45h-2.286Zm11.386-9.432c2.952 0 4.968 2.178 4.968 4.896s-2.016 4.896-4.968 4.896-4.968-2.178-4.968-4.896 2.016-4.896 4.968-4.896Zm.036 7.632c1.458 0 2.556-1.17 2.556-2.736 0-1.584-1.098-2.736-2.556-2.736-1.512 0-2.628 1.152-2.628 2.736 0 1.584 1.116 2.736 2.628 2.736Zm13.172-.234c1.44 0 2.574-.702 3.294-1.728l2.016 1.548c-1.152 1.566-3.024 2.574-5.31 2.574-3.978 0-6.696-3.06-6.696-6.66s2.718-6.66 6.696-6.66c2.286 0 4.158 1.026 5.31 2.556l-2.016 1.566c-.72-1.026-1.854-1.728-3.294-1.728-2.376 0-4.068 1.854-4.068 4.266s1.692 4.266 4.068 4.266Zm11.366-7.398c2.952 0 4.968 2.178 4.968 4.896s-2.016 4.896-4.968 4.896-4.968-2.178-4.968-4.896 2.016-4.896 4.968-4.896Zm.036 7.632c1.458 0 2.556-1.17 2.556-2.736 0-1.584-1.098-2.736-2.556-2.736-1.512 0-2.628 1.152-2.628 2.736 0 1.584 1.116 2.736 2.628 2.736Zm7.018 1.8v-9.072h2.286v.72c.63-.612 1.476-1.08 2.682-1.08 1.962 0 3.528 1.35 3.528 4.032V45h-2.322v-5.31c0-1.206-.666-1.962-1.782-1.962-1.152 0-1.764.774-2.106 1.35V45h-2.286Zm11.091 0v-9.072h2.286v.72c.63-.612 1.476-1.08 2.682-1.08 1.962 0 3.528 1.35 3.528 4.032V45h-2.322v-5.31c0-1.206-.666-1.962-1.782-1.962-1.152 0-1.764.774-2.106 1.35V45h-2.286Zm19.444-1.476c-.846 1.134-2.25 1.836-3.96 1.836-3.222 0-5.04-2.25-5.04-4.896 0-2.682 1.692-4.896 4.662-4.896 2.52 0 4.176 1.692 4.176 4.068 0 .504-.072.99-.144 1.296h-6.354c.144 1.494 1.188 2.376 2.736 2.376.99 0 1.8-.432 2.286-1.08l1.638 1.296Zm-4.338-6.048c-1.116 0-1.872.54-2.178 1.728h4.086c-.036-.9-.702-1.728-1.908-1.728Zm10.696 5.724c.882 0 1.584-.432 2.016-1.062l1.818 1.386c-.846 1.116-2.178 1.836-3.834 1.836-3.132 0-5.004-2.25-5.004-4.896s1.872-4.896 5.004-4.896c1.656 0 2.988.72 3.834 1.836l-1.818 1.386c-.432-.63-1.116-1.062-2.052-1.062-1.494 0-2.592 1.152-2.592 2.736 0 1.602 1.098 2.736 2.628 2.736Zm6.204-1.512v-3.672h-1.692v-2.088h1.692V33.66h2.304v2.268h2.772v2.088h-2.772v3.672c0 1.008.54 1.404 1.44 1.404.63 0 1.044-.072 1.35-.198v1.998c-.45.198-.99.288-1.746.288-2.268 0-3.348-1.278-3.348-3.492Z"/><path fill="#000091" d="M46.992 19.098 31.998 10.42l-14.994 8.76a.606.606 0 0 0-.306.525v16.948a.666.666 0 0 0 .306.524l14.992 8.6 14.994-8.706a.666.666 0 0 0 .306-.524V19.626a.604.604 0 0 0-.304-.528Z"/><path fill="#FCC63A" d="m26.641 19.598-5.029 8.628-4.557-9.175 5.39-3.113 4.489 3.16-.293.5Zm20.656 16.98V19.62a.6.6 0 0 0-.306-.523L31.998 10.42"/><path fill="#0063CB" d="M16.7 36.578 32 10.42v35.362l-14.996-8.605a.665.665 0 0 1-.306-.524V19.706l.002 16.872Zm24.669-20.735 5.458 3.155-4.489 9.15-5.387-9.236 4.418-3.07Z"/><path fill="#fff" d="m51.606 16.303-19.19-11.02a.933.933 0 0 0-.832 0l-19.19 11.02a.887.887 0 0 0-.394.695v22a.885.885 0 0 0 .394.7l19.189 11.02a.932.932 0 0 0 .832 0l19.191-11.02a.886.886 0 0 0 .394-.7v-22a.887.887 0 0 0-.394-.695ZM22.789 34.059h.079c-.042 0-.079.007-.079.05 0 .1.151 0 .2.1a.912.912 0 0 0-.629.276c0 .05.1.05.151.05-.075.1-.226.05-.277.152a.176.176 0 0 0 .1.05c-.05 0-.1 0-.1.05v.152c-.126 0-.176.1-.277.15.2.152.327 0 .528 0-.528.2-.956.479-1.484.63-.1 0 0 .15-.1.15.151.1.227-.05.377-.05-.654.378-1.333.7-2.037 1.133a.351.351 0 0 0-.1.2h-.2c-.1.05-.05.176-.151.277.226.15.5-.2.654 0 .05 0-.1.05-.2.05-.05 0-.05.1-.1.1h-.154c-.1.075-.2.126-.2.276a.22.22 0 0 0-.226.1 9.031 9.031 0 0 0 3.144-.578 7.683 7.683 0 0 0 2.088-1.56.176.176 0 0 1 .05.1c-.147.437-.43.816-.806 1.08-.277.152-.478.378-.7.479a4.057 4.057 0 0 0-.428.276c-.632.197-1.281.335-1.939.412l-.305.044c-.225.033-.449.069-.671.108l-1.993-1.138a.647.647 0 0 1-.288-.411.57.57 0 0 0 .094-.063.266.266 0 0 0-.113-.071v-.65a12.782 12.782 0 0 0 3.038-.942 8.746 8.746 0 0 0-3.037-1.343v-1.515a11.67 11.67 0 0 1 1.639.392 6.42 6.42 0 0 1 1.182.578c.147.14.307.267.478.377a.91.91 0 0 0 .8.05h.33a3.961 3.961 0 0 0 1.937-.905c0 .05.05.05.1.05a3.629 3.629 0 0 1-.428 1.132c.003.05-.048.152.053.202Zm2.817 3.57c.251-.1.4-.276.629-.376-.05.05-.05.15-.1.2a3.699 3.699 0 0 0-.528.4 15.965 15.965 0 0 0-1.585 1.61c-.252.3-.528.578-.8.855-.096.09-.2.172-.31.245l-2.527-1.45c.36.03.721.013 1.076-.053.294-.083.58-.192.855-.327v.1c.7-.277 1.232-.906 1.937-1.132.025 0 .126.1.226.05a1.883 1.883 0 0 1 1.509-.7c0 .05 0 .1.05.1h.025c-.151.126-.327.25-.5.377-.057.052-.007.102.043.102Zm-8.908-6.163v-.186a5.817 5.817 0 0 1 1.588-.188 1.52 1.52 0 0 1 .478 0 5.86 5.86 0 0 0-2.066.374Zm30.6 5.088a.665.665 0 0 1-.306.524l-10.079 5.85a32.296 32.296 0 0 1-3.408-1.184 2.826 2.826 0 0 1-.05-2.245c.08-.308.198-.605.352-.883.025-.025.05-.05.05-.076a.025.025 0 0 0 .025-.025 4.32 4.32 0 0 1 .377-.555l.015-.015.02-.021.015-.015c0-.025.025-.05.05-.076.025-.051.075-.076.1-.126.176-.186.37-.354.579-.5.213-.077.431-.136.654-.177.811.06 1.617.17 2.415.328a.752.752 0 0 1 .277.1c.301.059.612.041.905-.05a1.137 1.137 0 0 0 .855-.706 1.212 1.212 0 0 0 .05-1.06c-.178-.275-.013-.436.181-.59l.068-.054c.086-.061.164-.134.231-.216.126-.252-.1-.4-.151-.63-.05-.1-.226-.05-.327-.2.352-.151.855-.43.629-.857-.151-.227-.377-.63-.1-.857.352-.2.855-.151 1.006-.48a1.137 1.137 0 0 0-.292-1.084l-.075-.108a4.754 4.754 0 0 1-.211-.32 6.905 6.905 0 0 0-.528-.757 4.297 4.297 0 0 1-.528-1.01c-.151-.377.05-.705.05-1.083a6.347 6.347 0 0 0-.327-2.144c-.126-.353-.176-.731-.327-1.06a1.12 1.12 0 0 0-.226-.58.374.374 0 0 1 0-.327c.205-.145.399-.305.579-.48a.567.567 0 0 0-.2-.705c-.327-.151-.3.328-.528.429h-.151c-.05-.126.05-.177.151-.277 0-.05 0-.151-.05-.151-.2 0-.377-.051-.428-.151a3.957 3.957 0 0 0-1.861-1.286c.188.058.382.091.579.1.338.071.69.036 1.006-.1.227-.076.277-.48.377-.706a.8.8 0 0 0-.151-.631 2.19 2.19 0 0 0-.906-.756 9.13 9.13 0 0 1-.679-.353.956.956 0 0 0-.251-.126c-2.965-1.485-9.069-.2-9.534 0h-.009a8.254 8.254 0 0 0-1.249.475 3.922 3.922 0 0 0-2.365 2.465 3.83 3.83 0 0 0-1.333 1.509c-.428.8-1.056 1.509-.956 2.414.1.78.277 1.484.428 2.289.043.272.11.54.2.8.1.276 0 .629.151.855.075.15.025.327.227.428v.2c.05.05.05.1.151.1v.2c.435.423.807.906 1.107 1.434.1.276-.478.15-.7.05a5.977 5.977 0 0 1-1.132-.956.176.176 0 0 0-.051.1c.2.352.906.78.528 1.006-.2.1-.428-.151-.629.05-.05.076 0 .177 0 .277-.277-.2-.578-.1-.855-.2-.2-.05-.252-.427-.478-.427a15.191 15.191 0 0 0-1.811-.327 15.144 15.144 0 0 0-1.739-.16V19.707a.606.606 0 0 1 .306-.524l14.987-8.761 14.994 8.677a.605.605 0 0 1 .306.524v16.932Zm-7.954-8.261a.325.325 0 0 1-.282.149 2.84 2.84 0 0 0-.282.273c.1 0 0 .149.1.149-.205.223.077.694-.205.793-.37.099-.758.099-1.127 0a.727.727 0 0 1 .167-.016h.085a.382.382 0 0 0 .337-.132v-.2c0-.05-.051-.05-.1-.05a.16.16 0 0 1-.1.05.223.223 0 0 0-.154-.2.806.806 0 0 1-.718-.273.67.67 0 0 1 .436-.05c.128 0 .077-.223.231-.322h.154c.307-.372.871-.471.974-.843 0-.1-.282-.1-.487-.15a2.26 2.26 0 0 0-.82.05c-.36.05-.712.142-1.051.274.28-.206.592-.365.923-.471.232-.09.473-.157.718-.2l.132-.026.133-.027a.97.97 0 0 1 .556 0c.231.1.615.1.666.248.1.273-.154.545-.435.744-.057.08.149.135.149.23Z"/><path fill="#FCC63A" d="M64.56 5H39a2 2 0 0 0-2 2v9.302a2 2 0 0 0 2 2h25.56a2 2 0 0 0 2-2V7a2 2 0 0 0-2-2Z"/><path fill="#161616" d="M39.562 16.168V7.316h2.921c.97 0 1.732.236 2.289.708.565.472.847 1.117.847 1.935 0 .81-.282 1.45-.847 1.922-.557.472-1.32.708-2.289.708h-1.125v3.579h-1.796Zm2.997-7.322h-1.201v2.213h1.2c.38 0 .675-.097.886-.29.22-.195.329-.473.329-.836 0-.337-.11-.602-.329-.796-.21-.194-.506-.291-.885-.291ZM47.23 16.168V7.316h2.707c.97 0 1.736.236 2.301.708.565.472.847 1.117.847 1.935 0 .53-.126.995-.379 1.39-.244.389-.59.688-1.037.899l2.782 3.92h-2.15l-2.352-3.579h-.923v3.579h-1.795Zm2.808-7.322h-1.012v2.213h1.012c.38 0 .674-.097.885-.29.21-.195.316-.473.316-.836 0-.337-.105-.602-.316-.796-.21-.194-.506-.291-.885-.291ZM59.549 7.063c.69 0 1.323.126 1.896.38.582.252 1.08.59 1.492 1.011.414.421.734.919.962 1.492.227.565.341 1.164.341 1.796 0 .632-.114 1.235-.341 1.808a4.485 4.485 0 0 1-.962 1.48c-.413.421-.91.758-1.492 1.011a4.648 4.648 0 0 1-1.896.38 4.738 4.738 0 0 1-3.402-1.391 4.484 4.484 0 0 1-.961-1.48 4.855 4.855 0 0 1-.342-1.808c0-.633.114-1.231.342-1.796.227-.573.548-1.07.961-1.492.413-.422.91-.759 1.492-1.012a4.737 4.737 0 0 1 1.91-.379Zm0 7.676a2.8 2.8 0 0 0 1.138-.228c.354-.16.653-.37.898-.632.252-.27.45-.586.594-.949a3.27 3.27 0 0 0 .215-1.188 3.17 3.17 0 0 0-.215-1.176 2.791 2.791 0 0 0-.595-.949 2.548 2.548 0 0 0-.897-.632 2.673 2.673 0 0 0-1.138-.24c-.413 0-.797.08-1.151.24a2.678 2.678 0 0 0-.91.632 2.899 2.899 0 0 0-.582.949 3.17 3.17 0 0 0-.215 1.176c0 .421.071.817.215 1.188.143.363.337.679.581.949.253.261.557.472.91.632.355.152.739.228 1.152.228Z"/></g><defs><clipPath id="a"><path fill="#fff" d="M0 0h211v58H0z"/></clipPath></defs></svg>
\ No newline at end of file
diff --git a/itou/templates/account/activate_inclusion_connect_account.html b/itou/templates/account/activate_inclusion_connect_account.html
index 63ce6bbcd3..c94de0e6fb 100644
--- a/itou/templates/account/activate_inclusion_connect_account.html
+++ b/itou/templates/account/activate_inclusion_connect_account.html
@@ -8,38 +8,63 @@
 
 {% block title %}Connexion {{ block.super }}{% endblock %}
 
-{% block body_class %}p-inclusion-connect{% endblock %}
-
 {% block content %}
     <section class="s-section pt-lg-3">
         <div class="s-section__container container">
             <div class="s-section__row row g-0">
                 <div class="s-section__col col-12 col-lg-6 bg-lg-white">
-                    <div class="bg-white p-3 py-lg-7 px-lg-8">
-                        <picture class="d-block mb-5">
-                            <img class="img-fluid" src="{% static_theme_images 'logo-inclusion-connect.svg' %}" width="240" alt="Inclusion Connect" />
-                        </picture>
-                        <h1 class="h2 mb-lg-4">Un accès unique à tous vos services !</h1>
-                        <p>Le service Inclusion Connect est à présent obligatoire pour se connecter à la plateforme des emplois.</p>
-                        <p>
-                            Il vous permettra d'accéder aux différents services partenaires avec <b>le même identifiant et le même mot de passe.</b>
-                        </p>
-                        <p>Il vous suffit de cliquer sur le bouton ci-desous pour activer votre compte</p>
-                        <a href="{{ inclusion_connect_url }}" class="btn btn-block btn-primary" {% matomo_event "activation "|add:matomo_account_type "clic" "activer-son-compte-inclusion-connect" %}>
-                            Activer mon compte Inclusion Connect
-                        </a>
-                        <a class="btn btn-link btn-block"
-                           href="https://plateforme-inclusion.notion.site/Un-compte-unique-pour-mes-services-num-riques-ded9135197654da590f5dde41d8bb68b"
-                           aria-label="Plus d'infos concernant Inclusion Connect"
-                           rel="noopener"
-                           target="_blank">
-                            <span>Plus d'infos</span>
-                            <i class="ri-external-link-line ri-lg"></i>
-                        </a>
-                    </div>
+                    {% if pro_connect_url %}
+                        <div class="bg-white p-3 py-lg-7 px-lg-8">
+                            <h1 class="h2 mb-lg-4">ProConnect, un accès unique à tous vos services !</h1>
+                            <p>Le service ProConnect est obligatoire pour se connecter au service les emplois de l'inclusion.</p>
+                            <p>
+                                Pour conserver l'accès à votre compte existant vous devez vous connecter ou créer un compte avec ProConnect à l'aide du bouton ci-dessous.
+                            </p>
+                            <p>
+                                Assurez vous que l'adresse e-mail utilisée soit la suivante :
+                                <br>
+                                <strong>{{ user.email }}</strong>
+                            </p>
+                            <div class="text-center">
+                                <a href="{{ pro_connect_url }}" class="proconnect-button" {% matomo_event "connexion "|add:matomo_account_type "clic" "se-connecter-avec-pro-connect" %}>
+                                </a>
+                            </div>
+                            <a class="btn btn-link btn-block" href="https://proconnect.gouv.fr/" aria-label="Plus d'infos concernant ProConnect" rel="noopener" target="_blank">
+                                <span>Plus d'infos</span>
+                                <i class="ri-external-link-line ri-lg"></i>
+                            </a>
+                        </div>
+                    {% else %}
+                        <div class="bg-white p-3 py-lg-7 px-lg-8">
+                            <picture class="d-block mb-5">
+                                <img class="img-fluid" src="{% static_theme_images 'logo-inclusion-connect.svg' %}" width="240" alt="Inclusion Connect" />
+                            </picture>
+                            <h1 class="h2 mb-lg-4">Un accès unique à tous vos services !</h1>
+                            <p>Le service Inclusion Connect est à présent obligatoire pour se connecter à la plateforme des emplois.</p>
+                            <p>
+                                Il vous permettra d'accéder aux différents services partenaires avec <b>le même identifiant et le même mot de passe.</b>
+                            </p>
+                            <p>Il vous suffit de cliquer sur le bouton ci-desous pour activer votre compte</p>
+                            <a href="{{ inclusion_connect_url }}" class="btn btn-block btn-primary" {% matomo_event "activation "|add:matomo_account_type "clic" "activer-son-compte-inclusion-connect" %}>
+                                Activer mon compte Inclusion Connect
+                            </a>
+                            <a class="btn btn-link btn-block"
+                               href="https://plateforme-inclusion.notion.site/Un-compte-unique-pour-mes-services-num-riques-ded9135197654da590f5dde41d8bb68b"
+                               aria-label="Plus d'infos concernant Inclusion Connect"
+                               rel="noopener"
+                               target="_blank">
+                                <span>Plus d'infos</span>
+                                <i class="ri-external-link-line ri-lg"></i>
+                            </a>
+                        </div>
+                    {% endif %}
                 </div>
                 <div class="s-section__col d-none d-lg-flex col-lg-6 p-lg-6 justify-content-center align-items-center bg-light">
-                    <img class="img-fluid" src="{% static 'img/illustration-ic.svg' %}" alt="" loading="lazy">
+                    {% if pro_connect_url %}
+                        <img class="img-fluid" src="{% static 'img/illustration-pc.svg' %}" alt="" loading="lazy">
+                    {% else %}
+                        <img class="img-fluid" src="{% static 'img/illustration-ic.svg' %}" alt="" loading="lazy">
+                    {% endif %}
                 </div>
             </div>
         </div>
diff --git a/itou/templates/account/login_generic.html b/itou/templates/account/login_generic.html
index f0de73f694..e7f4d20d68 100644
--- a/itou/templates/account/login_generic.html
+++ b/itou/templates/account/login_generic.html
@@ -14,9 +14,23 @@
         <div class="s-section__container container">
             <div class="s-section__row row">
                 <div class="s-section__col col-12 col-lg-6">
+                    <div class="alert alert-important">
+                        <p class="mb-0">Inclusion Connect devient ProConnect</p>
+                    </div>
                     <div class="c-form mb-5">
                         {% if uses_inclusion_connect %}
-                            {% if inclusion_connect_url %}
+                            {% if pro_connect_url %}
+                                <div class="text-center">
+                                    <a href="{{ pro_connect_url }}" class="proconnect-button" {% matomo_event "connexion "|add:matomo_account_type "clic" "se-connecter-avec-pro-connect" %}>
+                                    </a>
+                                    <p>
+                                        <a href="https://proconnect.gouv.fr/" target="_blank" rel="noopener noreferrer" title="Qu’est-ce que AgentConnect ? - nouvelle fenêtre">
+                                            Qu’est-ce que ProConnect ?
+                                        </a>
+                                    </p>
+                                </div>
+
+                            {% elif inclusion_connect_url %}
                                 <div class="text-center">
                                     <a href="{{ inclusion_connect_url }}" class="btn-inclusion-connect" {% matomo_event "connexion "|add:matomo_account_type "clic" "se-connecter-avec-inclusion-connect" %}>
                                         <picture>
diff --git a/itou/templates/dashboard/edit_user_info.html b/itou/templates/dashboard/edit_user_info.html
index 25bfa2028b..3266f3e659 100644
--- a/itou/templates/dashboard/edit_user_info.html
+++ b/itou/templates/dashboard/edit_user_info.html
@@ -55,7 +55,34 @@ <h2>Informations personnelles</h2>
                         {% else %}
                             <form method="post" class="js-prevent-multiple-submit">
                                 {% csrf_token %}
-                                {% if ic_account_url %}
+                                {% if request.user.identity_provider == "PC" %}
+                                    <ul class="list-unstyled">
+                                        <li>
+                                            Prénom : <strong>{{ user.first_name|title }}</strong>
+                                        </li>
+                                        <li>
+                                            Nom : <strong>{{ user.last_name|upper }}</strong>
+                                        </li>
+                                        <li>
+                                            Adresse e-mail : <strong>{{ user.email }}</strong>
+                                        </li>
+                                    </ul>
+                                    <div class="alert alert-info">
+                                        <p>
+                                            Ces informations doivent être modifiées sur votre fournisseur d'identité.
+                                            <br>
+                                            - Si votre compte a été créé sur ProConnect, vous pouvez modifier votre informations personnelles sur <a href="https://app.moncomptepro.beta.gouv.fr/personal-information">ProConnect</a>.
+                                            <br>
+                                            - Si ProConnect vous permet de vous connecter avec un autre fournisseur d'identité, c'est à celui-ci de mettre
+                                            à jour vos informations personnelle.
+                                            <br>
+                                            En cas de doute, vous pouvez contacter <a href="mailto:support@agentconnect.gouv.fr ">le support ProConnect</a>
+                                        </p>
+                                        <p class="mb-0">Une fois modifiée, vos informations seront mises à jour à votre prochaine connexion.</p>
+                                    </div>
+                                    <hr class="my-4">
+                                    {% bootstrap_form_errors form type="all" %}
+                                {% elif ic_account_url %}
                                     <ul class="list-unstyled">
                                         <li>
                                             Prénom : <strong>{{ user.first_name|title }}</strong>
diff --git a/itou/templates/inclusion_connect/includes/description.html b/itou/templates/inclusion_connect/includes/description.html
index 2121ec7361..93fb6e8842 100644
--- a/itou/templates/inclusion_connect/includes/description.html
+++ b/itou/templates/inclusion_connect/includes/description.html
@@ -2,13 +2,28 @@
 {% load theme_inclusion %}
 {% load matomo %}
 
-<h2>Créez un compte les emplois de l’inclusion avec Inclusion Connect</h2>
-<p class="mt-5">
-    Inclusion Connect est une solution de connexion unique à plusieurs services publics réservée aux professionnels de l’inclusion.
-</p>
 
 
-{% if inclusion_connect_url %}
+{% if pro_connect_url %}
+
+    <h2>Créez un compte les emplois de l’inclusion avec ProConnect</h2>
+    <p class="mt-5">ProConnect est une solution de connexion unique à de nombreux services publics.</p>
+{% else %}
+    <h2>Créez un compte les emplois de l’inclusion avec Inclusion Connect</h2>
+    <p class="mt-5">
+        Inclusion Connect est une solution de connexion unique à plusieurs services publics réservée aux professionnels de l’inclusion.
+    </p>
+{% endif %}
+
+{% if pro_connect_url %}
+    <div class="text-center">
+        <a href="{{ pro_connect_url }}" class="proconnect-button" {% matomo_event "connexion "|add:matomo_account_type "clic" "se-connecter-avec-pro-connect" %}>
+        </a>
+        <br>
+
+        <a href="https://proconnect.gouv.fr/" class="btn btn-link" target="_blank">En savoir plus</a>
+    </div>
+{% elif inclusion_connect_url %}
     <div class="text-center">
         <a href="{{ inclusion_connect_url }}" class="btn-inclusion-connect" {% matomo_event "inscription "|add:matomo_account_type "clic" "se-connecter-avec-inclusion-connect" %}>
             <picture>
diff --git a/itou/users/adapter.py b/itou/users/adapter.py
index 3a3f190365..8f6ee34708 100644
--- a/itou/users/adapter.py
+++ b/itou/users/adapter.py
@@ -7,6 +7,7 @@
 from itou.openid_connect.france_connect.constants import FRANCE_CONNECT_SESSION_STATE, FRANCE_CONNECT_SESSION_TOKEN
 from itou.openid_connect.inclusion_connect.constants import INCLUSION_CONNECT_SESSION_KEY
 from itou.openid_connect.pe_connect.constants import PE_CONNECT_SESSION_TOKEN
+from itou.openid_connect.pro_connect.constants import PRO_CONNECT_SESSION_KEY
 from itou.utils.urls import get_safe_url
 
 
@@ -57,6 +58,14 @@ def get_logout_redirect_url(self, request):
         Tests are in itou.inclusion_connect.tests.
         """
         redirect_url = reverse("search:employers_home")
+        # ProConnect
+        pro_session = request.session.get(PRO_CONNECT_SESSION_KEY)
+        if pro_session:
+            token = pro_session["token"]
+            if token:
+                params = {"token": token}
+                pro_connect_base_logout_url = reverse("pro_connect:logout")
+                return f"{pro_connect_base_logout_url}?{urlencode(params)}"
         # Inclusion Connect
         ic_session = request.session.get(INCLUSION_CONNECT_SESSION_KEY)
         if ic_session:
diff --git a/itou/users/enums.py b/itou/users/enums.py
index cec06aa6f2..d59364943e 100644
--- a/itou/users/enums.py
+++ b/itou/users/enums.py
@@ -35,6 +35,7 @@ class IdentityProvider(models.TextChoices):
     DJANGO = "DJANGO", "Django"
     FRANCE_CONNECT = "FC", "FranceConnect"
     INCLUSION_CONNECT = "IC", "Inclusion Connect"
+    PRO_CONNECT = "PC", "ProConnect"
     PE_CONNECT = "PEC", "Pôle emploi Connect"
 
 
diff --git a/itou/users/migrations/0001_initial.py b/itou/users/migrations/0001_initial.py
index 5349ddb29c..9ece6e0f49 100644
--- a/itou/users/migrations/0001_initial.py
+++ b/itou/users/migrations/0001_initial.py
@@ -299,6 +299,7 @@ class Migration(migrations.Migration):
                             ("DJANGO", "Django"),
                             ("FC", "FranceConnect"),
                             ("IC", "Inclusion Connect"),
+                            ("PC", "ProConnect"),
                             ("PEC", "Pôle emploi Connect"),
                         ],
                         default="DJANGO",
diff --git a/itou/utils/perms/middleware.py b/itou/utils/perms/middleware.py
index f1b2e04551..ed16716f6a 100644
--- a/itou/utils/perms/middleware.py
+++ b/itou/utils/perms/middleware.py
@@ -169,10 +169,11 @@ def __call__(self, request):
         # Force Inclusion Connect
         if (
             user.is_authenticated
-            and user.identity_provider != IdentityProvider.INCLUSION_CONNECT
+            and user.identity_provider not in [IdentityProvider.INCLUSION_CONNECT, IdentityProvider.PRO_CONNECT]
             and user.kind in [UserKind.PRESCRIBER, UserKind.EMPLOYER]
             and not request.path.startswith("/dashboard/activate_ic_account")  # Allow to access ic activation view
             and not request.path.startswith("/inclusion_connect")  # Allow to access ic views
+            and not request.path.startswith("/pro_connect")  # Allow to access ProConnect views
             and settings.FORCE_IC_LOGIN  # Allow to disable on dev setup
         ):
             # Add request.path as next param ?
diff --git a/itou/www/dashboard/views.py b/itou/www/dashboard/views.py
index 231e5576b4..4e6264eb48 100644
--- a/itou/www/dashboard/views.py
+++ b/itou/www/dashboard/views.py
@@ -277,7 +277,7 @@ def edit_user_info(request, template_name="dashboard/edit_user_info.html"):
         return HttpResponseRedirect(success_url)
 
     ic_account_url = None
-    if request.user.identity_provider == IdentityProvider.INCLUSION_CONNECT and settings.INCLUSION_CONNECT_BASE_URL:
+    if request.user.identity_provider == IdentityProvider.INCLUSION_CONNECT:
         # SSO users do not have access to edit_user_email dedicated view:
         # this field allows them to discover their dedicated process
         ic_login_params = {
@@ -417,7 +417,7 @@ def dispatch(self, request, *args, **kwargs):
             return HttpResponseRedirect(reverse("dashboard:index"))
         return super().dispatch(request, *args, **kwargs)
 
-    def _get_inclusion_connect_base_params(self):
+    def _get_params(self):
         params = {
             "user_kind": self.request.user.kind,
             "previous_url": self.request.get_full_path(),
@@ -430,10 +430,15 @@ def _get_inclusion_connect_base_params(self):
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
-        params = self._get_inclusion_connect_base_params()
+        params = self._get_params()
         inclusion_connect_url = add_url_params(reverse("inclusion_connect:activate_account"), params)
+        pro_connect_url = (
+            add_url_params(reverse("pro_connect:authorize"), params) if settings.PRO_CONNECT_BASE_URL else None
+        )
+
         extra_context = {
             "inclusion_connect_url": inclusion_connect_url,
+            "pro_connect_url": pro_connect_url,
             "matomo_account_type": MATOMO_ACCOUNT_TYPE[self.request.user.kind],
         }
         return context | extra_context
diff --git a/itou/www/invitations_views/views.py b/itou/www/invitations_views/views.py
index 43f22935af..3422335afc 100644
--- a/itou/www/invitations_views/views.py
+++ b/itou/www/invitations_views/views.py
@@ -43,7 +43,7 @@ def handle_invited_user_registration_with_django(request, invitation, invitation
     return render(request, "invitations_views/new_user.html", context=context)
 
 
-def handle_invited_user_registration_with_inclusion_connect(request, invitation, invitation_type):
+def handle_invited_user_registration_with_inclusion_or_pro_connect(request, invitation, invitation_type):
     params = {
         "user_kind": invitation_type,
         "user_email": invitation.email,
@@ -56,8 +56,12 @@ def handle_invited_user_registration_with_inclusion_connect(request, invitation,
         if settings.INCLUSION_CONNECT_BASE_URL
         else None
     )
+    pro_connect_url = (
+        f"{reverse('pro_connect:authorize')}?{urlencode(params)}" if settings.PRO_CONNECT_BASE_URL else None
+    )
     context = {
         "inclusion_connect_url": inclusion_connect_url,
+        "pro_connect_url": pro_connect_url,
         "invitation": invitation,
         "matomo_account_type": MATOMO_ACCOUNT_TYPE[invitation_type],
     }
@@ -105,8 +109,8 @@ def new_user(request, invitation_type, invitation_id):
 
     # A new user should be created before joining
     handle_registration = {
-        KIND_PRESCRIBER: handle_invited_user_registration_with_inclusion_connect,
-        KIND_EMPLOYER: handle_invited_user_registration_with_inclusion_connect,
+        KIND_PRESCRIBER: handle_invited_user_registration_with_inclusion_or_pro_connect,
+        KIND_EMPLOYER: handle_invited_user_registration_with_inclusion_or_pro_connect,
         KIND_LABOR_INSPECTOR: handle_invited_user_registration_with_django,
     }[invitation_type]
     return handle_registration(request, invitation, invitation_type)
diff --git a/itou/www/login/views.py b/itou/www/login/views.py
index 7737babcd2..8ed108fa53 100644
--- a/itou/www/login/views.py
+++ b/itou/www/login/views.py
@@ -30,7 +30,7 @@ def _get_inclusion_connect_url(self, context):
         if not settings.INCLUSION_CONNECT_BASE_URL:
             return None
 
-        if self.user_kind in [UserKind.LABOR_INSPECTOR, UserKind.JOB_SEEKER]:
+        if self.user_kind not in [UserKind.EMPLOYER, UserKind.PRESCRIBER]:
             return None
 
         params = {
@@ -42,6 +42,22 @@ def _get_inclusion_connect_url(self, context):
 
         return add_url_params(reverse("inclusion_connect:authorize"), params)
 
+    def _get_pro_connect_url(self, context):
+        if not settings.PRO_CONNECT_BASE_URL:
+            return None
+
+        if self.user_kind not in [UserKind.EMPLOYER, UserKind.PRESCRIBER]:
+            return None
+
+        params = {
+            "user_kind": self.user_kind,
+            "previous_url": self.request.get_full_path(),
+        }
+        if context["redirect_field_value"]:
+            params["next_url"] = context["redirect_field_value"]
+
+        return add_url_params(reverse("pro_connect:authorize"), params)
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         login_url = reverse("account_login")
@@ -52,6 +68,7 @@ def get_context_data(self, **kwargs):
             "signup_allowed": True,
             "redirect_field_value": get_safe_url(self.request, REDIRECT_FIELD_NAME),
             "inclusion_connect_url": self._get_inclusion_connect_url(context),
+            "pro_connect_url": self._get_pro_connect_url(context),
         }
         return context | extra_context
 
@@ -63,7 +80,10 @@ def dispatch(self, request, *args, **kwargs):
                     "next_url": next_url,
                     "channel": InclusionConnectChannel.MAP_CONSEILLER.value,
                 }
-                redirect_to = f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}"
+                if settings.PRO_CONNECT_BASE_URL:
+                    redirect_to = f"{reverse('pro_connect:authorize')}?{urlencode(params)}"
+                else:
+                    redirect_to = f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}"
                 return HttpResponseRedirect(redirect_to)
         return super().dispatch(request, *args, **kwargs)
 
diff --git a/itou/www/signup/views.py b/itou/www/signup/views.py
index 98ca49a08f..55b8f247ca 100644
--- a/itou/www/signup/views.py
+++ b/itou/www/signup/views.py
@@ -247,18 +247,22 @@ class CompanyUserView(CompanyBaseView, TemplateView):
     template_name = "signup/employer.html"
 
     def get_context_data(self, **kwargs):
-        ic_params = {
+        params = {
             "user_kind": KIND_EMPLOYER,
             "previous_url": self.request.get_full_path(),
             "next_url": reverse("signup:company_join", args=(self.company.pk, self.token)),
         }
         inclusion_connect_url = (
-            f"{reverse('inclusion_connect:authorize')}?{urlencode(ic_params)}"
+            f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}"
             if settings.INCLUSION_CONNECT_BASE_URL
             else None
         )
+        pro_connect_url = (
+            f"{reverse('pro_connect:authorize')}?{urlencode(params)}" if settings.PRO_CONNECT_BASE_URL else None
+        )
         return super().get_context_data(**kwargs) | {
             "inclusion_connect_url": inclusion_connect_url,
+            "pro_connect_url": pro_connect_url,
             "company": self.company,
             "matomo_account_type": MATOMO_ACCOUNT_TYPE[UserKind.EMPLOYER],
         }
@@ -613,9 +617,13 @@ def prescriber_pole_emploi_user(request, template_name="signup/prescriber_pole_e
         if settings.INCLUSION_CONNECT_BASE_URL
         else None
     )
+    pro_connect_url = (
+        f"{reverse('pro_connect:authorize')}?{urlencode(params)}" if settings.PRO_CONNECT_BASE_URL else None
+    )
 
     context = {
         "inclusion_connect_url": inclusion_connect_url,
+        "pro_connect_url": pro_connect_url,
         "pole_emploi_org": pole_emploi_org,
         "matomo_account_type": MATOMO_ACCOUNT_TYPE[UserKind.PRESCRIBER],
         "prev_url": get_prev_url_from_history(request, global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY),
@@ -665,22 +673,26 @@ def prescriber_user(request, template_name="signup/prescriber_user.html"):
     # Get kind label
     kind_label = dict(PrescriberOrganizationKind.choices).get(kind)
 
-    ic_params = {
+    params = {
         "user_kind": KIND_PRESCRIBER,
         "previous_url": request.get_full_path(),
     }
     if join_as_orienteur_with_org or join_authorized_org:
         # Redirect to the join organization view after login or signup.
-        ic_params["next_url"] = reverse("signup:prescriber_join_org")
+        params["next_url"] = reverse("signup:prescriber_join_org")
 
     inclusion_connect_url = (
-        f"{reverse('inclusion_connect:authorize')}?{urlencode(ic_params)}"
+        f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}"
         if settings.INCLUSION_CONNECT_BASE_URL
         else None
     )
+    pro_connect_url = (
+        f"{reverse('pro_connect:authorize')}?{urlencode(params)}" if settings.PRO_CONNECT_BASE_URL else None
+    )
 
     context = {
         "inclusion_connect_url": inclusion_connect_url,
+        "pro_connect_url": pro_connect_url,
         "matomo_account_type": MATOMO_ACCOUNT_TYPE[UserKind.PRESCRIBER],
         "join_as_orienteur_without_org": join_as_orienteur_without_org,
         "join_authorized_org": join_authorized_org,
@@ -812,18 +824,22 @@ class FacilitatorUserView(FacilitatorBaseMixin, TemplateView):
     template_name = "signup/employer.html"
 
     def get_context_data(self, **kwargs):
-        ic_params = {
+        params = {
             "user_kind": KIND_EMPLOYER,
             "previous_url": self.request.get_full_path(),
             "next_url": reverse("signup:facilitator_join"),
         }
         inclusion_connect_url = (
-            f"{reverse('inclusion_connect:authorize')}?{urlencode(ic_params)}"
+            f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}"
             if settings.INCLUSION_CONNECT_BASE_URL
             else None
         )
+        pro_connect_url = (
+            f"{reverse('pro_connect:authorize')}?{urlencode(params)}" if settings.PRO_CONNECT_BASE_URL else None
+        )
         return super().get_context_data(**kwargs) | {
             "inclusion_connect_url": inclusion_connect_url,
+            "pro_connect_url": pro_connect_url,
             "company": self.company_to_create,
             "matomo_account_type": MATOMO_ACCOUNT_TYPE[UserKind.EMPLOYER],
         }
diff --git a/tests/openid_connect/inclusion_connect/test.py b/tests/openid_connect/inclusion_connect/test.py
index 135e13655e..05d9101aca 100644
--- a/tests/openid_connect/inclusion_connect/test.py
+++ b/tests/openid_connect/inclusion_connect/test.py
@@ -1,9 +1,17 @@
-from functools import wraps
+from urllib.parse import parse_qs, urlencode, urlparse
 
+import httpx
+import respx
+from django.conf import settings
 from django.test import override_settings
+from django.urls import reverse
+from django.utils.functional import classproperty
+from pytest_django.asserts import assertContains, assertRedirects
 
 from itou.openid_connect.inclusion_connect import constants
-from tests.utils.test import TestCase, reload_module
+from itou.users.enums import IdentityProvider
+from itou.utils.templatetags.theme_inclusion import static_theme_images
+from tests.utils.test import reload_module
 
 
 TEST_SETTINGS = {
@@ -12,18 +20,111 @@
     "INCLUSION_CONNECT_CLIENT_SECRET": "IC_CLIENT_SECRET_123",
 }
 
+OIDC_USERINFO = {
+    "given_name": "Michel",
+    "family_name": "AUDIARD",
+    "email": "michel@lestontons.fr",
+    "sub": "af6b26f9-85cd-484e-beb9-bea5be13e30f",
+}
+
+OIDC_USERINFO_FT_WITH_SAFIR = OIDC_USERINFO | {
+    "email": "michel@francetravail.fr",
+    "structure_pe": "95021",  # SAFIR
+}
+
+
+# Make sure this decorator is before test definition, not here.
+# @respx.mock
+def mock_oauth_dance(
+    client,
+    user_kind,
+    previous_url=None,
+    next_url=None,
+    expected_redirect_url=None,
+    user_email=None,
+    user_info_email=None,
+    channel=None,
+    register=True,
+    other_client=None,
+    oidc_userinfo=None,
+):
+    assert user_kind, "Letting this filed empty is not allowed"
+    # Authorize params depend on user kind.
+    authorize_params = {
+        "user_kind": user_kind,
+        "previous_url": previous_url,
+        "next_url": next_url,
+        "user_email": user_email,
+        "channel": channel,
+        "register": register,
+    }
+    authorize_params = {k: v for k, v in authorize_params.items() if v}
+
+    # Calling this view is mandatory to start a new session.
+    authorize_url = f"{reverse('inclusion_connect:authorize')}?{urlencode(authorize_params)}"
+    response = client.get(authorize_url)
+    if register:
+        assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_REGISTER)
+    else:
+        assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_AUTHORIZE)
+
+    token_json = {"access_token": "access_token", "token_type": "Bearer", "expires_in": 60, "id_token": "123456"}
+    respx.post(constants.INCLUSION_CONNECT_ENDPOINT_TOKEN).mock(return_value=httpx.Response(200, json=token_json))
+
+    user_info = oidc_userinfo or OIDC_USERINFO.copy()
+    if user_info_email:
+        user_info["email"] = user_info_email
+    respx.get(constants.INCLUSION_CONNECT_ENDPOINT_USERINFO).mock(return_value=httpx.Response(200, json=user_info))
+
+    state = client.session[constants.INCLUSION_CONNECT_SESSION_KEY]["state"]
+    url = reverse("inclusion_connect:callback")
+    callback_client = other_client or client
+    response = callback_client.get(url, data={"code": "123", "state": state})
+    # If a expected_redirect_url was provided, check it redirects there
+    # If not, the default redirection is next_url if provided, or welcoming_tour for new users
+    expected = expected_redirect_url or next_url or reverse("welcoming_tour:index")
+    assertRedirects(response, expected, fetch_redirect_response=False)
+    return response
+
+
+def assert_and_mock_forced_logout(client, response, expected_redirect_url=reverse("search:employers_home")):
+    response = client.get(response.url)
+    assertRedirects(response, reverse("inclusion_connect:logout") + "?token=123456", fetch_redirect_response=False)
+    response = client.get(response.url)
+    assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_LOGOUT)
+    post_logout_redirect_uri = parse_qs(urlparse(response.url).query)["post_logout_redirect_uri"][0]
+    local_url = post_logout_redirect_uri.split(settings.ITOU_FQDN)[1]
+    assert local_url == expected_redirect_url
+    return response
+
+
+class inclusion_connect_setup:
+    oidc_userinfo = OIDC_USERINFO
+    oidc_userinfo_with_safir = OIDC_USERINFO_FT_WITH_SAFIR
+    mock_oauth_dance = mock_oauth_dance
+    assert_and_mock_forced_logout = assert_and_mock_forced_logout
+    identity_provider = IdentityProvider.INCLUSION_CONNECT
+    session_key = constants.INCLUSION_CONNECT_SESSION_KEY
+
+    def __init__(self):
+        self.context_managers = [override_settings(**TEST_SETTINGS), reload_module(constants)]
+
+    def __enter__(self):
+        for context_manager in self.context_managers:
+            context_manager.__enter__()
 
-@override_settings(**TEST_SETTINGS)
-@reload_module(constants)
-class InclusionConnectBaseTestCase(TestCase):
-    pass
+    def __exit__(self, *args, **kwargs):
+        for context_manager in self.context_managers:
+            context_manager.__exit__(*args, **kwargs)
 
+    @classmethod
+    def assertContainsButton(cls, response):
+        assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
 
-def override_inclusion_connect_settings(func):
-    @override_settings(**TEST_SETTINGS)
-    @reload_module(constants)
-    @wraps(func)
-    def wrapper(*args, **kwargs):
-        return func(*args, **kwargs)
+    @classproperty
+    def authorize_url(cls):
+        return reverse("inclusion_connect:authorize")
 
-    return wrapper
+    @classproperty
+    def logout_url(cls):
+        return reverse("inclusion_connect:logout")
diff --git a/tests/openid_connect/inclusion_connect/tests.py b/tests/openid_connect/inclusion_connect/tests.py
index dea5a018ed..c741451016 100644
--- a/tests/openid_connect/inclusion_connect/tests.py
+++ b/tests/openid_connect/inclusion_connect/tests.py
@@ -2,16 +2,14 @@
 import json
 from operator import itemgetter
 from unittest import mock
-from urllib.parse import parse_qs, quote, urlencode, urlparse
+from urllib.parse import quote, urlencode
 
 import httpx
 import pytest
 import respx
-from django.conf import settings
 from django.contrib import auth, messages
 from django.contrib.auth import get_user
 from django.contrib.messages import Message
-from django.contrib.messages.test import MessagesTestMixin
 from django.contrib.sessions.middleware import SessionMiddleware
 from django.core.exceptions import ValidationError
 from django.core.serializers.json import DjangoJSONEncoder
@@ -19,7 +17,7 @@
 from django.urls import reverse
 from django.utils import timezone
 from freezegun import freeze_time
-from pytest_django.asserts import assertRedirects
+from pytest_django.asserts import assertContains, assertMessages, assertQuerySetEqual, assertRedirects
 
 from itou.openid_connect.constants import OIDC_STATE_CLEANUP
 from itou.openid_connect.inclusion_connect import constants
@@ -39,7 +37,13 @@
 from itou.utils.templatetags.theme_inclusion import static_theme_images
 from itou.utils.urls import add_url_params, get_absolute_url
 from tests.job_applications.factories import JobApplicationSentByPrescriberPoleEmploiFactory
-from tests.openid_connect.inclusion_connect.test import InclusionConnectBaseTestCase
+from tests.openid_connect.inclusion_connect.test import (
+    OIDC_USERINFO,
+    OIDC_USERINFO_FT_WITH_SAFIR,
+    assert_and_mock_forced_logout,
+    inclusion_connect_setup,
+    mock_oauth_dance,
+)
 from tests.prescribers.factories import PrescriberPoleEmploiFactory
 from tests.users.factories import (
     DEFAULT_PASSWORD,
@@ -51,84 +55,13 @@
 )
 
 
-OIDC_USERINFO = {
-    "given_name": "Michel",
-    "family_name": "AUDIARD",
-    "email": "michel@lestontons.fr",
-    "sub": "af6b26f9-85cd-484e-beb9-bea5be13e30f",
-}
-OIDC_USERINFO_FT_WITH_SAFIR = OIDC_USERINFO | {
-    "email": "michel@francetravail.fr",
-    "structure_pe": "95021",  # SAFIR
-}
-
-
-# Make sure this decorator is before test definition, not here.
-# @respx.mock
-def mock_oauth_dance(
-    client,
-    user_kind,
-    previous_url=None,
-    next_url=None,
-    expected_redirect_url=None,
-    user_email=None,
-    user_info_email=None,
-    channel=None,
-    register=True,
-    other_client=None,
-    oidc_userinfo=None,
-):
-    assert user_kind, "Letting this filed empty is not allowed"
-    # Authorize params depend on user kind.
-    authorize_params = {
-        "user_kind": user_kind,
-        "previous_url": previous_url,
-        "next_url": next_url,
-        "user_email": user_email,
-        "channel": channel,
-        "register": register,
-    }
-    authorize_params = {k: v for k, v in authorize_params.items() if v}
-
-    # Calling this view is mandatory to start a new session.
-    authorize_url = f"{reverse('inclusion_connect:authorize')}?{urlencode(authorize_params)}"
-    response = client.get(authorize_url)
-    if register:
-        assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_REGISTER)
-    else:
-        assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_AUTHORIZE)
+@pytest.fixture(autouse=True)
+def setup_ic():
+    with inclusion_connect_setup():
+        yield
 
-    token_json = {"access_token": "access_token", "token_type": "Bearer", "expires_in": 60, "id_token": "123456"}
-    respx.post(constants.INCLUSION_CONNECT_ENDPOINT_TOKEN).mock(return_value=httpx.Response(200, json=token_json))
-
-    user_info = oidc_userinfo or OIDC_USERINFO.copy()
-    if user_info_email:
-        user_info["email"] = user_info_email
-    respx.get(constants.INCLUSION_CONNECT_ENDPOINT_USERINFO).mock(return_value=httpx.Response(200, json=user_info))
-
-    state = client.session[constants.INCLUSION_CONNECT_SESSION_KEY]["state"]
-    url = reverse("inclusion_connect:callback")
-    callback_client = other_client or client
-    response = callback_client.get(url, data={"code": "123", "state": state})
-    # If a expected_redirect_url was provided, check it redirects there
-    # If not, the default redirection is next_url if provided, or welcoming_tour for new users
-    expected = expected_redirect_url or next_url or reverse("welcoming_tour:index")
-    assertRedirects(response, expected, fetch_redirect_response=False)
-    return response
-
-
-def assert_and_mock_forced_logout(client, response, expected_redirect_url=reverse("search:employers_home")):
-    response = client.get(response.url)
-    assertRedirects(response, reverse("inclusion_connect:logout") + "?token=123456", fetch_redirect_response=False)
-    response = client.get(response.url)
-    assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_LOGOUT)
-    post_logout_redirect_uri = parse_qs(urlparse(response.url).query)["post_logout_redirect_uri"][0]
-    local_url = post_logout_redirect_uri.split(settings.ITOU_FQDN)[1]
-    assert local_url == expected_redirect_url
-    return response
-
-
-class InclusionConnectModelTest(InclusionConnectBaseTestCase):
+
+class TestInclusionConnectModel:
     def test_state_delete(self):
         state = InclusionConnectState.objects.create(state="foo")
 
@@ -225,7 +158,7 @@ def test_create_user_from_user_info_with_already_existing_id_but_from_other_sso(
         with pytest.raises(ValidationError):
             ic_user_data.create_or_update_user()
 
-    def test_join_org(self):
+    def test_join_org(self, caplog):
         # New membership.
         organization = PrescriberPoleEmploiFactory()
         assert organization.active_members.count() == 0
@@ -243,9 +176,9 @@ def test_join_org(self):
 
         # Oganization does not exist.
         safir = "12345"
-        with pytest.raises(PrescriberOrganization.DoesNotExist), self.assertLogs() as logs:
+        with pytest.raises(PrescriberOrganization.DoesNotExist):
             ic_user_data.join_org(user=user, safir=safir)
-        assert f"Organization with SAFIR {safir} does not exist. Unable to add user {user.id}." in logs.output[0]
+        assert f"Organization with SAFIR {safir} does not exist. Unable to add user {user.id}." in caplog.messages[0]
 
     def test_get_existing_user_with_same_email_django(self):
         """
@@ -261,7 +194,7 @@ def test_get_existing_user_with_same_email_django(self):
         assert user.username == OIDC_USERINFO["sub"]
         assert user.identity_provider == users_enums.IdentityProvider.INCLUSION_CONNECT
 
-    def test_get_existing_user_with_same_email_django_inclusion_connect(self):
+    def test_get_existing_user_with_same_email_IC(self):
         ic_user_data = InclusionConnectPrescriberData.from_user_info(OIDC_USERINFO)
         PrescriberFactory(
             username="another_username",
@@ -323,78 +256,77 @@ def test_create_or_update_employer_raise_too_many_kind_exception(self):
             user.delete()
 
 
-class InclusionConnectAuthorizeViewTest(InclusionConnectBaseTestCase):
-    def test_authorize_endpoint(self):
+class TestInclusionConnectAuthorizeView:
+    def test_authorize_endpoint(self, client):
         url = reverse("inclusion_connect:authorize")
-        response = self.client.get(url, follow=False)
-        self.assertRedirects(response, reverse("search:employers_home"))
+        response = client.get(url, follow=False)
+        assertRedirects(response, reverse("search:employers_home"))
 
         url = f"{reverse('inclusion_connect:authorize')}?user_kind={UserKind.PRESCRIBER}"
-        response = self.client.get(url, follow=False)
+        response = client.get(url, follow=False)
         assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_AUTHORIZE)
-        assert constants.INCLUSION_CONNECT_SESSION_KEY in self.client.session
+        assert constants.INCLUSION_CONNECT_SESSION_KEY in client.session
 
-    def test_authorize_endpoint_for_registration(self):
+    def test_authorize_endpoint_for_registration(self, client):
         url = reverse("inclusion_connect:authorize")
-        response = self.client.get(url, follow=False)
-        self.assertRedirects(response, reverse("search:employers_home"))
+        response = client.get(url, follow=False)
+        assertRedirects(response, reverse("search:employers_home"))
 
         url = f"{reverse('inclusion_connect:authorize')}?user_kind={UserKind.PRESCRIBER}&register=true"
-        response = self.client.get(url, follow=False)
+        response = client.get(url, follow=False)
         assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_REGISTER)
-        assert constants.INCLUSION_CONNECT_SESSION_KEY in self.client.session
+        assert constants.INCLUSION_CONNECT_SESSION_KEY in client.session
 
-    def test_authorize_endpoint_with_params(self):
+    def test_authorize_endpoint_with_params(self, client):
         email = "porthos@touspourun.com"
         params = {"user_email": email, "user_kind": UserKind.PRESCRIBER, "channel": "invitation"}
         url = f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}"
-        response = self.client.get(url, follow=False)
+        response = client.get(url, follow=False)
         assert f"login_hint={quote(email)}" in response.url
         ic_state = InclusionConnectState.get_from_state(
-            self.client.session[constants.INCLUSION_CONNECT_SESSION_KEY]["state"]
+            client.session[constants.INCLUSION_CONNECT_SESSION_KEY]["state"]
         )
         assert ic_state.data["user_email"] == email
 
-    def test_authorize_check_user_kind(self):
+    def test_authorize_check_user_kind(self, client, subtests):
         forbidden_user_kinds = [UserKind.ITOU_STAFF, UserKind.LABOR_INSPECTOR, UserKind.JOB_SEEKER]
         for kind in forbidden_user_kinds:
-            with self.subTest(kind=kind):
+            with subtests.test(kind=kind.label):
                 url = f"{reverse('inclusion_connect:authorize')}?user_kind={kind}"
-                response = self.client.get(url)
-                self.assertRedirects(response, reverse("search:employers_home"))
+                response = client.get(url)
+                assertRedirects(response, reverse("search:employers_home"))
 
-    def test_next_url(self):
+    def test_next_url(self, client, caplog):
         url = f"{reverse('inclusion_connect:authorize')}?{urlencode({'next_url': 'https://external.url.com'})}"
-        with self.assertLogs() as cm:
-            response = self.client.get(url, follow=False)
-        self.assertRedirects(response, reverse("search:employers_home"))
-        assert cm.records[0].message == "Forbidden external url"
+        response = client.get(url, follow=False)
+        assertRedirects(response, reverse("search:employers_home"))
+        assert caplog.records[0].message == "Forbidden external url"
 
 
-class InclusionConnectCallbackViewTest(MessagesTestMixin, InclusionConnectBaseTestCase):
+class TestInclusionConnectCallbackViewTest:
     @respx.mock
-    def test_callback_invalid_state(self):
+    def test_callback_invalid_state(self, client):
         token_json = {"access_token": "access_token", "token_type": "Bearer", "expires_in": 60, "id_token": "123456"}
         respx.post(constants.INCLUSION_CONNECT_ENDPOINT_TOKEN).mock(return_value=httpx.Response(200, json=token_json))
 
         url = reverse("inclusion_connect:callback")
-        response = self.client.get(url, data={"code": "123", "state": "000"})
+        response = client.get(url, data={"code": "123", "state": "000"})
         assert response.status_code == 302
 
-    def test_callback_no_state(self):
+    def test_callback_no_state(self, client):
         url = reverse("inclusion_connect:callback")
-        response = self.client.get(url, data={"code": "123"})
+        response = client.get(url, data={"code": "123"})
         assert response.status_code == 302
 
-    def test_callback_no_code(self):
+    def test_callback_no_code(sel, client):
         url = reverse("inclusion_connect:callback")
-        response = self.client.get(url)
+        response = client.get(url)
         assert response.status_code == 302
 
     @respx.mock
-    def test_callback_prescriber_created(self):
+    def test_callback_prescriber_created(self, client):
         ### User does not exist.
-        mock_oauth_dance(self.client, UserKind.PRESCRIBER)
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
         assert User.objects.count() == 1
         user = User.objects.get(email=OIDC_USERINFO["email"])
         assert user.first_name == OIDC_USERINFO["given_name"]
@@ -405,9 +337,9 @@ def test_callback_prescriber_created(self):
         assert user.identity_provider == users_enums.IdentityProvider.INCLUSION_CONNECT
 
     @respx.mock
-    def test_callback_employer_created(self):
+    def test_callback_employer_created(self, client):
         ### User does not exist.
-        mock_oauth_dance(self.client, UserKind.EMPLOYER)
+        mock_oauth_dance(client, UserKind.EMPLOYER)
         assert User.objects.count() == 1
         user = User.objects.get(email=OIDC_USERINFO["email"])
         assert user.first_name == OIDC_USERINFO["given_name"]
@@ -418,7 +350,7 @@ def test_callback_employer_created(self):
         assert user.identity_provider == users_enums.IdentityProvider.INCLUSION_CONNECT
 
     @respx.mock
-    def test_callback_existing_django_user(self):
+    def test_callback_existing_django_user(self, client):
         # User created with django already exists on Itou but some attributes differs.
         # Update all fields
         PrescriberFactory(
@@ -428,7 +360,7 @@ def test_callback_existing_django_user(self):
             email=OIDC_USERINFO["email"],
             identity_provider=users_enums.IdentityProvider.DJANGO,
         )
-        mock_oauth_dance(self.client, UserKind.PRESCRIBER)
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
         assert User.objects.count() == 1
         user = User.objects.get(email=OIDC_USERINFO["email"])
         assert user.first_name == OIDC_USERINFO["given_name"]
@@ -438,51 +370,51 @@ def test_callback_existing_django_user(self):
         assert user.identity_provider == users_enums.IdentityProvider.INCLUSION_CONNECT
 
     @respx.mock
-    def test_callback_allows_employer_on_prescriber_login_only(self):
+    def test_callback_allows_employer_on_prescriber_login_only(self, client):
         ic_user_data = InclusionConnectPrescriberData.from_user_info(OIDC_USERINFO)
         user = UserFactory(username=ic_user_data.username, email=ic_user_data.email, kind=UserKind.EMPLOYER)
 
         response = mock_oauth_dance(
-            self.client,
+            client,
             UserKind.PRESCRIBER,
             expected_redirect_url=add_url_params(
                 reverse("inclusion_connect:logout"), {"redirect_url": reverse("search:employers_home")}
             ),
         )
-        response = self.client.get(reverse("search:employers_home"))
-        self.assertContains(response, "existe déjà avec cette adresse e-mail")
-        self.assertContains(response, "pour devenir prescripteur sur la plateforme")
-        assert get_user(self.client).is_authenticated is False
+        response = client.get(reverse("search:employers_home"))
+        assertContains(response, "existe déjà avec cette adresse e-mail")
+        assertContains(response, "pour devenir prescripteur sur la plateforme")
+        assert get_user(client).is_authenticated is False
 
-        response = mock_oauth_dance(self.client, UserKind.PRESCRIBER, register=False)
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER, register=False)
         user.refresh_from_db()
         assert user.kind == UserKind.EMPLOYER
-        assert get_user(self.client).is_authenticated is True
+        assert get_user(client).is_authenticated is True
 
     @respx.mock
-    def test_callback_allows_prescriber_on_employer_login_only(self):
+    def test_callback_allows_prescriber_on_employer_login_only(self, client):
         ic_user_data = InclusionConnectEmployerData.from_user_info(OIDC_USERINFO)
         user = UserFactory(username=ic_user_data.username, email=ic_user_data.email, kind=UserKind.PRESCRIBER)
 
         response = mock_oauth_dance(
-            self.client,
+            client,
             UserKind.EMPLOYER,
             expected_redirect_url=add_url_params(
                 reverse("inclusion_connect:logout"), {"redirect_url": reverse("search:employers_home")}
             ),
         )
-        response = self.client.get(reverse("search:employers_home"))
-        self.assertContains(response, "existe déjà avec cette adresse e-mail")
-        self.assertContains(response, "pour devenir employeur sur la plateforme")
-        assert get_user(self.client).is_authenticated is False
+        response = client.get(reverse("search:employers_home"))
+        assertContains(response, "existe déjà avec cette adresse e-mail")
+        assertContains(response, "pour devenir employeur sur la plateforme")
+        assert get_user(client).is_authenticated is False
 
-        response = mock_oauth_dance(self.client, UserKind.EMPLOYER, register=False)
+        response = mock_oauth_dance(client, UserKind.EMPLOYER, register=False)
         user.refresh_from_db()
         assert user.kind == UserKind.PRESCRIBER
-        assert get_user(self.client).is_authenticated is True
+        assert get_user(client).is_authenticated is True
 
     @respx.mock
-    def test_callback_refuses_job_seekers(self):
+    def test_callback_refuses_job_seekers(self, client):
         ic_user_data = InclusionConnectEmployerData.from_user_info(OIDC_USERINFO)
         user = UserFactory(username=ic_user_data.username, email=ic_user_data.email, kind=UserKind.JOB_SEEKER)
 
@@ -490,65 +422,65 @@ def test_callback_refuses_job_seekers(self):
             reverse("inclusion_connect:logout"), {"redirect_url": reverse("search:employers_home")}
         )
 
-        mock_oauth_dance(self.client, UserKind.PRESCRIBER, expected_redirect_url=expected_redirect_url)
+        mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=expected_redirect_url)
         user.refresh_from_db()
         assert user.kind == UserKind.JOB_SEEKER
-        assert get_user(self.client).is_authenticated is False
+        assert get_user(client).is_authenticated is False
 
-        mock_oauth_dance(self.client, UserKind.PRESCRIBER, expected_redirect_url=expected_redirect_url, register=False)
+        mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=expected_redirect_url, register=False)
         user.refresh_from_db()
         assert user.kind == UserKind.JOB_SEEKER
-        assert get_user(self.client).is_authenticated is False
+        assert get_user(client).is_authenticated is False
 
-        mock_oauth_dance(self.client, UserKind.EMPLOYER, expected_redirect_url=expected_redirect_url)
+        mock_oauth_dance(client, UserKind.EMPLOYER, expected_redirect_url=expected_redirect_url)
         user.refresh_from_db()
         assert user.kind == UserKind.JOB_SEEKER
-        assert get_user(self.client).is_authenticated is False
+        assert get_user(client).is_authenticated is False
 
-        mock_oauth_dance(self.client, UserKind.EMPLOYER, expected_redirect_url=expected_redirect_url, register=False)
+        mock_oauth_dance(client, UserKind.EMPLOYER, expected_redirect_url=expected_redirect_url, register=False)
         user.refresh_from_db()
         assert user.kind == UserKind.JOB_SEEKER
-        assert get_user(self.client).is_authenticated is False
+        assert get_user(client).is_authenticated is False
 
     @respx.mock
-    def test_callback_redirect_prescriber_on_too_many_kind_exception(self):
+    def test_callback_redirect_prescriber_on_too_many_kind_exception(self, client):
         ic_user_data = InclusionConnectPrescriberData.from_user_info(OIDC_USERINFO)
 
         for kind in [UserKind.JOB_SEEKER, UserKind.LABOR_INSPECTOR]:
             user = UserFactory(username=ic_user_data.username, email=ic_user_data.email, kind=kind)
             response = mock_oauth_dance(
-                self.client,
+                client,
                 UserKind.PRESCRIBER,
                 expected_redirect_url=add_url_params(
                     reverse("inclusion_connect:logout"), {"redirect_url": reverse("search:employers_home")}
                 ),
             )
-            response = self.client.get(reverse("search:employers_home"))
-            self.assertContains(response, "existe déjà avec cette adresse e-mail")
-            self.assertContains(response, "pour devenir prescripteur sur la plateforme")
+            response = client.get(reverse("search:employers_home"))
+            assertContains(response, "existe déjà avec cette adresse e-mail")
+            assertContains(response, "pour devenir prescripteur sur la plateforme")
             user.delete()
 
     @respx.mock
-    def test_callback_redirect_employer_on_too_many_kind_exception(self):
+    def test_callback_redirect_employer_on_too_many_kind_exception(self, client):
         ic_user_data = InclusionConnectEmployerData.from_user_info(OIDC_USERINFO)
 
         for kind in [UserKind.JOB_SEEKER, UserKind.LABOR_INSPECTOR]:
             user = UserFactory(username=ic_user_data.username, email=ic_user_data.email, kind=kind)
             # Don't check redirection as the user isn't an siae member yet, so it won't work.
             response = mock_oauth_dance(
-                self.client,
+                client,
                 UserKind.EMPLOYER,
                 expected_redirect_url=add_url_params(
                     reverse("inclusion_connect:logout"), {"redirect_url": reverse("search:employers_home")}
                 ),
             )
-            response = self.client.get(reverse("search:employers_home"))
-            self.assertContains(response, "existe déjà avec cette adresse e-mail")
-            self.assertContains(response, "pour devenir employeur sur la plateforme")
+            response = client.get(reverse("search:employers_home"))
+            assertContains(response, "existe déjà avec cette adresse e-mail")
+            assertContains(response, "pour devenir employeur sur la plateforme")
             user.delete()
 
     @respx.mock
-    def test_callback_updating_email_collision(self):
+    def test_callback_updating_email_collision(self, client):
         PrescriberFactory(
             first_name="Bernard",
             last_name="Blier",
@@ -563,11 +495,11 @@ def test_callback_updating_email_collision(self):
             email="random@email.com",
             identity_provider=users_enums.IdentityProvider.INCLUSION_CONNECT,
         )
-        self.client.force_login(user)
+        client.force_login(user)
         edit_user_info_url = reverse("dashboard:edit_user_info")
-        response = mock_oauth_dance(self.client, UserKind.PRESCRIBER, next_url=edit_user_info_url)
-        response = self.client.get(response.url, follow=True)
-        self.assertMessages(
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER, next_url=edit_user_info_url)
+        response = client.get(response.url, follow=True)
+        assertMessages(
             response,
             [
                 Message(
@@ -581,58 +513,58 @@ def test_callback_updating_email_collision(self):
         )
 
     @respx.mock
-    def test_callback_update_FT_organization(self):
+    def test_callback_update_FT_organization(self, client):
         user = PrescriberFactory(**dataclasses.asdict(InclusionConnectPrescriberData.from_user_info(OIDC_USERINFO)))
         org = PrescriberPoleEmploiFactory(code_safir_pole_emploi=OIDC_USERINFO_FT_WITH_SAFIR["structure_pe"])
         assert not org.members.exists()
 
         mock_oauth_dance(
-            self.client,
+            client,
             UserKind.PRESCRIBER,
             oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
         )
-        self.assertQuerySetEqual(org.members.all(), [user])
+        assertQuerySetEqual(org.members.all(), [user])
 
     @respx.mock
-    def test_callback_update_FT_organization_as_employer_does_not_crash(self):
+    def test_callback_update_FT_organization_as_employer_does_not_crash(self, client):
         org = PrescriberPoleEmploiFactory(code_safir_pole_emploi=OIDC_USERINFO_FT_WITH_SAFIR["structure_pe"])
         mock_oauth_dance(
-            self.client,
+            client,
             UserKind.EMPLOYER,
             oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
         )
-        user = get_user(self.client)
+        user = get_user(client)
         assert user.is_authenticated
         assert not user.prescribermembership_set.exists()
 
         # If he's a prescriber and uses the employer login button
         user.kind = UserKind.PRESCRIBER
         user.save()
-        self.client.logout()
+        client.logout()
         mock_oauth_dance(
-            self.client,
+            client,
             UserKind.EMPLOYER,
             oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
             register=False,
         )
-        user = get_user(self.client)
+        user = get_user(client)
         assert user.is_authenticated
-        self.assertQuerySetEqual(org.members.all(), [user])
+        assertQuerySetEqual(org.members.all(), [user])
 
     @respx.mock
-    def test_callback_ft_users_with_no_org(self):
+    def test_callback_ft_users_with_no_org(self, client):
         PrescriberFactory(**dataclasses.asdict(InclusionConnectPrescriberData.from_user_info(OIDC_USERINFO)))
 
         oidc_userinfo = OIDC_USERINFO.copy()
         oidc_userinfo["email"] = "prenom.nom@francetravail.fr"
         response = mock_oauth_dance(
-            self.client,
+            client,
             UserKind.PRESCRIBER,
             oidc_userinfo=oidc_userinfo,
         )
-        response = assert_and_mock_forced_logout(self.client, response)
-        assert get_user(self.client).is_authenticated is False
-        self.assertMessages(
+        response = assert_and_mock_forced_logout(client, response)
+        assert get_user(client).is_authenticated is False
+        assertMessages(
             response,
             [
                 Message(
@@ -645,18 +577,18 @@ def test_callback_ft_users_with_no_org(self):
         )
 
     @respx.mock
-    def test_callback_ft_users_unknown_safir(self):
+    def test_callback_ft_users_unknown_safir(self, client):
         PrescriberFactory(**dataclasses.asdict(InclusionConnectPrescriberData.from_user_info(OIDC_USERINFO)))
 
         oidc_userinfo = OIDC_USERINFO_FT_WITH_SAFIR.copy()
         response = mock_oauth_dance(
-            self.client,
+            client,
             UserKind.PRESCRIBER,
             oidc_userinfo=oidc_userinfo,
         )
-        response = assert_and_mock_forced_logout(self.client, response)
-        assert get_user(self.client).is_authenticated is False
-        self.assertMessages(
+        response = assert_and_mock_forced_logout(client, response)
+        assert get_user(client).is_authenticated is False
+        assertMessages(
             response,
             [
                 Message(
@@ -678,7 +610,7 @@ def test_callback_ft_users_unknown_safir(self):
         )
 
     @respx.mock
-    def test_callback_ft_users_unknown_safir_already_in_org(self):
+    def test_callback_ft_users_unknown_safir_already_in_org(self, client):
         user = PrescriberFactory(**dataclasses.asdict(InclusionConnectPrescriberData.from_user_info(OIDC_USERINFO)))
         org = PrescriberPoleEmploiFactory(code_safir_pole_emploi="00000")
         org.add_or_activate_member(user)
@@ -686,12 +618,12 @@ def test_callback_ft_users_unknown_safir_already_in_org(self):
         oidc_userinfo = OIDC_USERINFO_FT_WITH_SAFIR.copy()
         oidc_userinfo["email"] = "prenom.nom@francetravail.fr"
         response = mock_oauth_dance(
-            self.client,
+            client,
             UserKind.PRESCRIBER,
             oidc_userinfo=oidc_userinfo,
         )
-        assert get_user(self.client).is_authenticated is True
-        self.assertMessages(
+        assert get_user(client).is_authenticated is True
+        assertMessages(
             response,
             [
                 Message(
@@ -707,64 +639,62 @@ def test_callback_ft_users_unknown_safir_already_in_org(self):
         )
 
 
-class InclusionConnectAccountActivationTest(InclusionConnectBaseTestCase):
-    def test_new_user(self):
+class TestInclusionConnectAccountActivation:
+    def test_new_user(self, client):
         params = {"user_email": OIDC_USERINFO["email"], "user_kind": UserKind.PRESCRIBER}
         url = f"{reverse('inclusion_connect:activate_account')}?{urlencode(params)}"
-        response = self.client.get(url, follow=False)
+        response = client.get(url, follow=False)
         assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_REGISTER)
-        assert constants.INCLUSION_CONNECT_SESSION_KEY in self.client.session
+        assert constants.INCLUSION_CONNECT_SESSION_KEY in client.session
         assert f"login_hint={quote(OIDC_USERINFO['email'])}" in response.url
 
-    def test_existing_django_user(self):
+    def test_existing_django_user(self, client):
         user = PrescriberFactory(identity_provider=IdentityProvider.DJANGO)
         params = {"user_email": user.email, "user_kind": UserKind.PRESCRIBER}
         url = f"{reverse('inclusion_connect:activate_account')}?{urlencode(params)}"
-        response = self.client.get(url, follow=False)
+        response = client.get(url, follow=False)
         assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_ACTIVATE)
-        assert constants.INCLUSION_CONNECT_SESSION_KEY in self.client.session
+        assert constants.INCLUSION_CONNECT_SESSION_KEY in client.session
         assert f"login_hint={quote(user.email)}" in response.url
         assert f"firstname={user.first_name}" in response.url
         assert f"lastname={user.last_name}" in response.url
 
-    def test_existing_ic_user(self):
+    def test_existing_ic_user(self, client):
         user = PrescriberFactory(identity_provider=IdentityProvider.INCLUSION_CONNECT)
         params = {"user_email": user.email, "user_kind": UserKind.PRESCRIBER}
         url = f"{reverse('inclusion_connect:activate_account')}?{urlencode(params)}"
-        response = self.client.get(url, follow=False)
+        response = client.get(url, follow=False)
         assert response.url.startswith(constants.INCLUSION_CONNECT_ENDPOINT_AUTHORIZE)
-        assert constants.INCLUSION_CONNECT_SESSION_KEY in self.client.session
+        assert constants.INCLUSION_CONNECT_SESSION_KEY in client.session
         assert f"login_hint={quote(user.email)}" in response.url
 
-    def test_bad_user_kind(self):
+    def test_bad_user_kind(self, client, subtests):
         for user in [JobSeekerFactory(), PrescriberFactory(), EmployerFactory(), LaborInspectorFactory()]:
             user_kind = UserKind.PRESCRIBER if user.kind != UserKind.PRESCRIBER else UserKind.EMPLOYER
-            with self.subTest(user_kind=user_kind):
+            with subtests.test(user_kind=user_kind.label):
                 params = {"user_email": user.email, "user_kind": user_kind}
                 url = f"{reverse('inclusion_connect:activate_account')}?{urlencode(params)}"
-                response = self.client.get(url, follow=True)
-                self.assertRedirects(response, reverse("search:employers_home"))
-                self.assertContains(response, "existe déjà avec cette adresse e-mail")
-                self.assertContains(
-                    response, "Vous devez créer un compte Inclusion Connect avec une autre adresse e-mail"
-                )
+                response = client.get(url, follow=True)
+                assertRedirects(response, reverse("search:employers_home"))
+                assertContains(response, "existe déjà avec cette adresse e-mail")
+                assertContains(response, "Vous devez créer un compte Inclusion Connect avec une autre adresse e-mail")
 
-    def test_no_email(self):
+    def test_no_email(self, client):
         params = {"user_kind": UserKind.PRESCRIBER}
         url = f"{reverse('inclusion_connect:activate_account')}?{urlencode(params)}"
-        response = self.client.get(url)
-        self.assertRedirects(response, reverse("search:employers_home"))
+        response = client.get(url)
+        assertRedirects(response, reverse("search:employers_home"))
 
 
-class InclusionConnectSessionTest(InclusionConnectBaseTestCase):
-    def test_start_session(self):
+class TestInclusionConnectSession:
+    def test_start_session(self, subtests):
         ic_session = InclusionConnectSession()
         assert ic_session.key == constants.INCLUSION_CONNECT_SESSION_KEY
 
         expected_keys = ["token", "state"]
         ic_session_dict = ic_session.asdict()
         for key in expected_keys:
-            with self.subTest(key):
+            with subtests.test(key):
                 assert key in ic_session_dict.keys()
                 assert ic_session_dict[key] is None
 
@@ -776,35 +706,35 @@ def test_start_session(self):
         assert request.session.get(constants.INCLUSION_CONNECT_SESSION_KEY)
 
 
-class InclusionConnectLoginTest(InclusionConnectBaseTestCase):
+class TestInclusionConnectLogin:
     @respx.mock
-    def test_normal_signin(self):
+    def test_normal_signin(self, client):
         """
         A user has created an account with Inclusion Connect.
         He logs out.
         He can log in again later.
         """
         # Create an account with IC.
-        response = mock_oauth_dance(self.client, UserKind.PRESCRIBER)
-        self.client.get(response.url)  # display welcoming_tour
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER)
+        client.get(response.url)  # display welcoming_tour
 
         # Then log out.
-        response = self.client.post(reverse("account_logout"))
+        response = client.post(reverse("account_logout"))
 
         # Then log in again.
         login_url = reverse("login:prescriber")
-        response = self.client.get(login_url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
-        self.assertContains(response, reverse("inclusion_connect:authorize"))
+        response = client.get(login_url)
+        assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        assertContains(response, reverse("inclusion_connect:authorize"))
 
-        response = mock_oauth_dance(self.client, UserKind.PRESCRIBER, expected_redirect_url=reverse("dashboard:index"))
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=reverse("dashboard:index"))
 
         # Make sure it was a login instead of a new signup.
         users_count = User.objects.filter(email=OIDC_USERINFO["email"]).count()
         assert users_count == 1
 
     @respx.mock
-    def test_old_django_account(self):
+    def test_old_django_account(self, client):
         """
         A user has a Django account.
         He clicks on IC button and creates his account.
@@ -821,36 +751,36 @@ def test_old_django_account(self):
         # - IC side: account creation
         # - Django side: account update.
         # This logic is already tested here: InclusionConnectModelTest
-        response = mock_oauth_dance(self.client, UserKind.PRESCRIBER, expected_redirect_url=reverse("dashboard:index"))
-        assert auth.get_user(self.client).is_authenticated
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=reverse("dashboard:index"))
+        assert auth.get_user(client).is_authenticated
         # Make sure it was a login instead of a new signup.
         users_count = User.objects.filter(email=OIDC_USERINFO["email"]).count()
         assert users_count == 1
 
-        response = self.client.post(reverse("account_logout"))
+        response = client.post(reverse("account_logout"))
         assert response.status_code == 302
-        assert not auth.get_user(self.client).is_authenticated
+        assert not auth.get_user(client).is_authenticated
 
         # Try to login with Django.
         # This is already tested in itou.www.login.tests but only at form level.
         post_data = {"login": user.email, "password": DEFAULT_PASSWORD}
-        response = self.client.post(reverse("login:prescriber"), data=post_data)
+        response = client.post(reverse("login:prescriber"), data=post_data)
         error_message = "Votre compte est relié à Inclusion Connect."
-        self.assertContains(response, error_message)
-        assert not auth.get_user(self.client).is_authenticated
+        assertContains(response, error_message)
+        assert not auth.get_user(client).is_authenticated
 
         # Then login with Inclusion Connect.
-        mock_oauth_dance(self.client, UserKind.PRESCRIBER, expected_redirect_url=reverse("dashboard:index"))
-        assert auth.get_user(self.client).is_authenticated
+        mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=reverse("dashboard:index"))
+        assert auth.get_user(client).is_authenticated
 
 
-class InclusionConnectLogoutTest(InclusionConnectBaseTestCase):
+class TestInclusionConnectLogout:
     @respx.mock
-    def test_simple_logout(self):
-        mock_oauth_dance(self.client, UserKind.PRESCRIBER)
+    def test_simple_logout(self, client):
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
         logout_url = reverse("inclusion_connect:logout")
-        response = self.client.get(logout_url)
-        self.assertRedirects(
+        response = client.get(logout_url)
+        assertRedirects(
             response,
             add_url_params(
                 constants.INCLUSION_CONNECT_ENDPOINT_LOGOUT,
@@ -863,14 +793,14 @@ def test_simple_logout(self):
         )
 
     @respx.mock
-    def test_logout_with_redirection(self):
-        mock_oauth_dance(self.client, UserKind.PRESCRIBER)
+    def test_logout_with_redirection(self, client):
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
         expected_redirection = reverse("dashboard:index")
 
         params = {"redirect_url": expected_redirection}
         logout_url = f"{reverse('inclusion_connect:logout')}?{urlencode(params)}"
-        response = self.client.get(logout_url)
-        self.assertRedirects(
+        response = client.get(logout_url)
+        assertRedirects(
             response,
             add_url_params(
                 constants.INCLUSION_CONNECT_ENDPOINT_LOGOUT,
@@ -880,59 +810,59 @@ def test_logout_with_redirection(self):
         )
 
     @respx.mock
-    def test_django_account_logout_from_ic(self):
+    def test_django_account_logout_from_ic(self, client):
         """
         When ac IC user wants to log out from his local account,
         he should be logged out too from IC.
         """
-        response = mock_oauth_dance(self.client, UserKind.PRESCRIBER)
-        assert auth.get_user(self.client).is_authenticated
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER)
+        assert auth.get_user(client).is_authenticated
         # Follow the redirection.
-        response = self.client.get(response.url)
+        response = client.get(response.url)
         logout_url = reverse("account_logout")
-        self.assertContains(response, logout_url)
-        assert self.client.session.get(constants.INCLUSION_CONNECT_SESSION_KEY)
+        assertContains(response, logout_url)
+        assert client.session.get(constants.INCLUSION_CONNECT_SESSION_KEY)
 
-        response = self.client.post(logout_url)
+        response = client.post(logout_url)
         expected_redirection = reverse("inclusion_connect:logout")
         # For simplicity, exclude GET params. They are tested elsewhere anyway..
         assert response.url.startswith(expected_redirection)
 
-        response = self.client.get(response.url)
+        response = client.get(response.url)
         # The following redirection is tested in self.test_logout_with_redirection
         assert response.status_code == 302
-        assert not auth.get_user(self.client).is_authenticated
+        assert not auth.get_user(client).is_authenticated
 
-    def test_django_account_logout(self):
+    def test_django_account_logout(self, client):
         """
         When a local user wants to log out from his local account,
         he should be logged out without inclusion connect.
         """
         user = PrescriberFactory()
-        self.client.force_login(user)
-        response = self.client.post(reverse("account_logout"))
-        self.assertRedirects(response, reverse("search:employers_home"))
-        assert not auth.get_user(self.client).is_authenticated
+        client.force_login(user)
+        response = client.post(reverse("account_logout"))
+        assertRedirects(response, reverse("search:employers_home"))
+        assert not auth.get_user(client).is_authenticated
 
     @respx.mock
-    def test_logout_with_incomplete_state(self):
+    def test_logout_with_incomplete_state(self, client):
         # This happens while testing. It should never happen for real users, but it's still painful for us.
 
-        mock_oauth_dance(self.client, UserKind.PRESCRIBER)
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
 
-        session = self.client.session
+        session = client.session
         session[constants.INCLUSION_CONNECT_SESSION_KEY]["token"] = None
         session[constants.INCLUSION_CONNECT_SESSION_KEY]["state"] = None
         session.save()
 
-        response = self.client.post(reverse("account_logout"))
-        self.assertRedirects(response, reverse("search:employers_home"))
+        response = client.post(reverse("account_logout"))
+        assertRedirects(response, reverse("search:employers_home"))
 
 
-class InclusionConnectmapChannelTest(MessagesTestMixin, InclusionConnectBaseTestCase):
+class TestInclusionConnectmapChannel:
     @pytest.mark.ignore_unknown_variable_template_error("with_matomo_event")
     @respx.mock
-    def test_happy_path(self):
+    def test_happy_path(self, client):
         job_application = JobApplicationSentByPrescriberPoleEmploiFactory(
             sender_prescriber_organization__code_safir_pole_emploi=OIDC_USERINFO_FT_WITH_SAFIR["structure_pe"]
         )
@@ -945,27 +875,27 @@ def test_happy_path(self):
             channel=InclusionConnectChannel.MAP_CONSEILLER.value,
         )
 
-        response = self.client.get(url_from_map, follow=True)
+        response = client.get(url_from_map, follow=True)
         # Starting point of both the oauth_dance and `mock_oauth_dance()`.
         ic_endpoint = response.redirect_chain[-1][0]
         assert ic_endpoint.startswith(constants.INCLUSION_CONNECT_ENDPOINT_AUTHORIZE)
         assert f"channel={InclusionConnectChannel.MAP_CONSEILLER.value}" in ic_endpoint
 
         response = mock_oauth_dance(
-            self.client,
+            client,
             UserKind.PRESCRIBER,
             next_url=url_from_map,
             expected_redirect_url=url_from_map,
             channel=InclusionConnectChannel.MAP_CONSEILLER,
         )
-        assert auth.get_user(self.client).is_authenticated
+        assert auth.get_user(client).is_authenticated
 
-        response = self.client.get(response.url)
+        response = client.get(response.url)
         assert response.status_code == 200
 
     @pytest.mark.ignore_unknown_variable_template_error("with_matomo_event")
     @respx.mock
-    def test_create_user(self):
+    def test_create_user(self, client):
         # Application sent by a colleague from the same agency but not by the prescriber himself.
         job_application = JobApplicationSentByPrescriberPoleEmploiFactory(
             sender_prescriber_organization__code_safir_pole_emploi=OIDC_USERINFO_FT_WITH_SAFIR["structure_pe"]
@@ -980,13 +910,13 @@ def test_create_user(self):
             channel=InclusionConnectChannel.MAP_CONSEILLER.value,
         )
 
-        response = self.client.get(url_from_map, follow=True)
+        response = client.get(url_from_map, follow=True)
         # Starting point of both the oauth_dance and `mock_oauth_dance()`.
         ic_endpoint = response.redirect_chain[-1][0]
         assert ic_endpoint.startswith(constants.INCLUSION_CONNECT_ENDPOINT_AUTHORIZE)
 
         response = mock_oauth_dance(
-            self.client,
+            client,
             UserKind.PRESCRIBER,
             next_url=url_from_map,
             expected_redirect_url=url_from_map,
@@ -994,13 +924,13 @@ def test_create_user(self):
             oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
         )
         assert job_application.sender_prescriber_organization.members.count() == 2
-        assert auth.get_user(self.client).is_authenticated
+        assert auth.get_user(client).is_authenticated
 
-        response = self.client.get(response.url)
+        response = client.get(response.url)
         assert response.status_code == 200
 
     @respx.mock
-    def test_create_user_organization_not_found(self):
+    def test_create_user_organization_not_found(self, client):
         # Application sent by a colleague from the same agency but not by the prescriber himself.
         job_application = JobApplicationSentByPrescriberPoleEmploiFactory(
             sender_prescriber_organization__code_safir_pole_emploi=11111
@@ -1014,24 +944,24 @@ def test_create_user_organization_not_found(self):
             channel=InclusionConnectChannel.MAP_CONSEILLER.value,
         )
 
-        response = self.client.get(url_from_map, follow=True)
+        response = client.get(url_from_map, follow=True)
         # Starting point of both the oauth_dance and `mock_oauth_dance()`.
         ic_endpoint = response.redirect_chain[-1][0]
         assert ic_endpoint.startswith(constants.INCLUSION_CONNECT_ENDPOINT_AUTHORIZE)
 
         response = mock_oauth_dance(
-            self.client,
+            client,
             UserKind.PRESCRIBER,
             next_url=url_from_map,
             channel=InclusionConnectChannel.MAP_CONSEILLER,
             oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
         )
-        response = assert_and_mock_forced_logout(self.client, response)
+        response = assert_and_mock_forced_logout(client, response)
 
         assert job_application.sender_prescriber_organization.members.count() == 1
-        assert not auth.get_user(self.client).is_authenticated
+        assert not auth.get_user(client).is_authenticated
 
-        self.assertMessages(
+        assertMessages(
             response,
             [
                 Message(
diff --git a/tests/openid_connect/pro_connect/__init__.py b/tests/openid_connect/pro_connect/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/tests/openid_connect/pro_connect/test.py b/tests/openid_connect/pro_connect/test.py
new file mode 100644
index 0000000000..b3c2b5000b
--- /dev/null
+++ b/tests/openid_connect/pro_connect/test.py
@@ -0,0 +1,136 @@
+from urllib.parse import parse_qs, urlencode, urlparse
+
+import httpx
+import jwt
+import respx
+from django.conf import settings
+from django.test import override_settings
+from django.urls import reverse
+from django.utils.functional import classproperty
+from pytest_django.asserts import assertContains, assertRedirects
+
+from itou.openid_connect.pro_connect import constants
+from itou.users.enums import IdentityProvider
+from itou.utils.urls import add_url_params
+from tests.utils.test import reload_module
+
+
+OIDC_USERINFO = {
+    "given_name": "Michel",
+    "usual_name": "AUDIARD",
+    "email": "michel@lestontons.fr",
+    "sub": "af6b26f9-85cd-484e-beb9-bea5be13e30f",
+}
+
+OIDC_USERINFO_FT_WITH_SAFIR = OIDC_USERINFO | {
+    "email": "michel@francetravail.fr",
+    "custom": {"structureTravail": "95021"},
+}
+
+
+# Make sure this decorator is before test definition, not here.
+# @respx.mock
+def mock_oauth_dance(
+    client,
+    user_kind,
+    previous_url=None,
+    next_url=None,
+    expected_redirect_url=None,
+    user_email=None,
+    user_info_email=None,
+    channel=None,
+    register=True,
+    other_client=None,
+    oidc_userinfo=None,
+):
+    assert user_kind, "Letting this filed empty is not allowed"
+    # Authorize params depend on user kind.
+    authorize_params = {
+        "user_kind": user_kind,
+        "previous_url": previous_url,
+        "next_url": next_url,
+        "user_email": user_email,
+        "channel": channel,
+        "register": register,
+    }
+    authorize_params = {k: v for k, v in authorize_params.items() if v}
+
+    # Calling this view is mandatory to start a new session.
+    authorize_url = f"{reverse('pro_connect:authorize')}?{urlencode(authorize_params)}"
+    response = client.get(authorize_url)
+    assert response.url.startswith(constants.PRO_CONNECT_ENDPOINT_AUTHORIZE)
+
+    token_json = {"access_token": "access_token", "token_type": "Bearer", "expires_in": 60, "id_token": "123456"}
+    respx.post(constants.PRO_CONNECT_ENDPOINT_TOKEN).mock(return_value=httpx.Response(200, json=token_json))
+
+    user_info = oidc_userinfo or OIDC_USERINFO.copy()
+    if user_info_email:
+        user_info["email"] = user_info_email
+    user_info = user_info | {"aud": constants.PRO_CONNECT_CLIENT_ID}
+    user_info_jwt = jwt.encode(payload=user_info, key=constants.PRO_CONNECT_CLIENT_SECRET, algorithm="HS256")
+    respx.get(constants.PRO_CONNECT_ENDPOINT_USERINFO).mock(return_value=httpx.Response(200, content=user_info_jwt))
+
+    state = client.session[constants.PRO_CONNECT_SESSION_KEY]["state"]
+    url = reverse("pro_connect:callback")
+    callback_client = other_client or client
+    response = callback_client.get(url, data={"code": "123", "state": state})
+    # If a expected_redirect_url was provided, check it redirects there
+    # If not, the default redirection is next_url if provided, or welcoming_tour for new users
+    expected = expected_redirect_url or next_url or reverse("welcoming_tour:index")
+    assertRedirects(response, expected, fetch_redirect_response=False)
+    return response
+
+
+def assert_and_mock_forced_logout(client, response, expected_redirect_url=reverse("search:employers_home")):
+    response = client.get(response.url)
+    assertRedirects(response, reverse("pro_connect:logout") + "?token=123456", fetch_redirect_response=False)
+    response = client.get(response.url)
+    assert response.url.startswith(constants.PRO_CONNECT_ENDPOINT_LOGOUT)
+    query_params = parse_qs(urlparse(response.url).query)
+    post_logout_redirect_uri = query_params["post_logout_redirect_uri"][0]
+    state = query_params["state"][0]
+    local_url = post_logout_redirect_uri.split(settings.ITOU_FQDN)[1]
+    assert local_url == reverse("pro_connect:logout_callback")
+    response = client.get(add_url_params(local_url, {"state": state}))
+    assertRedirects(response, expected_redirect_url)
+    return response
+
+
+TEST_SETTINGS = {
+    "PRO_CONNECT_BASE_URL": "https://pro.connect.fake",
+    "PRO_CONNECT_CLIENT_ID": "PC_CLIENT_ID_123",
+    "PRO_CONNECT_CLIENT_SECRET": "PC_CLIENT_SECRET_123",
+    "PRO_CONNECT_FT_IDP_HINT": "xxxxxx",
+}
+
+
+class pro_connect_setup:
+    oidc_userinfo = OIDC_USERINFO
+    oidc_userinfo_with_safir = OIDC_USERINFO_FT_WITH_SAFIR
+    mock_oauth_dance = mock_oauth_dance
+    assert_and_mock_forced_logout = assert_and_mock_forced_logout
+    identity_provider = IdentityProvider.PRO_CONNECT
+    session_key = constants.PRO_CONNECT_SESSION_KEY
+
+    def __init__(self):
+        self.context_managers = [override_settings(**TEST_SETTINGS), reload_module(constants)]
+
+    def __enter__(self):
+        for context_manager in self.context_managers:
+            context_manager.__enter__()
+
+    def __exit__(self, *args, **kwargs):
+        for context_manager in self.context_managers:
+            context_manager.__exit__(*args, **kwargs)
+
+    @classmethod
+    def assertContainsButton(cls, response):
+        assertContains(response, 'class="proconnect-button"')
+
+    @classproperty
+    def authorize_url(cls):
+        return reverse("pro_connect:authorize")
+
+    @classproperty
+    def logout_url(cls):
+        return reverse("pro_connect:logout")
diff --git a/tests/openid_connect/pro_connect/tests.py b/tests/openid_connect/pro_connect/tests.py
new file mode 100644
index 0000000000..3b1640b92c
--- /dev/null
+++ b/tests/openid_connect/pro_connect/tests.py
@@ -0,0 +1,973 @@
+import dataclasses
+import json
+from operator import itemgetter
+from unittest import mock
+from urllib.parse import quote, urlencode
+
+import httpx
+import pytest
+import respx
+from django.contrib import auth, messages
+from django.contrib.auth import get_user
+from django.contrib.messages import Message
+from django.contrib.sessions.middleware import SessionMiddleware
+from django.core import signing
+from django.core.exceptions import ValidationError
+from django.core.serializers.json import DjangoJSONEncoder
+from django.test import RequestFactory
+from django.urls import reverse
+from django.utils import timezone
+from freezegun import freeze_time
+from pytest_django.asserts import (
+    assertContains,
+    assertMessages,
+    assertQuerySetEqual,
+    assertRedirects,
+)
+
+from itou.openid_connect.constants import OIDC_STATE_CLEANUP
+from itou.openid_connect.models import EmailInUseException, InvalidKindException
+from itou.openid_connect.pro_connect import constants
+from itou.openid_connect.pro_connect.enums import ProConnectChannel
+from itou.openid_connect.pro_connect.models import (
+    ProConnectEmployerData,
+    ProConnectPrescriberData,
+    ProConnectState,
+)
+from itou.openid_connect.pro_connect.views import ProConnectSession
+from itou.prescribers.models import PrescriberOrganization
+from itou.users import enums as users_enums
+from itou.users.enums import IdentityProvider, UserKind
+from itou.users.models import User
+from itou.utils import constants as global_constants
+from itou.utils.urls import add_url_params, get_absolute_url
+from tests.job_applications.factories import JobApplicationSentByPrescriberPoleEmploiFactory
+from tests.openid_connect.pro_connect.test import (
+    OIDC_USERINFO,
+    OIDC_USERINFO_FT_WITH_SAFIR,
+    assert_and_mock_forced_logout,
+    mock_oauth_dance,
+    pro_connect_setup,
+)
+from tests.prescribers.factories import PrescriberPoleEmploiFactory
+from tests.users.factories import (
+    DEFAULT_PASSWORD,
+    PrescriberFactory,
+    UserFactory,
+)
+
+
+@pytest.fixture(autouse=True)
+def setup_ic():
+    with pro_connect_setup():
+        yield
+
+
+class TestProConnectModel:
+    def test_state_delete(self):
+        state = ProConnectState.objects.create(state="foo")
+
+        ProConnectState.objects.cleanup()
+
+        state.refresh_from_db()
+        assert state is not None
+
+        # Set creation time for the state so that the state is expired
+        state.created_at = timezone.now() - OIDC_STATE_CLEANUP * 2
+        state.save()
+
+        ProConnectState.objects.cleanup()
+
+        with pytest.raises(ProConnectState.DoesNotExist):
+            state.refresh_from_db()
+
+    def test_state_is_valid(self):
+        with freeze_time("2022-09-13 12:00:01"):
+            state = ProConnectState.save_state()
+            assert isinstance(state, str)
+            assert ProConnectState.get_from_state(state).is_valid()
+
+            state = ProConnectState.save_state()
+        with freeze_time("2022-10-13 12:00:01"):
+            assert not ProConnectState.get_from_state(state).is_valid()
+
+    def test_create_user_from_user_info(self):
+        """
+        Nominal scenario: there is no user with the ProConnect ID or ProConnect email
+        that is sent, so we create one.
+        Similar to france_connect.tests.FranceConnectTest.test_create_django_user
+        but with more tests.
+        """
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+        assert not User.objects.filter(username=pc_user_data.username).exists()
+        assert not User.objects.filter(email=pc_user_data.email).exists()
+
+        now = timezone.now()
+        # Because external_data_source_history is a JSONField
+        # dates are actually stored as strings in the database
+        now_str = json.loads(DjangoJSONEncoder().encode(now))
+        with mock.patch("django.utils.timezone.now", return_value=now):
+            user, created = pc_user_data.create_or_update_user()
+        assert created
+        assert user.email == OIDC_USERINFO["email"]
+        assert user.last_name == OIDC_USERINFO["usual_name"]
+        assert user.first_name == OIDC_USERINFO["given_name"]
+        assert user.username == OIDC_USERINFO["sub"]
+
+        user.refresh_from_db()
+        expected = [
+            {
+                "field_name": field.name,
+                "value": getattr(user, field.name),
+                "source": "PC",
+                "created_at": now_str,
+            }
+            for field in dataclasses.fields(pc_user_data)
+        ]
+        assert sorted(user.external_data_source_history, key=itemgetter("field_name")) == sorted(
+            expected, key=itemgetter("field_name")
+        )
+
+    def test_create_user_from_user_info_with_already_existing_id(self):
+        """
+        If there already is an existing user with this ProConnect id, we do not create it again,
+        we use it and we update it.
+        """
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+        PrescriberFactory(
+            username=pc_user_data.username,
+            last_name="will_be_forgotten",
+            identity_provider=users_enums.IdentityProvider.PRO_CONNECT,
+        )
+        user, created = pc_user_data.create_or_update_user()
+        assert not created
+        assert user.last_name == OIDC_USERINFO["usual_name"]
+        assert user.first_name == OIDC_USERINFO["given_name"]
+        assert user.external_data_source_history[0]["source"] == "PC"
+
+    def test_create_user_from_user_info_with_already_existing_id_but_from_other_sso(self):
+        """
+        If there already is an existing user with this ProConnect id, but it comes from another SSO.
+        The email is also different, so it will crash while trying to create a new user.
+        """
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+        PrescriberFactory(
+            username=pc_user_data.username,
+            last_name="will_be_forgotten",
+            identity_provider=users_enums.IdentityProvider.DJANGO,
+            email="random@email.com",
+        )
+        with pytest.raises(ValidationError):
+            pc_user_data.create_or_update_user()
+
+    def test_join_org(self, caplog):
+        # New membership.
+        organization = PrescriberPoleEmploiFactory()
+        assert organization.active_members.count() == 0
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+        user, _ = pc_user_data.create_or_update_user()
+        pc_user_data.join_org(user=user, safir=organization.code_safir_pole_emploi)
+
+        assert organization.active_members.count() == 1
+        assert organization.has_admin(user)
+
+        # User is already a member.
+        pc_user_data.join_org(user=user, safir=organization.code_safir_pole_emploi)
+        assert organization.active_members.count() == 1
+        assert organization.has_admin(user)
+
+        # Oganization does not exist.
+        safir = "12345"
+        with pytest.raises(PrescriberOrganization.DoesNotExist):
+            pc_user_data.join_org(user=user, safir=safir)
+
+        assert (
+            f"Organization with SAFIR {safir} does not exist. Unable to add user {user.email}." in caplog.messages[0]
+        )
+        assert organization.active_members.count() == 1
+        assert organization.has_admin(user)
+
+    def test_get_existing_user_with_same_email_django(self):
+        """
+        If there already is an existing django user with email ProConnect sent us, we do not create it again,
+        We user it and we update it with the data form the identity_provider.
+        """
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+        PrescriberFactory(email=pc_user_data.email, identity_provider=users_enums.IdentityProvider.DJANGO)
+        user, created = pc_user_data.create_or_update_user()
+        assert not created
+        assert user.last_name == OIDC_USERINFO["usual_name"]
+        assert user.first_name == OIDC_USERINFO["given_name"]
+        assert user.username == OIDC_USERINFO["sub"]
+        assert user.identity_provider == users_enums.IdentityProvider.PRO_CONNECT
+
+    def test_get_existing_user_with_same_email_IC(self):
+        """
+        If there already is an existing IC user with email ProConnect sent us, we do not create it again,
+        We user it and we update it with the data form the identity_provider.
+        """
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+        PrescriberFactory(email=pc_user_data.email, identity_provider=users_enums.IdentityProvider.INCLUSION_CONNECT)
+        user, created = pc_user_data.create_or_update_user()
+        assert not created
+        assert user.last_name == OIDC_USERINFO["usual_name"]
+        assert user.first_name == OIDC_USERINFO["given_name"]
+        assert user.username == OIDC_USERINFO["sub"]
+        assert user.identity_provider == users_enums.IdentityProvider.PRO_CONNECT
+
+    def test_get_existing_user_with_same_email_pro_connect(self):
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+        PrescriberFactory(
+            username="another_username",
+            email=pc_user_data.email,
+            identity_provider=IdentityProvider.PRO_CONNECT,
+        )
+        with pytest.raises(EmailInUseException):
+            pc_user_data.create_or_update_user()
+
+    def test_update_user_from_user_info(self):
+        user = PrescriberFactory(**dataclasses.asdict(ProConnectPrescriberData.from_user_info(OIDC_USERINFO)))
+        pc_user = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+
+        new_pc_user = ProConnectPrescriberData(
+            first_name="Jean", last_name="Gabin", username=pc_user.username, email="jean@lestontons.fr"
+        )
+        now = timezone.now()
+        # Because external_data_source_history is a JSONField
+        # dates are actually stored as strings in the database
+        now_str = json.loads(DjangoJSONEncoder().encode(now))
+        with mock.patch("django.utils.timezone.now", return_value=now):
+            user, created = new_pc_user.create_or_update_user()
+        assert not created
+
+        user.refresh_from_db()
+        expected = [
+            {
+                "field_name": field.name,
+                "value": getattr(user, field.name),
+                "source": "PC",
+                "created_at": now_str,
+            }
+            for field in dataclasses.fields(pc_user)
+        ]
+        assert sorted(user.external_data_source_history, key=itemgetter("field_name")) == sorted(
+            expected, key=itemgetter("field_name")
+        )
+
+    def test_create_or_update_prescriber_raise_too_many_kind_exception(self):
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+
+        for kind in [UserKind.JOB_SEEKER, UserKind.EMPLOYER, UserKind.LABOR_INSPECTOR]:
+            user = UserFactory(username=pc_user_data.username, email=pc_user_data.email, kind=kind)
+
+            with pytest.raises(InvalidKindException):
+                pc_user_data.create_or_update_user()
+
+            user.delete()
+
+    def test_create_or_update_employer_raise_too_many_kind_exception(self):
+        pc_user_data = ProConnectEmployerData.from_user_info(OIDC_USERINFO)
+
+        for kind in [UserKind.JOB_SEEKER, UserKind.PRESCRIBER, UserKind.LABOR_INSPECTOR]:
+            user = UserFactory(username=pc_user_data.username, email=pc_user_data.email, kind=kind)
+
+            with pytest.raises(InvalidKindException):
+                pc_user_data.create_or_update_user()
+
+            user.delete()
+
+
+class TestProConnectAuthorizeView:
+    def test_authorize_endpoint(self, client):
+        url = reverse("pro_connect:authorize")
+        response = client.get(url, follow=False)
+        assertRedirects(response, reverse("search:employers_home"))
+
+        url = f"{reverse('pro_connect:authorize')}?user_kind={UserKind.PRESCRIBER}"
+        response = client.get(url, follow=False)
+        assert response.url.startswith(constants.PRO_CONNECT_ENDPOINT_AUTHORIZE)
+        assert constants.PRO_CONNECT_SESSION_KEY in client.session
+
+    def test_authorize_endpoint_for_registration(self, client):
+        url = reverse("pro_connect:authorize")
+        response = client.get(url, follow=False)
+        assertRedirects(response, reverse("search:employers_home"))
+
+        url = f"{reverse('pro_connect:authorize')}?user_kind={UserKind.PRESCRIBER}&register=true"
+        response = client.get(url, follow=False)
+        assert response.url.startswith(constants.PRO_CONNECT_ENDPOINT_AUTHORIZE)
+        assert constants.PRO_CONNECT_SESSION_KEY in client.session
+
+    def test_authorize_endpoint_with_params(self, client):
+        email = "porthos@touspourun.com"
+        params = {"user_email": email, "user_kind": UserKind.PRESCRIBER, "channel": "invitation"}
+        url = f"{reverse('pro_connect:authorize')}?{urlencode(params)}"
+        response = client.get(url, follow=False)
+        assert f"login_hint={quote(email)}" in response.url
+        pc_state = ProConnectState.get_from_state(client.session[constants.PRO_CONNECT_SESSION_KEY]["state"])
+        assert pc_state.data["user_email"] == email
+
+    def test_authorize_check_user_kind(self, client, subtests):
+        forbidden_user_kinds = [UserKind.ITOU_STAFF, UserKind.LABOR_INSPECTOR, UserKind.JOB_SEEKER]
+        for kind in forbidden_user_kinds:
+            with subtests.test(kind=kind.label):
+                url = f"{reverse('pro_connect:authorize')}?user_kind={kind}"
+                response = client.get(url)
+                assertRedirects(response, reverse("search:employers_home"))
+
+    def test_next_url(self, client, caplog):
+        url = f"{reverse('pro_connect:authorize')}?{urlencode({'next_url': 'https://external.url.com'})}"
+        response = client.get(url, follow=False)
+        assertRedirects(response, reverse("search:employers_home"))
+        assert caplog.records[0].message == "Forbidden external url"
+
+
+class TestProConnectCallbackView:
+    @respx.mock
+    def test_callback_invalid_state(self, client):
+        token_json = {"access_token": "access_token", "token_type": "Bearer", "expires_in": 60, "id_token": "123456"}
+        respx.post(constants.PRO_CONNECT_ENDPOINT_TOKEN).mock(return_value=httpx.Response(200, json=token_json))
+
+        url = reverse("pro_connect:callback")
+        response = client.get(url, data={"code": "123", "state": "000"})
+        assert response.status_code == 302
+
+    def test_callback_no_state(self, client):
+        url = reverse("pro_connect:callback")
+        response = client.get(url, data={"code": "123"})
+        assert response.status_code == 302
+
+    def test_callback_no_code(self, client):
+        url = reverse("pro_connect:callback")
+        response = client.get(url)
+        assert response.status_code == 302
+
+    @respx.mock
+    def test_callback_prescriber_created(self, client):
+        ### User does not exist.
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
+        assert User.objects.count() == 1
+        user = User.objects.get(email=OIDC_USERINFO["email"])
+        assert user.first_name == OIDC_USERINFO["given_name"]
+        assert user.last_name == OIDC_USERINFO["usual_name"]
+        assert user.username == OIDC_USERINFO["sub"]
+        assert user.has_sso_provider
+        assert user.kind == "prescriber"
+        assert user.identity_provider == users_enums.IdentityProvider.PRO_CONNECT
+
+    @respx.mock
+    def test_callback_employer_created(self, client):
+        ### User does not exist.
+        mock_oauth_dance(client, UserKind.EMPLOYER)
+        assert User.objects.count() == 1
+        user = User.objects.get(email=OIDC_USERINFO["email"])
+        assert user.first_name == OIDC_USERINFO["given_name"]
+        assert user.last_name == OIDC_USERINFO["usual_name"]
+        assert user.username == OIDC_USERINFO["sub"]
+        assert user.has_sso_provider
+        assert user.kind == UserKind.EMPLOYER
+        assert user.identity_provider == users_enums.IdentityProvider.PRO_CONNECT
+
+    @respx.mock
+    def test_callback_existing_django_user(self, client):
+        # User created with django already exists on Itou but some attributes differs.
+        # Update all fields
+        PrescriberFactory(
+            first_name="Bernard",
+            last_name="Blier",
+            username="bernard_blier",
+            email=OIDC_USERINFO["email"],
+            identity_provider=users_enums.IdentityProvider.DJANGO,
+        )
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
+        assert User.objects.count() == 1
+        user = User.objects.get(email=OIDC_USERINFO["email"])
+        assert user.first_name == OIDC_USERINFO["given_name"]
+        assert user.last_name == OIDC_USERINFO["usual_name"]
+        assert user.username == OIDC_USERINFO["sub"]
+        assert user.has_sso_provider
+        assert user.identity_provider == users_enums.IdentityProvider.PRO_CONNECT
+
+    @respx.mock
+    def test_callback_allows_employer_on_prescriber_login_only(self, client):
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+        user = UserFactory(username=pc_user_data.username, email=pc_user_data.email, kind=UserKind.EMPLOYER)
+
+        response = mock_oauth_dance(
+            client,
+            UserKind.PRESCRIBER,
+            expected_redirect_url=add_url_params(
+                reverse("pro_connect:logout"), {"redirect_url": reverse("search:employers_home")}
+            ),
+        )
+        response = client.get(reverse("search:employers_home"))
+        assertContains(response, "existe déjà avec cette adresse e-mail")
+        assertContains(response, "pour devenir prescripteur sur la plateforme")
+        assert get_user(client).is_authenticated is False
+
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER, register=False)
+        user.refresh_from_db()
+        assert user.kind == UserKind.EMPLOYER
+        assert get_user(client).is_authenticated is True
+
+    @respx.mock
+    def test_callback_allows_prescriber_on_employer_login_only(self, client):
+        pc_user_data = ProConnectEmployerData.from_user_info(OIDC_USERINFO)
+        user = UserFactory(username=pc_user_data.username, email=pc_user_data.email, kind=UserKind.PRESCRIBER)
+
+        response = mock_oauth_dance(
+            client,
+            UserKind.EMPLOYER,
+            expected_redirect_url=add_url_params(
+                reverse("pro_connect:logout"), {"redirect_url": reverse("search:employers_home")}
+            ),
+        )
+        response = client.get(reverse("search:employers_home"))
+        assertContains(response, "existe déjà avec cette adresse e-mail")
+        assertContains(response, "pour devenir employeur sur la plateforme")
+        assert get_user(client).is_authenticated is False
+
+        response = mock_oauth_dance(client, UserKind.EMPLOYER, register=False)
+        user.refresh_from_db()
+        assert user.kind == UserKind.PRESCRIBER
+        assert get_user(client).is_authenticated is True
+
+    @respx.mock
+    def test_callback_refuses_job_seekers(self, client):
+        pc_user_data = ProConnectEmployerData.from_user_info(OIDC_USERINFO)
+        user = UserFactory(username=pc_user_data.username, email=pc_user_data.email, kind=UserKind.JOB_SEEKER)
+
+        expected_redirect_url = add_url_params(
+            reverse("pro_connect:logout"), {"redirect_url": reverse("search:employers_home")}
+        )
+
+        mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=expected_redirect_url)
+        user.refresh_from_db()
+        assert user.kind == UserKind.JOB_SEEKER
+        assert get_user(client).is_authenticated is False
+
+        mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=expected_redirect_url, register=False)
+        user.refresh_from_db()
+        assert user.kind == UserKind.JOB_SEEKER
+        assert get_user(client).is_authenticated is False
+
+        mock_oauth_dance(client, UserKind.EMPLOYER, expected_redirect_url=expected_redirect_url)
+        user.refresh_from_db()
+        assert user.kind == UserKind.JOB_SEEKER
+        assert get_user(client).is_authenticated is False
+
+        mock_oauth_dance(client, UserKind.EMPLOYER, expected_redirect_url=expected_redirect_url, register=False)
+        user.refresh_from_db()
+        assert user.kind == UserKind.JOB_SEEKER
+        assert get_user(client).is_authenticated is False
+
+    @respx.mock
+    def test_callback_redirect_prescriber_on_too_many_kind_exception(self, client):
+        pc_user_data = ProConnectPrescriberData.from_user_info(OIDC_USERINFO)
+
+        for kind in [UserKind.JOB_SEEKER, UserKind.LABOR_INSPECTOR]:
+            user = UserFactory(username=pc_user_data.username, email=pc_user_data.email, kind=kind)
+            response = mock_oauth_dance(
+                client,
+                UserKind.PRESCRIBER,
+                expected_redirect_url=add_url_params(
+                    reverse("pro_connect:logout"), {"redirect_url": reverse("search:employers_home")}
+                ),
+            )
+            response = client.get(reverse("search:employers_home"))
+            assertContains(response, "existe déjà avec cette adresse e-mail")
+            assertContains(response, "pour devenir prescripteur sur la plateforme")
+            user.delete()
+
+    @respx.mock
+    def test_callback_redirect_employer_on_too_many_kind_exception(self, client):
+        pc_user_data = ProConnectEmployerData.from_user_info(OIDC_USERINFO)
+
+        for kind in [UserKind.JOB_SEEKER, UserKind.LABOR_INSPECTOR]:
+            user = UserFactory(username=pc_user_data.username, email=pc_user_data.email, kind=kind)
+            # Don't check redirection as the user isn't an siae member yet, so it won't work.
+            response = mock_oauth_dance(
+                client,
+                UserKind.EMPLOYER,
+                expected_redirect_url=add_url_params(
+                    reverse("pro_connect:logout"), {"redirect_url": reverse("search:employers_home")}
+                ),
+            )
+            response = client.get(reverse("search:employers_home"))
+            assertContains(response, "existe déjà avec cette adresse e-mail")
+            assertContains(response, "pour devenir employeur sur la plateforme")
+            user.delete()
+
+    @respx.mock
+    def test_callback_updating_email_collision(self, client):
+        PrescriberFactory(
+            first_name="Bernard",
+            last_name="Blier",
+            username="bernard_blier",
+            email=OIDC_USERINFO["email"],
+            identity_provider=users_enums.IdentityProvider.DJANGO,
+        )
+        user = PrescriberFactory(
+            first_name=OIDC_USERINFO["given_name"],
+            last_name=OIDC_USERINFO["usual_name"],
+            username=OIDC_USERINFO["sub"],
+            email="random@email.com",
+            identity_provider=users_enums.IdentityProvider.PRO_CONNECT,
+        )
+        client.force_login(user)
+        edit_user_info_url = reverse("dashboard:edit_user_info")
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER, next_url=edit_user_info_url)
+        response = client.get(response.url, follow=True)
+        assertMessages(
+            response,
+            [
+                Message(
+                    messages.ERROR,
+                    "L'adresse e-mail que nous a transmis ProConnect est différente de celle qui est enregistrée "
+                    "sur la plateforme des emplois, et est déjà associé à un autre compte. "
+                    "Nous n'avons donc pas pu mettre à jour random@email.com en "
+                    f"{OIDC_USERINFO['email']}. Veuillez vous rapprocher du support pour débloquer la situation en "
+                    f"suivant <a href='{ global_constants.ITOU_HELP_CENTER_URL }'>ce lien</a>.",
+                )
+            ],
+        )
+
+    @respx.mock
+    def test_callback_update_FT_organization(self, client):
+        user = PrescriberFactory(**dataclasses.asdict(ProConnectPrescriberData.from_user_info(OIDC_USERINFO)))
+        org = PrescriberPoleEmploiFactory(code_safir_pole_emploi="95021")
+        assert not org.members.exists()
+
+        mock_oauth_dance(
+            client,
+            UserKind.PRESCRIBER,
+            oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
+        )
+        assertQuerySetEqual(org.members.all(), [user])
+
+    @respx.mock
+    def test_callback_update_FT_organization_as_employer_does_not_crash(self, client):
+        org = PrescriberPoleEmploiFactory(code_safir_pole_emploi="95021")
+        mock_oauth_dance(
+            client,
+            UserKind.EMPLOYER,
+            oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
+        )
+        user = get_user(client)
+        assert user.is_authenticated
+        assert not user.prescribermembership_set.exists()
+
+        # If he's a prescriber and uses the employer login button
+        user.kind = UserKind.PRESCRIBER
+        user.save()
+        client.logout()
+        mock_oauth_dance(
+            client,
+            UserKind.EMPLOYER,
+            oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
+            register=False,
+        )
+        user = get_user(client)
+        assert user.is_authenticated
+        assertQuerySetEqual(org.members.all(), [user])
+
+    @respx.mock
+    def test_callback_ft_users_with_no_org(self, client):
+        PrescriberFactory(**dataclasses.asdict(ProConnectPrescriberData.from_user_info(OIDC_USERINFO)))
+
+        oidc_userinfo = OIDC_USERINFO.copy()
+        oidc_userinfo["email"] = "prenom.nom@francetravail.fr"
+        response = mock_oauth_dance(
+            client,
+            UserKind.PRESCRIBER,
+            oidc_userinfo=oidc_userinfo,
+        )
+        response = assert_and_mock_forced_logout(client, response)
+        assert get_user(client).is_authenticated is False
+        assertMessages(
+            response,
+            [
+                Message(
+                    messages.WARNING,
+                    "En tant qu'agent France Travail vous devez appartenir à une agence pour vous connecter à la "
+                    "plateforme des emplois. Veuillez vous faire inviter par l'administrateur d'une agence afin "
+                    "d'accéder au service.",
+                ),
+            ],
+        )
+
+    @respx.mock
+    def test_callback_ft_users_unknown_safir(self, client):
+        PrescriberFactory(**dataclasses.asdict(ProConnectPrescriberData.from_user_info(OIDC_USERINFO)))
+
+        oidc_userinfo = OIDC_USERINFO_FT_WITH_SAFIR.copy()
+        response = mock_oauth_dance(
+            client,
+            UserKind.PRESCRIBER,
+            oidc_userinfo=oidc_userinfo,
+        )
+        response = assert_and_mock_forced_logout(client, response)
+        assert get_user(client).is_authenticated is False
+        assertMessages(
+            response,
+            [
+                Message(
+                    messages.WARNING,
+                    "L'agence indiquée par NEPTUNE (code SAFIR 95021) n'est pas référencée dans notre service. "
+                    "Cela arrive quand vous appartenez à un Point Relais mais que vous êtes rattaché à une agence "
+                    "mère sur la plateforme des emplois. "
+                    "Si vous pensez qu'il y a une erreur, vérifiez que le code SAFIR est le bon "
+                    f"puis <a href='{global_constants.ITOU_HELP_CENTER_URL}'>contactez le support</a> en indiquant "
+                    "le code SAFIR.",
+                ),
+                Message(
+                    messages.WARNING,
+                    "En tant qu'agent France Travail vous devez appartenir à une agence pour vous connecter à la "
+                    "plateforme des emplois. Veuillez vous faire inviter par l'administrateur d'une agence afin "
+                    "d'accéder au service.",
+                ),
+            ],
+        )
+
+    @respx.mock
+    def test_callback_ft_users_unknown_safir_already_in_org(self, client):
+        user = PrescriberFactory(**dataclasses.asdict(ProConnectPrescriberData.from_user_info(OIDC_USERINFO)))
+        org = PrescriberPoleEmploiFactory(code_safir_pole_emploi="00000")
+        org.add_or_activate_member(user)
+
+        oidc_userinfo = OIDC_USERINFO_FT_WITH_SAFIR.copy()
+        oidc_userinfo["email"] = "prenom.nom@francetravail.fr"
+        response = mock_oauth_dance(
+            client,
+            UserKind.PRESCRIBER,
+            oidc_userinfo=oidc_userinfo,
+        )
+        assert get_user(client).is_authenticated is True
+        assertMessages(
+            response,
+            [
+                Message(
+                    messages.WARNING,
+                    "L'agence indiquée par NEPTUNE (code SAFIR 95021) n'est pas référencée dans notre service. "
+                    "Cela arrive quand vous appartenez à un Point Relais mais que vous êtes rattaché à une agence "
+                    "mère sur la plateforme des emplois. "
+                    "Si vous pensez qu'il y a une erreur, vérifiez que le code SAFIR est le bon "
+                    f"puis <a href='{global_constants.ITOU_HELP_CENTER_URL}'>contactez le support</a> en indiquant "
+                    "le code SAFIR.",
+                )
+            ],
+        )
+
+
+class TestProConnectSession:
+    def test_start_session(self, subtests):
+        pc_session = ProConnectSession()
+        assert pc_session.key == constants.PRO_CONNECT_SESSION_KEY
+
+        expected_keys = ["token", "state"]
+        pc_session_dict = dataclasses.asdict(pc_session)
+        for key in expected_keys:
+            with subtests.test(key):
+                assert key in pc_session_dict.keys()
+                assert pc_session_dict[key] is None
+
+        request = RequestFactory().get("/")
+        middleware = SessionMiddleware(lambda x: x)
+        middleware.process_request(request)
+        request.session.save()
+        pc_session.bind_to_request(request)
+        assert request.session.get(constants.PRO_CONNECT_SESSION_KEY)
+
+
+class TestProConnectLogin:
+    @respx.mock
+    def test_normal_signin(self, client):
+        """
+        A user has created an account with ProConnect.
+        He logs out.
+        He can log in again later.
+        """
+        # Create an account with IC.
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER)
+        client.get(response.url)  # display welcoming_tour
+
+        # Then log out.
+        response = client.post(reverse("account_logout"))
+
+        # Then log in again.
+        login_url = reverse("login:prescriber")
+        response = client.get(login_url)
+        assertContains(response, 'class="proconnect-button"')
+        assertContains(response, reverse("pro_connect:authorize"))
+
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=reverse("dashboard:index"))
+
+        # Make sure it was a login instead of a new signup.
+        users_count = User.objects.filter(email=OIDC_USERINFO["email"]).count()
+        assert users_count == 1
+
+    @respx.mock
+    def test_old_django_account(self, client):
+        """
+        A user has a Django account.
+        He clicks on IC button and creates his account.
+        His old Django account should now be considered as an IC one.
+        """
+        user_info = OIDC_USERINFO
+        user = PrescriberFactory(
+            has_completed_welcoming_tour=True,
+            **ProConnectPrescriberData.user_info_mapping_dict(user_info),
+            identity_provider=IdentityProvider.DJANGO,
+        )
+
+        # Existing user connects with IC which results in:
+        # - IC side: account creation
+        # - Django side: account update.
+        # This logic is already tested here: ProConnectModelTest
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=reverse("dashboard:index"))
+        assert auth.get_user(client).is_authenticated
+        # Make sure it was a login instead of a new signup.
+        users_count = User.objects.filter(email=OIDC_USERINFO["email"]).count()
+        assert users_count == 1
+
+        response = client.post(reverse("account_logout"))
+        assert response.status_code == 302
+        assert not auth.get_user(client).is_authenticated
+
+        # Try to login with Django.
+        # This is already tested in itou.www.login.tests but only at form level.
+        post_data = {"login": user.email, "password": DEFAULT_PASSWORD}
+        response = client.post(reverse("login:prescriber"), data=post_data)
+        error_message = "Votre compte est relié à ProConnect."
+        assertContains(response, error_message)
+        assert not auth.get_user(client).is_authenticated
+
+        # Then login with ProConnect.
+        mock_oauth_dance(client, UserKind.PRESCRIBER, expected_redirect_url=reverse("dashboard:index"))
+        assert auth.get_user(client).is_authenticated
+
+
+class TestProConnectLogout:
+    @respx.mock
+    def test_simple_logout(self, client):
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
+        logout_url = reverse("pro_connect:logout")
+        response = client.get(logout_url)
+        post_logout_redirect_uri = get_absolute_url(reverse("pro_connect:logout_callback"))
+        state = ProConnectState.objects.get(used_at=None).state
+        signed_state = signing.Signer().sign(state)
+
+        assertRedirects(
+            response,
+            add_url_params(
+                constants.PRO_CONNECT_ENDPOINT_LOGOUT,
+                {
+                    "id_token_hint": 123456,
+                    "state": signed_state,
+                    "post_logout_redirect_uri": post_logout_redirect_uri,
+                },
+            ),
+            fetch_redirect_response=False,
+        )
+        response = client.get(post_logout_redirect_uri)
+        assertRedirects(response, reverse("search:employers_home"))
+
+    @respx.mock
+    def test_logout_with_redirection(self, client):
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
+        expected_redirection = reverse("dashboard:index")
+
+        params = {"redirect_url": expected_redirection}
+        logout_url = f"{reverse('pro_connect:logout')}?{urlencode(params)}"
+        response = client.get(logout_url)
+        post_logout_redirect_uri = get_absolute_url(reverse("pro_connect:logout_callback"))
+        state = ProConnectState.objects.get(used_at=None).state
+        signed_state = signing.Signer().sign(state)
+
+        assertRedirects(
+            response,
+            add_url_params(
+                constants.PRO_CONNECT_ENDPOINT_LOGOUT,
+                {
+                    "id_token_hint": 123456,
+                    "state": signed_state,
+                    "post_logout_redirect_uri": post_logout_redirect_uri,
+                },
+            ),
+            fetch_redirect_response=False,
+        )
+        response = client.get(add_url_params(post_logout_redirect_uri, {"state": signed_state}))
+        assertRedirects(response, expected_redirection)
+
+    @respx.mock
+    def test_django_account_logout_from_pro(self, client):
+        """
+        When ac IC user wants to log out from his local account,
+        he should be logged out too from IC.
+        """
+        response = mock_oauth_dance(client, UserKind.PRESCRIBER)
+        assert auth.get_user(client).is_authenticated
+        # Follow the redirection.
+        response = client.get(response.url)
+        logout_url = reverse("account_logout")
+        assertContains(response, logout_url)
+        assert client.session.get(constants.PRO_CONNECT_SESSION_KEY)
+
+        response = client.post(logout_url)
+        expected_redirection = reverse("pro_connect:logout")
+        # For simplicity, exclude GET params. They are tested elsewhere anyway..
+        assert response.url.startswith(expected_redirection)
+
+        response = client.get(response.url)
+        # The following redirection is tested in self.test_logout_with_redirection
+        assert response.status_code == 302
+        assert not auth.get_user(client).is_authenticated
+
+    def test_django_account_logout(self, client):
+        """
+        When a local user wants to log out from his local account,
+        he should be logged out without pro connect.
+        """
+        user = PrescriberFactory()
+        client.force_login(user)
+        response = client.post(reverse("account_logout"))
+        assertRedirects(response, reverse("search:employers_home"))
+        assert not auth.get_user(client).is_authenticated
+
+    @respx.mock
+    def test_logout_with_incomplete_state(self, client):
+        # This happens while testing. It should never happen for real users, but it's still painful for us.
+
+        mock_oauth_dance(client, UserKind.PRESCRIBER)
+
+        session = client.session
+        session[constants.PRO_CONNECT_SESSION_KEY]["token"] = None
+        session[constants.PRO_CONNECT_SESSION_KEY]["state"] = None
+        session.save()
+
+        response = client.post(reverse("account_logout"))
+        assertRedirects(response, reverse("search:employers_home"))
+
+
+class TestProConnectMapChannel:
+    @pytest.mark.ignore_unknown_variable_template_error("with_matomo_event")
+    @respx.mock
+    def test_happy_path(self, client):
+        job_application = JobApplicationSentByPrescriberPoleEmploiFactory(
+            sender_prescriber_organization__code_safir_pole_emploi="95021"
+        )
+        prescriber = job_application.sender
+        prescriber.email = OIDC_USERINFO["email"]
+        prescriber.username = OIDC_USERINFO["sub"]
+        prescriber.save()
+        url_from_map = "{path}?channel={channel}".format(
+            path=reverse("apply:details_for_prescriber", kwargs={"job_application_id": job_application.pk}),
+            channel=ProConnectChannel.MAP_CONSEILLER.value,
+        )
+
+        response = client.get(url_from_map, follow=True)
+        # Starting point of both the oauth_dance and `mock_oauth_dance()`.
+        pc_endpoint = response.redirect_chain[-1][0]
+        assert pc_endpoint.startswith(constants.PRO_CONNECT_ENDPOINT_AUTHORIZE)
+        assert f"idp_hint={constants.PRO_CONNECT_FT_IDP_HINT}" in pc_endpoint
+
+        response = mock_oauth_dance(
+            client,
+            UserKind.PRESCRIBER,
+            next_url=url_from_map,
+            expected_redirect_url=url_from_map,
+            channel=ProConnectChannel.MAP_CONSEILLER,
+        )
+        assert auth.get_user(client).is_authenticated
+
+        response = client.get(response.url)
+        assert response.status_code == 200
+
+    @pytest.mark.ignore_unknown_variable_template_error("with_matomo_event")
+    @respx.mock
+    def test_create_user(self, client):
+        # Application sent by a colleague from the same agency but not by the prescriber himself.
+        job_application = JobApplicationSentByPrescriberPoleEmploiFactory(
+            sender_prescriber_organization__code_safir_pole_emploi="95021"
+        )
+
+        # Prescriber does not belong to this organization on Itou but
+        # IC says that he is allowed to join it.
+        # A new user should be created automatically, only when coming from MAP conseiller,
+        # and then be able to see a job application details.
+        url_from_map = "{path}?channel={channel}".format(
+            path=reverse("apply:details_for_prescriber", kwargs={"job_application_id": job_application.pk}),
+            channel=ProConnectChannel.MAP_CONSEILLER.value,
+        )
+
+        response = client.get(url_from_map, follow=True)
+        # Starting point of both the oauth_dance and `mock_oauth_dance()`.
+        pc_endpoint = response.redirect_chain[-1][0]
+        assert pc_endpoint.startswith(constants.PRO_CONNECT_ENDPOINT_AUTHORIZE)
+
+        response = mock_oauth_dance(
+            client,
+            UserKind.PRESCRIBER,
+            next_url=url_from_map,
+            expected_redirect_url=url_from_map,
+            channel=ProConnectChannel.MAP_CONSEILLER,
+            oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
+        )
+        assert job_application.sender_prescriber_organization.members.count() == 2
+        assert auth.get_user(client).is_authenticated
+
+        response = client.get(response.url)
+        assert response.status_code == 200
+
+    @respx.mock
+    def test_create_user_organization_not_found(self, client):
+        # Application sent by a colleague from the same agency but not by the prescriber himself.
+        job_application = JobApplicationSentByPrescriberPoleEmploiFactory(
+            sender_prescriber_organization__code_safir_pole_emploi=11111
+        )
+
+        # Prescriber does not belong to this organization on Itou but
+        # IC says that he is allowed to join it.
+        # A new user should be created automatically and redirected to the job application details page.
+        url_from_map = "{path}?channel={channel}".format(
+            path=reverse("apply:details_for_prescriber", kwargs={"job_application_id": job_application.pk}),
+            channel=ProConnectChannel.MAP_CONSEILLER.value,
+        )
+
+        response = client.get(url_from_map, follow=True)
+        # Starting point of both the oauth_dance and `mock_oauth_dance()`.
+        pc_endpoint = response.redirect_chain[-1][0]
+        assert pc_endpoint.startswith(constants.PRO_CONNECT_ENDPOINT_AUTHORIZE)
+
+        response = mock_oauth_dance(
+            client,
+            UserKind.PRESCRIBER,
+            next_url=url_from_map,
+            channel=ProConnectChannel.MAP_CONSEILLER,
+            oidc_userinfo=OIDC_USERINFO_FT_WITH_SAFIR.copy(),
+        )
+        response = assert_and_mock_forced_logout(client, response)
+
+        assert job_application.sender_prescriber_organization.members.count() == 1
+        assert not auth.get_user(client).is_authenticated
+
+        assertMessages(
+            response,
+            [
+                Message(
+                    messages.WARNING,
+                    "L'agence indiquée par NEPTUNE (code SAFIR 95021) n'est pas référencée dans notre service. "
+                    "Cela arrive quand vous appartenez à un Point Relais mais que vous êtes rattaché à une agence "
+                    "mère sur la plateforme des emplois. "
+                    "Si vous pensez qu'il y a une erreur, vérifiez que le code SAFIR est le bon "
+                    f"puis <a href='{global_constants.ITOU_HELP_CENTER_URL}'>contactez le support</a> en indiquant "
+                    "le code SAFIR.",
+                ),
+                Message(
+                    messages.WARNING,
+                    "En tant qu'agent France Travail vous devez appartenir à une agence pour vous connecter à la "
+                    "plateforme des emplois. Veuillez vous faire inviter par l'administrateur d'une agence afin "
+                    "d'accéder au service.",
+                ),
+            ],
+        )
diff --git a/tests/openid_connect/test.py b/tests/openid_connect/test.py
new file mode 100644
index 0000000000..c1b59346fe
--- /dev/null
+++ b/tests/openid_connect/test.py
@@ -0,0 +1,20 @@
+from functools import wraps
+
+import pytest
+
+from tests.openid_connect.inclusion_connect.test import inclusion_connect_setup
+from tests.openid_connect.pro_connect.test import pro_connect_setup
+
+
+def sso_parametrize(func):
+    @pytest.mark.parametrize(
+        "sso_setup",
+        [inclusion_connect_setup, pro_connect_setup],
+        ids=["Inclusion Connect", "ProConnect"],
+    )
+    @wraps(func)
+    def wrapper(*args, **kwargs):
+        with kwargs["sso_setup"]():
+            return func(*args, **kwargs)
+
+    return wrapper
diff --git a/tests/www/dashboard/test_activate_ic_account.py b/tests/www/dashboard/test_activate_sso_account.py
similarity index 68%
rename from tests/www/dashboard/test_activate_ic_account.py
rename to tests/www/dashboard/test_activate_sso_account.py
index 2a9ca09a4e..295e7a041f 100644
--- a/tests/www/dashboard/test_activate_ic_account.py
+++ b/tests/www/dashboard/test_activate_sso_account.py
@@ -9,10 +9,7 @@
 
 from itou.users.enums import IdentityProvider, UserKind
 from tests.institutions.factories import LaborInspectorFactory
-from tests.openid_connect.inclusion_connect.test import (
-    override_inclusion_connect_settings,
-)
-from tests.openid_connect.inclusion_connect.tests import OIDC_USERINFO, mock_oauth_dance
+from tests.openid_connect.test import sso_parametrize
 from tests.users.factories import (
     EmployerFactory,
     ItouStaffFactory,
@@ -21,10 +18,10 @@
 )
 
 
+@sso_parametrize
 @respx.mock
-@override_inclusion_connect_settings
-def test_prescriber_using_django_has_to_activate_ic_account(client):
-    user = PrescriberFactory(identity_provider=IdentityProvider.DJANGO, email=OIDC_USERINFO["email"])
+def test_prescriber_using_django_has_to_activate_sso_account(client, sso_setup):
+    user = PrescriberFactory(identity_provider=IdentityProvider.DJANGO, email=sso_setup.oidc_userinfo["email"])
     client.force_login(user)
     url = reverse("dashboard:index")
     response = client.get(url, follow=True)
@@ -35,21 +32,26 @@ def test_prescriber_using_django_has_to_activate_ic_account(client):
         "previous_url": activate_ic_account_url,
         "user_email": user.email,
     }
-    url = escape(f"{reverse('inclusion_connect:activate_account')}?{urlencode(params)}")
+    if sso_setup.identity_provider == IdentityProvider.INCLUSION_CONNECT:
+        url = escape(f"{reverse('inclusion_connect:activate_account')}?{urlencode(params)}")
+    else:
+        url = escape(f"{reverse('pro_connect:authorize')}?{urlencode(params)}")
     assertContains(response, url + '"')
-    response = mock_oauth_dance(
+    response = sso_setup.mock_oauth_dance(
         client,
         UserKind.PRESCRIBER,
         previous_url=activate_ic_account_url,
     )
     user.refresh_from_db()
-    assert user.identity_provider == IdentityProvider.INCLUSION_CONNECT
+    assert user.identity_provider == sso_setup.identity_provider
 
 
+@sso_parametrize
 @respx.mock
-@override_inclusion_connect_settings
-def test_employer_using_django_has_to_activate_ic_account(client):
-    user = EmployerFactory(with_company=True, identity_provider=IdentityProvider.DJANGO, email=OIDC_USERINFO["email"])
+def test_employer_using_django_has_to_activate_sso_account(client, sso_setup):
+    user = EmployerFactory(
+        with_company=True, identity_provider=IdentityProvider.DJANGO, email=sso_setup.oidc_userinfo["email"]
+    )
     client.force_login(user)
     url = reverse("dashboard:index")
     response = client.get(url, follow=True)
@@ -60,15 +62,18 @@ def test_employer_using_django_has_to_activate_ic_account(client):
         "previous_url": activate_ic_account_url,
         "user_email": user.email,
     }
-    url = escape(f"{reverse('inclusion_connect:activate_account')}?{urlencode(params)}")
+    if sso_setup.identity_provider == IdentityProvider.INCLUSION_CONNECT:
+        url = escape(f"{reverse('inclusion_connect:activate_account')}?{urlencode(params)}")
+    else:
+        url = escape(f"{reverse('pro_connect:authorize')}?{urlencode(params)}")
     assertContains(response, url + '"')
-    response = mock_oauth_dance(
+    response = sso_setup.mock_oauth_dance(
         client,
         UserKind.EMPLOYER,
         previous_url=activate_ic_account_url,
     )
     user.refresh_from_db()
-    assert user.identity_provider == IdentityProvider.INCLUSION_CONNECT
+    assert user.identity_provider == sso_setup.identity_provider
 
 
 @pytest.mark.parametrize(
diff --git a/tests/www/dashboard/test_edit_user_info.py b/tests/www/dashboard/test_edit_user_info.py
index afaf63c419..ab170e23e6 100644
--- a/tests/www/dashboard/test_edit_user_info.py
+++ b/tests/www/dashboard/test_edit_user_info.py
@@ -12,19 +12,17 @@
 from itou.users.enums import IdentityProvider, LackOfNIRReason, LackOfPoleEmploiId, Title
 from itou.users.models import JobSeekerProfile, User
 from itou.utils.mocks.address_format import mock_get_geocoding_data_by_ban_api_resolved
-from tests.openid_connect.inclusion_connect.test import (
-    InclusionConnectBaseTestCase,
-)
+from tests.openid_connect.inclusion_connect.test import inclusion_connect_setup
 from tests.users.factories import (
     JobSeekerFactory,
     PrescriberFactory,
 )
-from tests.utils.test import BASE_NUM_QUERIES, parse_response_to_soup
+from tests.utils.test import BASE_NUM_QUERIES, TestCase, parse_response_to_soup
 from tests.www.dashboard.test_edit_job_seeker_info import DISABLED_NIR
 
 
 @pytest.mark.usefixtures("unittest_compatibility")
-class EditUserInfoViewTest(InclusionConnectBaseTestCase):
+class EditUserInfoViewTest(TestCase):
     NIR_UPDATE_TALLY_LINK_LABEL = "Demander la correction du numéro de sécurité sociale"
     EMAIL_LABEL = "Adresse électronique"
     NIR_FIELD_ID = "id_nir"
@@ -520,9 +518,13 @@ def test_edit_with_invalid_pole_emploi_id(self):
             ),
         )
 
-    def test_edit_as_prescriber(self):
+    def test_edit_as_prescriber_PC(self):
         original_user = PrescriberFactory(
-            email="bob@saintclair.tld", first_name="Not Bob", last_name="Not Saint Clair", phone="0600000000"
+            email="bob@saintclair.tld",
+            first_name="Not Bob",
+            last_name="Not Saint Clair",
+            phone="0600000000",
+            identity_provider=IdentityProvider.PRO_CONNECT,
         )
         self.client.force_login(original_user)
         url = reverse("dashboard:edit_user_info")
@@ -534,7 +536,7 @@ def test_edit_as_prescriber(self):
         self.assertContains(response, f"Prénom : <strong>{original_user.first_name.title()}</strong>")
         self.assertContains(response, f"Nom : <strong>{original_user.last_name.upper()}</strong>")
         self.assertContains(response, f"Adresse e-mail : <strong>{original_user.email}</strong>")
-        self.assertContains(response, "Modifier ces informations")
+        self.assertContains(response, "Ces informations doivent être modifiées sur votre fournisseur d'identité.")
 
         post_data = {
             "email": "notbob@notsaintclair.com",
@@ -550,3 +552,39 @@ def test_edit_as_prescriber(self):
         assert updated_user.first_name == original_user.first_name
         assert updated_user.last_name == original_user.last_name
         assert updated_user.phone == post_data["phone"]
+
+    def test_edit_as_prescriber_IC(self):
+        with inclusion_connect_setup():
+            original_user = PrescriberFactory(
+                email="bob@saintclair.tld",
+                first_name="Not Bob",
+                last_name="Not Saint Clair",
+                phone="0600000000",
+                identity_provider=IdentityProvider.INCLUSION_CONNECT,
+            )
+            self.client.force_login(original_user)
+            url = reverse("dashboard:edit_user_info")
+            response = self.client.get(url)
+            self.assertNotContains(response, self.NIR_FIELD_ID)
+            self.assertNotContains(response, self.LACK_OF_NIR_FIELD_ID)
+            self.assertNotContains(response, self.LACK_OF_NIR_REASON_FIELD_ID)
+            self.assertNotContains(response, self.BIRTHDATE_FIELD_NAME)
+            self.assertContains(response, f"Prénom : <strong>{original_user.first_name.title()}</strong>")
+            self.assertContains(response, f"Nom : <strong>{original_user.last_name.upper()}</strong>")
+            self.assertContains(response, f"Adresse e-mail : <strong>{original_user.email}</strong>")
+            self.assertContains(response, "Modifier ces informations")
+
+            post_data = {
+                "email": "notbob@notsaintclair.com",
+                "first_name": "Bob",
+                "last_name": "Saint Clair",
+                "phone": "0610203050",
+            }
+            response = self.client.post(url, data=post_data)
+            assert response.status_code == 302
+
+            updated_user = User.objects.get(pk=original_user.pk)
+            assert updated_user.email == original_user.email
+            assert updated_user.first_name == original_user.first_name
+            assert updated_user.last_name == original_user.last_name
+            assert updated_user.phone == post_data["phone"]
diff --git a/tests/www/invitations_views/test_company_accept.py b/tests/www/invitations_views/test_company_accept.py
index ca66067e86..c7170496cf 100644
--- a/tests/www/invitations_views/test_company_accept.py
+++ b/tests/www/invitations_views/test_company_accept.py
@@ -4,10 +4,10 @@
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import get_user
-from django.contrib.messages.test import MessagesTestMixin
 from django.core import mail
 from django.shortcuts import reverse
 from django.utils.html import escape
+from pytest_django.asserts import assertContains, assertMessages, assertNotContains, assertRedirects
 
 from itou.users.enums import KIND_EMPLOYER, UserKind
 from itou.users.models import User
@@ -16,14 +16,13 @@
 from itou.utils.urls import add_url_params
 from tests.companies.factories import CompanyFactory
 from tests.invitations.factories import ExpiredEmployerInvitationFactory, SentEmployerInvitationFactory
-from tests.openid_connect.inclusion_connect.test import InclusionConnectBaseTestCase
-from tests.openid_connect.inclusion_connect.tests import OIDC_USERINFO, assert_and_mock_forced_logout, mock_oauth_dance
+from tests.openid_connect.test import sso_parametrize
 from tests.prescribers.factories import PrescriberOrganizationWithMembershipFactory
 from tests.users.factories import EmployerFactory
 from tests.utils.test import ItouClient
 
 
-class TestAcceptInvitation(MessagesTestMixin, InclusionConnectBaseTestCase):
+class TestAcceptInvitation:
     def assert_accepted_invitation(self, response, invitation, user):
         user.refresh_from_db()
         invitation.refresh_from_db()
@@ -37,7 +36,7 @@ def assert_accepted_invitation(self, response, invitation, user):
         assert invitation.sender.email == mail.outbox[0].to[0]
 
         # Make sure there's a welcome message.
-        self.assertContains(
+        assertContains(
             response, escape(f"Vous êtes désormais membre de la structure {invitation.company.display_name}.")
         )
 
@@ -46,11 +45,12 @@ def assert_accepted_invitation(self, response, invitation, user):
         # A user can be member of one or more siae
         assert current_company in user.company_set.all()
 
+    @sso_parametrize
     @respx.mock
-    def test_accept_invitation_signup(self):
-        invitation = SentEmployerInvitationFactory(email=OIDC_USERINFO["email"])
-        response = self.client.get(invitation.acceptance_link, follow=True)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+    def test_accept_invitation_signup(self, client, sso_setup):
+        invitation = SentEmployerInvitationFactory(email=sso_setup.oidc_userinfo["email"])
+        response = client.get(invitation.acceptance_link, follow=True)
+        sso_setup.assertContainsButton(response)
 
         # We don't put the full path with the FQDN in the parameters
         previous_url = invitation.acceptance_link.split(settings.ITOU_FQDN)[1]
@@ -62,20 +62,20 @@ def test_accept_invitation_signup(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         total_users_before = User.objects.count()
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_EMPLOYER,
             user_email=invitation.email,
             channel="invitation",
             previous_url=previous_url,
             next_url=next_url,
         )
-        response = self.client.get(response.url, follow=True)
+        response = client.get(response.url, follow=True)
         # Check user is redirected to the welcoming tour
         last_url, _status_code = response.redirect_chain[-1]
         assert last_url == reverse("welcoming_tour:index")
@@ -86,11 +86,12 @@ def test_accept_invitation_signup(self):
         user = User.objects.get(email=invitation.email)
         self.assert_accepted_invitation(response, invitation, user)
 
+    @sso_parametrize
     @respx.mock
-    def test_accept_invitation_signup_returns_on_other_browser(self):
-        invitation = SentEmployerInvitationFactory(email=OIDC_USERINFO["email"])
-        response = self.client.get(invitation.acceptance_link, follow=True)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+    def test_accept_invitation_signup_returns_on_other_browser(self, client, sso_setup):
+        invitation = SentEmployerInvitationFactory(email=sso_setup.oidc_userinfo["email"])
+        response = client.get(invitation.acceptance_link, follow=True)
+        sso_setup.assertContainsButton(response)
 
         # We don't put the full path with the FQDN in the parameters
         previous_url = invitation.acceptance_link.split(settings.ITOU_FQDN)[1]
@@ -102,14 +103,14 @@ def test_accept_invitation_signup_returns_on_other_browser(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         total_users_before = User.objects.count()
 
         other_client = ItouClient()
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_EMPLOYER,
             user_email=invitation.email,
             channel="invitation",
@@ -128,11 +129,12 @@ def test_accept_invitation_signup_returns_on_other_browser(self):
         user = User.objects.get(email=invitation.email)
         self.assert_accepted_invitation(response, invitation, user)
 
+    @sso_parametrize
     @respx.mock
-    def test_accept_invitation_signup_bad_email_case(self):
-        invitation = SentEmployerInvitationFactory(email=OIDC_USERINFO["email"].upper())
-        response = self.client.get(invitation.acceptance_link, follow=True)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+    def test_accept_invitation_signup_bad_email_case(self, client, sso_setup):
+        invitation = SentEmployerInvitationFactory(email=sso_setup.oidc_userinfo["email"].upper())
+        response = client.get(invitation.acceptance_link, follow=True)
+        sso_setup.assertContainsButton(response)
 
         # We don't put the full path with the FQDN in the parameters
         previous_url = invitation.acceptance_link.split(settings.ITOU_FQDN)[1]
@@ -144,13 +146,13 @@ def test_accept_invitation_signup_bad_email_case(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         assert User.objects.filter(email=invitation.email).first() is None
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_EMPLOYER,
             # Using the same email with a different case should not fail
             user_email=invitation.email.lower(),
@@ -158,7 +160,7 @@ def test_accept_invitation_signup_bad_email_case(self):
             previous_url=previous_url,
             next_url=next_url,
         )
-        response = self.client.get(response.url, follow=True)
+        response = client.get(response.url, follow=True)
         # Check user is redirected to the welcoming tour
         last_url, _ = response.redirect_chain[-1]
         assert last_url == reverse("welcoming_tour:index")
@@ -166,15 +168,16 @@ def test_accept_invitation_signup_bad_email_case(self):
         user = User.objects.get(email=invitation.email)
         self.assert_accepted_invitation(response, invitation, user)
 
+    @sso_parametrize
     @respx.mock
-    def test_accept_existing_user_not_logged_in_using_IC(self):
-        invitation = SentEmployerInvitationFactory(email=OIDC_USERINFO["email"])
+    def test_accept_existing_user_not_logged_in_using_ProConnect(self, client, sso_setup):
+        invitation = SentEmployerInvitationFactory(email=sso_setup.oidc_userinfo["email"])
         user = EmployerFactory(
-            username=OIDC_USERINFO["sub"],
-            email=OIDC_USERINFO["email"],
+            username=sso_setup.oidc_userinfo["sub"],
+            email=sso_setup.oidc_userinfo["email"],
             has_completed_welcoming_tour=True,
         )
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        response = client.get(invitation.acceptance_link, follow=True)
         assert reverse("login:employer") in response.wsgi_request.get_full_path()
         assert not invitation.accepted
         next_url = reverse("invitations_views:join_company", args=(invitation.pk,))
@@ -184,11 +187,11 @@ def test_accept_existing_user_not_logged_in_using_IC(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             UserKind.EMPLOYER,
             user_email=user.email,
             channel="invitation",
@@ -196,25 +199,26 @@ def test_accept_existing_user_not_logged_in_using_IC(self):
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
+        response = client.get(response.url, follow=True)
 
         assert response.context["user"].is_authenticated
         self.assert_accepted_invitation(response, invitation, user)
 
-    def test_accept_invitation_logged_in_user(self):
+    def test_accept_invitation_logged_in_user(self, client):
         # A logged in user should log out before accepting an invitation.
         logged_in_user = EmployerFactory()
-        self.client.force_login(logged_in_user)
+        client.force_login(logged_in_user)
         # Invitation for another user
         invitation = SentEmployerInvitationFactory(email="loutre@example.com")
-        response = self.client.get(invitation.acceptance_link, follow=True)
-        self.assertRedirects(response, reverse("account_logout"))
+        response = client.get(invitation.acceptance_link, follow=True)
+        assertRedirects(response, reverse("account_logout"))
 
+    @sso_parametrize
     @respx.mock
-    def test_accept_invitation_signup_wrong_email(self):
+    def test_accept_invitation_signup_wrong_email(self, client, sso_setup):
         invitation = SentEmployerInvitationFactory()
-        response = self.client.get(invitation.acceptance_link, follow=True)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(invitation.acceptance_link, follow=True)
+        sso_setup.assertContainsButton(response)
 
         # We don't put the full path with the FQDN in the parameters
         previous_url = invitation.acceptance_link.split(settings.ITOU_FQDN)[1]
@@ -226,30 +230,30 @@ def test_accept_invitation_signup_wrong_email(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         url = reverse("dashboard:index")
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_EMPLOYER,
-            # the login hint is different from OIDC_USERINFO["email"] which is used to create the IC account
+            # the login hint is different from the email used to create the SSO account
             user_email=invitation.email,
             channel="invitation",
             previous_url=previous_url,
             next_url=next_url,
-            expected_redirect_url=add_url_params(reverse("inclusion_connect:logout"), {"redirect_url": previous_url}),
+            expected_redirect_url=add_url_params(sso_setup.logout_url, {"redirect_url": previous_url}),
         )
-        # After logout, Inclusion connect redirects to previous_url (see redirect_url param in expected_redirect_url)
-        response = self.client.get(previous_url, follow=True)
+        # After logout, the SSO redirects to previous_url (see redirect_url param in expected_redirect_url)
+        response = client.get(previous_url, follow=True)
         # Signup should have failed : as the email used in IC isn't the one from the invitation
-        self.assertMessages(
+        assertMessages(
             response,
             [
                 messages.Message(
                     messages.ERROR,
                     "L’adresse e-mail que vous avez utilisée pour vous connecter avec "
-                    "Inclusion Connect (michel@lestontons.fr) ne correspond pas à "
+                    f"{sso_setup.identity_provider.label} (michel@lestontons.fr) ne correspond pas à "
                     f"l’adresse e-mail de l’invitation ({invitation.email}).",
                 )
             ],
@@ -257,42 +261,42 @@ def test_accept_invitation_signup_wrong_email(self):
         assert response.wsgi_request.get_full_path() == previous_url
         assert not User.objects.filter(email=invitation.email).exists()
 
-    def test_expired_invitation(self):
+    def test_expired_invitation(self, client):
         invitation = ExpiredEmployerInvitationFactory()
         assert invitation.has_expired
 
         # User wants to join our website but it's too late!
-        response = self.client.get(invitation.acceptance_link, follow=True)
-        self.assertContains(response, "expirée")
+        response = client.get(invitation.acceptance_link, follow=True)
+        assertContains(response, "expirée")
 
         user = EmployerFactory(email=invitation.email)
-        self.client.force_login(user)
+        client.force_login(user)
         join_url = reverse("invitations_views:join_company", kwargs={"invitation_id": invitation.id})
-        response = self.client.get(join_url, follow=True)
-        self.assertContains(response, escape("Cette invitation n'est plus valide."))
+        response = client.get(join_url, follow=True)
+        assertContains(response, escape("Cette invitation n'est plus valide."))
 
-    def test_inactive_siae(self):
+    def test_inactive_siae(self, client):
         company = CompanyFactory(convention__is_active=False)
         invitation = SentEmployerInvitationFactory(company=company)
         user = EmployerFactory(email=invitation.email)
-        self.client.force_login(user)
+        client.force_login(user)
         join_url = reverse("invitations_views:join_company", kwargs={"invitation_id": invitation.id})
-        response = self.client.get(join_url, follow=True)
-        self.assertContains(response, escape("Cette structure n'est plus active."))
+        response = client.get(join_url, follow=True)
+        assertContains(response, escape("Cette structure n'est plus active."))
 
-    def test_non_existent_invitation(self):
+    def test_non_existent_invitation(self, client):
         invitation = SentEmployerInvitationFactory.build(
             first_name="Léonie", last_name="Bathiat", email="leonie@bathiat.com"
         )
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        response = client.get(invitation.acceptance_link, follow=True)
         assert response.status_code == 404
 
-    def test_accepted_invitation(self):
+    def test_accepted_invitation(self, client):
         invitation = SentEmployerInvitationFactory(accepted=True)
-        response = self.client.get(invitation.acceptance_link, follow=True)
-        self.assertContains(response, escape("Invitation acceptée"))
+        response = client.get(invitation.acceptance_link, follow=True)
+        assertContains(response, escape("Invitation acceptée"))
 
-    def test_accept_existing_user_already_member_of_inactive_siae(self):
+    def test_accept_existing_user_already_member_of_inactive_siae(self, client):
         """
         An inactive SIAE user (i.e. attached to a single inactive SIAE)
         can only be ressucitated by being invited to a new SIAE.
@@ -308,9 +312,9 @@ def test_accept_existing_user_already_member_of_inactive_siae(self):
             last_name=user.last_name,
             email=user.email,
         )
-        self.client.force_login(user)
-        response = self.client.get(invitation.acceptance_link, follow=True)
-        self.assertRedirects(response, reverse("welcoming_tour:index"))
+        client.force_login(user)
+        response = client.get(invitation.acceptance_link, follow=True)
+        assertRedirects(response, reverse("welcoming_tour:index"))
         # /invitations/<uui>/join-company then /welcoming_tour/index
         assert len(response.redirect_chain) == 2
 
@@ -318,24 +322,25 @@ def test_accept_existing_user_already_member_of_inactive_siae(self):
         assert company.pk == current_company.pk
         self.assert_accepted_invitation(response, invitation, user)
 
+    @sso_parametrize
     @respx.mock
-    def test_accept_new_user_to_inactive_siae(self):
+    def test_accept_new_user_to_inactive_siae(self, client, sso_setup):
         company = CompanyFactory(convention__is_active=False, with_membership=True)
         sender = company.members.first()
         invitation = SentEmployerInvitationFactory(
             sender=sender,
             company=company,
-            email=OIDC_USERINFO["email"],
+            email=sso_setup.oidc_userinfo["email"],
         )
-        response = self.client.get(invitation.acceptance_link, follow=True)
-        self.assertContains(response, escape("La structure que vous souhaitez rejoindre n'est plus active."))
-        self.assertNotContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(invitation.acceptance_link, follow=True)
+        assertContains(response, escape("La structure que vous souhaitez rejoindre n'est plus active."))
+        assertNotContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
 
         # If the user still manages to signup with IC
         previous_url = invitation.acceptance_link.split(settings.ITOU_FQDN)[1]
         next_url = reverse("invitations_views:join_company", args=(invitation.pk,))
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_EMPLOYER,
             user_email=invitation.email,
             channel="invitation",
@@ -343,11 +348,11 @@ def test_accept_new_user_to_inactive_siae(self):
             next_url=next_url,
         )
         # response redirects to /invitation/uid/join-company
-        response = self.client.get(response.url)
+        response = client.get(response.url)
         # company is inactive so the user will be logged out
-        response = assert_and_mock_forced_logout(self.client, response)
-        assert not get_user(self.client).is_authenticated
-        self.assertMessages(
+        response = sso_setup.assert_and_mock_forced_logout(client, response)
+        assert not get_user(client).is_authenticated
+        assertMessages(
             response,
             [
                 messages.Message(messages.ERROR, "Cette structure n'est plus active."),
@@ -361,7 +366,7 @@ def test_accept_new_user_to_inactive_siae(self):
         user = User.objects.get(email=invitation.email)
         assert user.company_set.count() == 0
 
-    def test_accept_existing_user_is_not_employer(self):
+    def test_accept_existing_user_is_not_employer(self, client):
         user = PrescriberOrganizationWithMembershipFactory().members.first()
         invitation = SentEmployerInvitationFactory(
             first_name=user.first_name,
@@ -369,31 +374,31 @@ def test_accept_existing_user_is_not_employer(self):
             email=user.email,
         )
 
-        self.client.force_login(user)
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        client.force_login(user)
+        response = client.get(invitation.acceptance_link, follow=True)
 
         assert response.status_code == 403
         assert not invitation.accepted
 
-    def test_accept_connected_user_is_not_the_invited_user(self):
+    def test_accept_connected_user_is_not_the_invited_user(self, client):
         invitation = SentEmployerInvitationFactory()
-        self.client.force_login(invitation.sender)
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        client.force_login(invitation.sender)
+        response = client.get(invitation.acceptance_link, follow=True)
 
         assert reverse("account_logout") == response.wsgi_request.path
         assert not invitation.accepted
-        self.assertContains(response, "Un utilisateur est déjà connecté.")
+        assertContains(response, "Un utilisateur est déjà connecté.")
 
-    def test_accept_existing_user_email_different_case(self):
+    def test_accept_existing_user_email_different_case(self, client):
         user = EmployerFactory(has_completed_welcoming_tour=True, email="HEY@example.com")
         invitation = SentEmployerInvitationFactory(
             email="hey@example.com",
         )
-        self.client.force_login(user)
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        client.force_login(user)
+        response = client.get(invitation.acceptance_link, follow=True)
         self.assert_accepted_invitation(response, invitation, user)
 
-    def test_expired_invitation_old_link(self):
+    def test_expired_invitation_old_link(self, client):
         user = EmployerFactory()
         # Invitation for another user
         invitation = SentEmployerInvitationFactory(email=user.email)
@@ -404,7 +409,7 @@ def test_expired_invitation_old_link(self):
                 "invitation_id": invitation.pk,
             },
         )
-        response = self.client.get(acceptance_link, follow=True)
-        self.assertRedirects(response, reverse("search:employers_home"))
+        response = client.get(acceptance_link, follow=True)
+        assertRedirects(response, reverse("search:employers_home"))
         invitation.refresh_from_db()
         assert not invitation.accepted
diff --git a/tests/www/invitations_views/test_prescriber_organization.py b/tests/www/invitations_views/test_prescriber_organization.py
index bc51742629..f1fd51903e 100644
--- a/tests/www/invitations_views/test_prescriber_organization.py
+++ b/tests/www/invitations_views/test_prescriber_organization.py
@@ -6,11 +6,10 @@
 from allauth.account.models import EmailAddress
 from django.conf import settings
 from django.contrib import messages
-from django.contrib.messages.test import MessagesTestMixin
 from django.core import mail
 from django.shortcuts import reverse
 from django.utils.html import escape
-from pytest_django.asserts import assertRedirects
+from pytest_django.asserts import assertContains, assertMessages, assertRedirects, assertTemplateUsed
 
 from itou.invitations.models import PrescriberWithOrgInvitation
 from itou.prescribers.enums import PrescriberOrganizationKind
@@ -18,12 +17,10 @@
 from itou.users.models import User
 from itou.utils import constants as global_constants
 from itou.utils.perms.prescriber import get_current_org_or_404
-from itou.utils.templatetags.theme_inclusion import static_theme_images
 from itou.utils.urls import add_url_params
 from tests.companies.factories import CompanyFactory
 from tests.invitations.factories import PrescriberWithOrgSentInvitationFactory
-from tests.openid_connect.inclusion_connect.test import InclusionConnectBaseTestCase
-from tests.openid_connect.inclusion_connect.tests import OIDC_USERINFO, mock_oauth_dance
+from tests.openid_connect.test import sso_parametrize
 from tests.prescribers.factories import PrescriberOrganizationWithMembershipFactory, PrescriberPoleEmploiFactory
 from tests.users.factories import DEFAULT_PASSWORD, JobSeekerFactory, PrescriberFactory
 from tests.utils.test import ItouClient, TestCase, assert_previous_step
@@ -221,9 +218,9 @@ def test_unsuccessful(self, client):
         )
 
 
-class TestAcceptPrescriberWithOrgInvitation(MessagesTestMixin, InclusionConnectBaseTestCase):
-    def setUp(self):
-        super().setUp()
+class TestAcceptPrescriberWithOrgInvitation:
+    @pytest.fixture(autouse=True)
+    def setup_method(self):
         self.organization = PrescriberOrganizationWithMembershipFactory()
         # Create a second member to make sure emails are also
         # sent to regular members
@@ -233,11 +230,11 @@ def setUp(self):
 
     def assert_invitation_is_accepted(self, response, user, invitation, new_user=True):
         if new_user:
-            self.assertRedirects(response, reverse("welcoming_tour:index"))
+            assertRedirects(response, reverse("welcoming_tour:index"))
         elif user.identity_provider == IdentityProvider.DJANGO:
-            self.assertRedirects(response, reverse("dashboard:activate_ic_account"))
+            assertRedirects(response, reverse("dashboard:activate_ic_account"))
         else:
-            self.assertRedirects(response, reverse("dashboard:index"))
+            assertRedirects(response, reverse("dashboard:index"))
 
         user.refresh_from_db()
         invitation.refresh_from_db()
@@ -248,7 +245,7 @@ def assert_invitation_is_accepted(self, response, user, invitation, new_user=Tru
         assert self.organization.members.count() == 3
 
         # Make sure there's a welcome message.
-        self.assertContains(
+        assertContains(
             response, escape(f"Vous êtes désormais membre de l'organisation {self.organization.display_name}.")
         )
 
@@ -262,11 +259,12 @@ def assert_invitation_is_accepted(self, response, user, invitation, new_user=Tru
         # A user can be member of one or more organizations
         assert current_org in user.prescriberorganization_set.all()
 
+    @sso_parametrize
     @respx.mock
-    def test_accept_prescriber_org_invitation(self):
+    def test_accept_prescriber_org_invitation(self, client, sso_setup):
         invitation = PrescriberWithOrgSentInvitationFactory(sender=self.sender, organization=self.organization)
-        response = self.client.get(invitation.acceptance_link)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(invitation.acceptance_link)
+        sso_setup.assertContainsButton(response)
 
         # We don't put the full path with the FQDN in the parameters
         previous_url = invitation.acceptance_link.split(settings.ITOU_FQDN)[1]
@@ -278,29 +276,29 @@ def test_accept_prescriber_org_invitation(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         # Singup fails on Inclusion Connect with email different than the one from the invitation
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             UserKind.PRESCRIBER,
             user_email=invitation.email,
             channel="invitation",
             previous_url=previous_url,
             next_url=next_url,
-            expected_redirect_url=add_url_params(reverse("inclusion_connect:logout"), {"redirect_url": previous_url}),
+            expected_redirect_url=add_url_params(sso_setup.logout_url, {"redirect_url": previous_url}),
         )
         # Inclusion connect redirects to previous_url
-        response = self.client.get(previous_url, follow=True)
+        response = client.get(previous_url, follow=True)
         # Signup should have failed : as the email used in IC isn't the one from the invitation
-        self.assertMessages(
+        assertMessages(
             response,
             [
                 messages.Message(
                     messages.ERROR,
                     "L’adresse e-mail que vous avez utilisée pour vous connecter avec "
-                    "Inclusion Connect (michel@lestontons.fr) ne correspond pas à "
+                    f"{sso_setup.identity_provider.label} (michel@lestontons.fr) ne correspond pas à "
                     f"l’adresse e-mail de l’invitation ({invitation.email}).",
                 )
             ],
@@ -308,10 +306,10 @@ def test_accept_prescriber_org_invitation(self):
         assert not User.objects.filter(email=invitation.email).exists()
 
         # Singup works on Inclusion Connect with the correct email
-        invitation.email = OIDC_USERINFO["email"]
+        invitation.email = sso_setup.oidc_userinfo["email"]
         invitation.save()
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             UserKind.PRESCRIBER,
             user_email=invitation.email,
             channel="invitation",
@@ -319,17 +317,18 @@ def test_accept_prescriber_org_invitation(self):
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         user = User.objects.get(email=invitation.email)
         self.assert_invitation_is_accepted(response, user, invitation)
 
+    @sso_parametrize
     @respx.mock
-    def test_accept_prescriber_org_invitation_returns_on_other_browser(self):
+    def test_accept_prescriber_org_invitation_returns_on_other_browser(self, client, sso_setup):
         invitation = PrescriberWithOrgSentInvitationFactory(sender=self.sender, organization=self.organization)
-        response = self.client.get(invitation.acceptance_link)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(invitation.acceptance_link)
+        sso_setup.assertContainsButton(response)
 
         # We don't put the full path with the FQDN in the parameters
         previous_url = invitation.acceptance_link.split(settings.ITOU_FQDN)[1]
@@ -341,14 +340,14 @@ def test_accept_prescriber_org_invitation_returns_on_other_browser(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         other_client = ItouClient()
-        invitation.email = OIDC_USERINFO["email"]
+        invitation.email = sso_setup.oidc_userinfo["email"]
         invitation.save()
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             UserKind.PRESCRIBER,
             user_email=invitation.email,
             channel="invitation",
@@ -358,12 +357,12 @@ def test_accept_prescriber_org_invitation_returns_on_other_browser(self):
         )
         # Follow the redirection.
         response = other_client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         user = User.objects.get(email=invitation.email)
         self.assert_invitation_is_accepted(response, user, invitation)
 
-    def test_accept_existing_user_is_prescriber_without_org(self):
+    def test_accept_existing_user_is_prescriber_without_org(self, client):
         user = PrescriberFactory(has_completed_welcoming_tour=True)
         invitation = PrescriberWithOrgSentInvitationFactory(
             sender=self.sender,
@@ -372,13 +371,13 @@ def test_accept_existing_user_is_prescriber_without_org(self):
             last_name=user.last_name,
             email=user.email,
         )
-        self.client.force_login(user)
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        client.force_login(user)
+        response = client.get(invitation.acceptance_link, follow=True)
         # /invitations/<uui>/join_company then /welcoming_tour/index
         assert len(response.redirect_chain) == 2
         self.assert_invitation_is_accepted(response, user, invitation, new_user=False)
 
-    def test_accept_existing_user_email_different_case(self):
+    def test_accept_existing_user_email_different_case(self, client):
         user = PrescriberFactory(has_completed_welcoming_tour=True, email="HEY@example.com")
         invitation = PrescriberWithOrgSentInvitationFactory(
             sender=self.sender,
@@ -387,11 +386,11 @@ def test_accept_existing_user_email_different_case(self):
             last_name=user.last_name,
             email="hey@example.com",
         )
-        self.client.force_login(user)
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        client.force_login(user)
+        response = client.get(invitation.acceptance_link, follow=True)
         self.assert_invitation_is_accepted(response, user, invitation, new_user=False)
 
-    def test_accept_existing_user_belongs_to_another_organization(self):
+    def test_accept_existing_user_belongs_to_another_organization(self, client):
         user = PrescriberOrganizationWithMembershipFactory().members.first()
         user.has_completed_welcoming_tour = True
         user.save()
@@ -402,16 +401,17 @@ def test_accept_existing_user_belongs_to_another_organization(self):
             last_name=user.last_name,
             email=user.email,
         )
-        self.client.force_login(user)
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        client.force_login(user)
+        response = client.get(invitation.acceptance_link, follow=True)
         self.assert_invitation_is_accepted(response, user, invitation, new_user=False)
 
+    @sso_parametrize
     @respx.mock
-    def test_accept_existing_user_not_logged_in_using_IC(self):
+    def test_accept_existing_user_not_logged_in_using_PC(self, client, sso_setup):
         invitation = PrescriberWithOrgSentInvitationFactory(sender=self.sender, organization=self.organization)
         user = PrescriberFactory(
-            username=OIDC_USERINFO["sub"],
-            email=OIDC_USERINFO["email"],
+            username=sso_setup.oidc_userinfo["sub"],
+            email=sso_setup.oidc_userinfo["email"],
             has_completed_welcoming_tour=True,
         )
         # The user verified its email
@@ -423,7 +423,7 @@ def test_accept_existing_user_not_logged_in_using_IC(self):
             last_name=user.last_name,
             email=user.email,
         )
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        response = client.get(invitation.acceptance_link, follow=True)
         assert reverse("login:prescriber") in response.wsgi_request.get_full_path()
         assert not invitation.accepted
         next_url = reverse("invitations_views:join_prescriber_organization", args=(invitation.pk,))
@@ -433,11 +433,11 @@ def test_accept_existing_user_not_logged_in_using_IC(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             UserKind.PRESCRIBER,
             user_email=user.email,
             channel="invitation",
@@ -445,12 +445,12 @@ def test_accept_existing_user_not_logged_in_using_IC(self):
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
+        response = client.get(response.url, follow=True)
 
         assert response.context["user"].is_authenticated
         self.assert_invitation_is_accepted(response, user, invitation, new_user=False)
 
-    def test_accept_existing_user_not_logged_in_using_django_auth(self):
+    def test_accept_existing_user_not_logged_in_using_django_auth(self, client):
         invitation = PrescriberWithOrgSentInvitationFactory(sender=self.sender, organization=self.organization)
         user = PrescriberFactory(has_completed_welcoming_tour=True, identity_provider="DJANGO")
         # The user verified its email
@@ -462,11 +462,11 @@ def test_accept_existing_user_not_logged_in_using_django_auth(self):
             last_name=user.last_name,
             email=user.email,
         )
-        response = self.client.get(invitation.acceptance_link, follow=True)
+        response = client.get(invitation.acceptance_link, follow=True)
         assert reverse("login:prescriber") in response.wsgi_request.get_full_path()
         assert not invitation.accepted
 
-        response = self.client.post(
+        response = client.post(
             response.wsgi_request.get_full_path(),
             data={"login": user.email, "password": DEFAULT_PASSWORD},
             follow=True,
diff --git a/tests/www/login/tests.py b/tests/www/login/tests.py
index 7cd0387fce..28f821b602 100644
--- a/tests/www/login/tests.py
+++ b/tests/www/login/tests.py
@@ -7,7 +7,7 @@
 from django.test.client import RequestFactory
 from django.urls import reverse
 from django.utils.html import escape
-from pytest_django.asserts import assertContains
+from pytest_django.asserts import assertContains, assertRedirects
 
 from itou.openid_connect.france_connect import constants as fc_constants
 from itou.users import enums as users_enums
@@ -16,7 +16,7 @@
 from itou.utils.urls import add_url_params
 from itou.www.login.forms import ItouLoginForm
 from tests.openid_connect.france_connect.tests import FC_USERINFO, mock_oauth_dance
-from tests.openid_connect.inclusion_connect.test import InclusionConnectBaseTestCase
+from tests.openid_connect.test import sso_parametrize
 from tests.users.factories import (
     DEFAULT_PASSWORD,
     EmployerFactory,
@@ -28,6 +28,7 @@
 
 
 CONNECT_WITH_IC = "Se connecter avec Inclusion Connect"
+PRO_CONNECT_BTN = 'class="proconnect-button"'
 
 
 class ItouLoginTest(TestCase):
@@ -67,109 +68,119 @@ def test_error_if_user_has_sso_provider(self):
         assert "FranceConnect" in form.errors["__all__"][0]
 
 
-class PrescriberLoginTest(InclusionConnectBaseTestCase):
-    def test_login_options(self):
+class TestPrescriberLogin:
+    @sso_parametrize
+    def test_login_options(self, client, sso_setup):
         url = reverse("login:prescriber")
-        response = self.client.get(url)
-        self.assertContains(response, CONNECT_WITH_IC)
+        response = client.get(url)
+        sso_setup.assertContainsButton(response)
         params = {
             "user_kind": UserKind.PRESCRIBER,
             "previous_url": url,
         }
-        inclusion_connect_url = escape(add_url_params(reverse("inclusion_connect:authorize"), params))
-        self.assertContains(response, inclusion_connect_url + '"')
-        self.assertContains(response, "Adresse e-mail")
-        self.assertContains(response, "Mot de passe")
+        sso_url = escape(add_url_params(sso_setup.authorize_url, params))
+        assertContains(response, sso_url + '"')
+        assertContains(response, "Adresse e-mail")
+        assertContains(response, "Mot de passe")
 
         url_with_next = add_url_params(reverse("login:prescriber"), {"next": "/next_url"})
-        response = self.client.get(url_with_next)
+        response = client.get(url_with_next)
         params = {
             "user_kind": UserKind.PRESCRIBER,
             "previous_url": url_with_next,
             "next_url": "/next_url",
         }
-        inclusion_connect_url = escape(add_url_params(reverse("inclusion_connect:authorize"), params))
-        self.assertContains(response, inclusion_connect_url + '"')
+        sso_url = escape(add_url_params(sso_setup.authorize_url, params))
+        assertContains(response, sso_url + '"')
 
-    def test_login_using_django(self):
+    @sso_parametrize
+    def test_login_using_django(self, client, sso_setup):
         user = PrescriberFactory(identity_provider=IdentityProvider.DJANGO)
         url = reverse("login:prescriber")
-        response = self.client.get(url)
+        response = client.get(url)
         assert response.status_code == 200
 
         form_data = {
             "login": user.email,
             "password": DEFAULT_PASSWORD,
         }
-        response = self.client.post(url, data=form_data)
-        self.assertRedirects(response, reverse("account_email_verification_sent"))
+        response = client.post(url, data=form_data)
+        assertRedirects(response, reverse("account_email_verification_sent"))
 
-    def test_login_using_django_but_has_sso_provider(self):
-        user = PrescriberFactory(identity_provider=users_enums.IdentityProvider.INCLUSION_CONNECT)
+    @sso_parametrize
+    def test_login_using_django_but_has_sso_provider(self, client, sso_setup):
+        user = PrescriberFactory(identity_provider=sso_setup.identity_provider)
         url = reverse("login:prescriber")
-        response = self.client.get(url)
+        response = client.get(url)
         assert response.status_code == 200
 
         form_data = {
             "login": user.email,
             "password": "a",
         }
-        response = self.client.post(url, data=form_data)
-        self.assertContains(
-            response, "Votre compte est relié à Inclusion Connect. Merci de vous connecter avec ce service."
+        response = client.post(url, data=form_data)
+        assertContains(
+            response,
+            f"Votre compte est relié à {sso_setup.identity_provider.label}. "
+            "Merci de vous connecter avec ce service.",
         )
 
 
-class EmployerLoginTest(InclusionConnectBaseTestCase):
-    def test_login_options(self):
+class TestEmployerLogin:
+    @sso_parametrize
+    def test_login_options(self, client, sso_setup):
         url = reverse("login:employer")
-        response = self.client.get(url)
-        self.assertContains(response, CONNECT_WITH_IC)
+        response = client.get(url)
+        sso_setup.assertContainsButton(response)
         params = {
             "user_kind": UserKind.EMPLOYER,
             "previous_url": url,
         }
-        inclusion_connect_url = escape(add_url_params(reverse("inclusion_connect:authorize"), params))
-        self.assertContains(response, inclusion_connect_url + '"')
-        self.assertContains(response, "Adresse e-mail")
-        self.assertContains(response, "Mot de passe")
+        inclusion_connect_url = escape(add_url_params(sso_setup.authorize_url, params))
+        assertContains(response, inclusion_connect_url + '"')
+        assertContains(response, "Adresse e-mail")
+        assertContains(response, "Mot de passe")
 
         url_with_next = add_url_params(reverse("login:employer"), {"next": "/next_url"})
-        response = self.client.get(url_with_next)
+        response = client.get(url_with_next)
         params = {
             "user_kind": UserKind.EMPLOYER,
             "previous_url": url_with_next,
             "next_url": "/next_url",
         }
-        inclusion_connect_url = escape(add_url_params(reverse("inclusion_connect:authorize"), params))
-        self.assertContains(response, inclusion_connect_url + '"')
+        inclusion_connect_url = escape(add_url_params(sso_setup.authorize_url, params))
+        assertContains(response, inclusion_connect_url + '"')
 
-    def test_login_using_django(self):
+    @sso_parametrize
+    def test_login_using_django(self, client, sso_setup):
         user = EmployerFactory(identity_provider=IdentityProvider.DJANGO)
         url = reverse("login:employer")
-        response = self.client.get(url)
+        response = client.get(url)
         assert response.status_code == 200
 
         form_data = {
             "login": user.email,
             "password": DEFAULT_PASSWORD,
         }
-        response = self.client.post(url, data=form_data)
-        self.assertRedirects(response, reverse("account_email_verification_sent"))
+        response = client.post(url, data=form_data)
+        assertRedirects(response, reverse("account_email_verification_sent"))
 
-    def test_login_using_django_but_has_sso_provider(self):
-        user = EmployerFactory(identity_provider=users_enums.IdentityProvider.INCLUSION_CONNECT)
+    @sso_parametrize
+    def test_login_using_django_but_has_sso_provider(self, client, sso_setup):
+        user = EmployerFactory(identity_provider=sso_setup.identity_provider)
         url = reverse("login:employer")
-        response = self.client.get(url)
+        response = client.get(url)
         assert response.status_code == 200
 
         form_data = {
             "login": user.email,
             "password": "a",
         }
-        response = self.client.post(url, data=form_data)
-        self.assertContains(
-            response, "Votre compte est relié à Inclusion Connect. Merci de vous connecter avec ce service."
+        response = client.post(url, data=form_data)
+        assertContains(
+            response,
+            f"Votre compte est relié à {sso_setup.identity_provider.label}. "
+            "Merci de vous connecter avec ce service.",
         )
 
 
@@ -178,6 +189,7 @@ def test_login_options(self):
         url = reverse("login:labor_inspector")
         response = self.client.get(url)
         self.assertNotContains(response, CONNECT_WITH_IC)
+        self.assertNotContains(response, PRO_CONNECT_BTN)
         self.assertContains(response, "Adresse e-mail")
         self.assertContains(response, "Mot de passe")
 
diff --git a/tests/www/signup/test_prescriber.py b/tests/www/signup/test_prescriber.py
index 3bdde65e11..7325a00f71 100644
--- a/tests/www/signup/test_prescriber.py
+++ b/tests/www/signup/test_prescriber.py
@@ -1,17 +1,23 @@
-from unittest import mock
-
 import httpx
+import pytest
 import respx
 from django.conf import settings
 from django.contrib import auth, messages
-from django.contrib.messages.test import MessagesTestMixin
 from django.core import mail
-from django.test import override_settings
 from django.urls import reverse
 from django.utils.html import escape
 from django.utils.http import urlencode
+from pytest_django.asserts import (
+    assertContains,
+    assertMessages,
+    assertNotContains,
+    assertRedirects,
+    assertTemplateNotUsed,
+    assertTemplateUsed,
+)
 
 from itou.openid_connect.inclusion_connect.constants import INCLUSION_CONNECT_SESSION_KEY
+from itou.openid_connect.pro_connect.constants import PRO_CONNECT_SESSION_KEY
 from itou.prescribers.enums import PrescriberAuthorizationStatus, PrescriberOrganizationKind
 from itou.prescribers.models import PrescriberMembership, PrescriberOrganization
 from itou.users.enums import KIND_PRESCRIBER, UserKind
@@ -19,11 +25,9 @@
 from itou.utils import constants as global_constants
 from itou.utils.mocks.api_entreprise import ETABLISSEMENT_API_RESULT_MOCK, INSEE_API_RESULT_MOCK
 from itou.utils.mocks.geocoding import BAN_GEOCODING_API_RESULT_MOCK
-from itou.utils.templatetags.theme_inclusion import static_theme_images
 from itou.utils.urls import add_url_params
 from itou.www.signup.forms import PrescriberChooseKindForm
-from tests.openid_connect.inclusion_connect.test import InclusionConnectBaseTestCase
-from tests.openid_connect.inclusion_connect.tests import OIDC_USERINFO, mock_oauth_dance
+from tests.openid_connect.test import sso_parametrize
 from tests.prescribers.factories import (
     PrescriberOrganizationFactory,
     PrescriberOrganizationWithMembershipFactory,
@@ -33,16 +37,16 @@
 from tests.utils.test import ItouClient
 
 
-@override_settings(
-    API_INSEE_BASE_URL="https://insee.fake",
-    API_INSEE_SIRENE_BASE_URL="https://entreprise.fake",
-    API_INSEE_CONSUMER_KEY="foo",
-    API_INSEE_CONSUMER_SECRET="bar",
-)
-class PrescriberSignupTest(InclusionConnectBaseTestCase):
-    def setUp(self):
-        super().setUp()
+@pytest.fixture(autouse=True)
+def setup_api_insee(settings):
+    settings.API_INSEE_BASE_URL = "https://insee.fake"
+    settings.API_INSEE_SIRENE_BASE_URL = "https://entreprise.fake"
+    settings.API_INSEE_CONSUMER_KEY = "foo"
+    settings.API_INSEE_CONSUMER_SECRET = "bar"
+
 
+class TestPrescriberSignup:
+    def setup_method(self):
         respx.post(f"{settings.API_INSEE_BASE_URL}/token").mock(
             return_value=httpx.Response(200, json=INSEE_API_RESULT_MOCK)
         )
@@ -50,47 +54,49 @@ def setUp(self):
             return_value=httpx.Response(200, json=ETABLISSEMENT_API_RESULT_MOCK)
         )
 
-    def test_choose_user_kind(self):
+    def test_choose_user_kind(self, client):
         url = reverse("signup:choose_user_kind")
-        response = self.client.get(url)
-        self.assertContains(response, "Prescripteur / Orienteur")
+        response = client.get(url)
+        assertContains(response, "Prescripteur / Orienteur")
 
-        response = self.client.post(url, data={"kind": UserKind.PRESCRIBER})
-        self.assertRedirects(response, reverse("signup:prescriber_check_already_exists"))
+        response = client.post(url, data={"kind": UserKind.PRESCRIBER})
+        assertRedirects(response, reverse("signup:prescriber_check_already_exists"))
 
+    @sso_parametrize
     @respx.mock
-    def test_create_user_prescriber_member_of_france_travail(self):
+    def test_create_user_prescriber_member_of_france_travail(self, client, sso_setup):
         organization = PrescriberPoleEmploiFactory()
 
         # Go through each step to ensure session data is recorded properly.
         # Step 1: the user works for PE follows PE link
         url = reverse("signup:prescriber_check_already_exists")
-        response = self.client.get(url)
+        response = client.get(url)
         safir_step_url = reverse("signup:prescriber_pole_emploi_safir_code")
-        self.assertContains(response, safir_step_url)
+        assertContains(response, safir_step_url)
 
         # Step 2: find PE organization by SAFIR code.
-        response = self.client.get(url)
+        response = client.get(url)
         post_data = {"safir_code": organization.code_safir_pole_emploi}
-        response = self.client.post(safir_step_url, data=post_data)
+        response = client.post(safir_step_url, data=post_data)
 
         # Step 3: check email
         url = reverse("signup:prescriber_check_pe_email")
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
         post_data = {"email": "athos@lestroismousquetaires.com"}
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
         assert response.status_code == 200
         assert response.context["form"].errors.get("email")
 
         email = f"athos{global_constants.FRANCE_TRAVAIL_EMAIL_SUFFIX}"
         post_data = {"email": email}
-        response = self.client.post(url, data=post_data)
-        self.assertRedirects(response, reverse("signup:prescriber_pole_emploi_user"))
-        session_data = self.client.session[global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY]
+        response = client.post(url, data=post_data)
+        assertRedirects(response, reverse("signup:prescriber_pole_emploi_user"))
+        session_data = client.session[global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY]
         assert email == session_data.get("email")
 
-        response = self.client.get(response.url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(response.url)
+        sso_setup.assertContainsButton(response)
+
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:prescriber_pole_emploi_user")
         next_url = reverse("signup:prescriber_join_org")
@@ -100,12 +106,12 @@ def test_create_user_prescriber_member_of_france_travail(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         # Connect with Inclusion Connect but no safir code is returned
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             user_email=email,
             channel="pole_emploi",
@@ -114,13 +120,13 @@ def test_create_user_prescriber_member_of_france_travail(self):
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         # Organization
-        assert self.client.session.get(global_constants.ITOU_SESSION_CURRENT_ORGANIZATION_KEY) == organization.pk
-        response = self.client.get(reverse("dashboard:index"))
-        self.assertContains(response, f"Code SAFIR {organization.code_safir_pole_emploi}")
+        assert client.session.get(global_constants.ITOU_SESSION_CURRENT_ORGANIZATION_KEY) == organization.pk
+        response = client.get(reverse("dashboard:index"))
+        assertContains(response, f"Code SAFIR {organization.code_safir_pole_emploi}")
 
         user = User.objects.get(email=email)
         assert user.kind == UserKind.PRESCRIBER
@@ -141,9 +147,12 @@ def test_create_user_prescriber_member_of_france_travail(self):
         # No email has been sent to support (validation/refusal of authorisation not needed).
         assert len(mail.outbox) == 0
 
+    @sso_parametrize
     @respx.mock
-    @mock.patch("itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK)
-    def test_create_user_prescriber_with_authorized_org_returns_on_other_browser(self, mock_call_ban_geocoding_api):
+    def test_create_user_prescriber_with_authorized_org_returns_on_other_browser(self, client, mocker, sso_setup):
+        mock_call_ban_geocoding_api = mocker.patch(
+            "itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK
+        )
         siret = "26570134200148"
 
         # Step 1: search organizations with SIRET
@@ -152,22 +161,23 @@ def test_create_user_prescriber_with_authorized_org_returns_on_other_browser(sel
             "siret": siret,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         # Step 2: ask the user to choose the organization he's working for in a pre-existing list.
         url = reverse("signup:prescriber_choose_org", kwargs={"siret": siret})
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
         post_data = {
             "kind": PrescriberOrganizationKind.CAP_EMPLOI.value,
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
         mock_call_ban_geocoding_api.assert_called_once()
 
         # Step 3: Inclusion Connect button
         url = reverse("signup:prescriber_user")
-        self.assertRedirects(response, url)
-        response = self.client.get(url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        assertRedirects(response, url)
+        response = client.get(url)
+        sso_setup.assertContainsButton(response)
+
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:prescriber_user")
         next_url = reverse("signup:prescriber_join_org")
@@ -176,12 +186,12 @@ def test_create_user_prescriber_with_authorized_org_returns_on_other_browser(sel
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         other_client = ItouClient()
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
             next_url=next_url,
@@ -189,10 +199,10 @@ def test_create_user_prescriber_with_authorized_org_returns_on_other_browser(sel
         )
         # Follow the redirection.
         response = other_client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         # Check `User` state.
-        user = User.objects.get(email=OIDC_USERINFO["email"])
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
         assert user.kind == UserKind.PRESCRIBER
 
         # Emails are not checked in Django anymore.
@@ -214,13 +224,15 @@ def test_create_user_prescriber_with_authorized_org_returns_on_other_browser(sel
         subject = mail.outbox[0].subject
         assert "Vérification de l'habilitation d'une nouvelle organisation" in subject
 
+    @sso_parametrize
     @respx.mock
-    @mock.patch("itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK)
-    def test_create_user_prescriber_with_authorized_org_of_known_kind(self, mock_call_ban_geocoding_api):
+    def test_create_user_prescriber_with_authorized_org_of_known_kind(self, client, mocker, sso_setup):
         """
         Test the creation of a user of type prescriber with an authorized organization of *known* kind.
         """
-
+        mock_call_ban_geocoding_api = mocker.patch(
+            "itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK
+        )
         siret = "26570134200148"
 
         # Step 1: search organizations with SIRET
@@ -229,22 +241,23 @@ def test_create_user_prescriber_with_authorized_org_of_known_kind(self, mock_cal
             "siret": siret,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         # Step 2: ask the user to choose the organization he's working for in a pre-existing list.
         url = reverse("signup:prescriber_choose_org", kwargs={"siret": siret})
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
         post_data = {
             "kind": PrescriberOrganizationKind.CAP_EMPLOI.value,
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
         mock_call_ban_geocoding_api.assert_called_once()
 
         # Step 3: Inclusion Connect button
         url = reverse("signup:prescriber_user")
-        self.assertRedirects(response, url)
-        response = self.client.get(url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        assertRedirects(response, url)
+        response = client.get(url)
+        sso_setup.assertContainsButton(response)
+
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:prescriber_user")
         next_url = reverse("signup:prescriber_join_org")
@@ -253,21 +266,21 @@ def test_create_user_prescriber_with_authorized_org_of_known_kind(self, mock_cal
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         # Check `User` state.
-        user = User.objects.get(email=OIDC_USERINFO["email"])
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
         assert user.kind == UserKind.PRESCRIBER
 
         # Emails are not checked in Django anymore.
@@ -292,13 +305,15 @@ def test_create_user_prescriber_with_authorized_org_of_known_kind(self, mock_cal
         assert f"- ID : {org.pk}" in body_lines
         assert "- Type sélectionné par l’utilisateur : Cap emploi" in body_lines
 
+    @sso_parametrize
     @respx.mock
-    @mock.patch("itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK)
-    def test_create_user_prescriber_with_authorized_org_of_unknown_kind(self, mock_call_ban_geocoding_api):
+    def test_create_user_prescriber_with_authorized_org_of_unknown_kind(self, client, mocker, sso_setup):
         """
         Test the creation of a user of type prescriber with an authorized organization of *unknown* kind.
         """
-
+        mock_call_ban_geocoding_api = mocker.patch(
+            "itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK
+        )
         siret = "26570134200148"
 
         # Step 1: search organizations with SIRET
@@ -307,38 +322,39 @@ def test_create_user_prescriber_with_authorized_org_of_unknown_kind(self, mock_c
             "siret": siret,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         # Step 2: set 'other' organization.
         url = reverse("signup:prescriber_choose_org", kwargs={"siret": siret})
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
         post_data = {
             "kind": PrescriberOrganizationKind.OTHER.value,
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
         mock_call_ban_geocoding_api.assert_called_once()
 
         # Step 3: ask the user his kind of prescriber.
         url = reverse("signup:prescriber_choose_kind")
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
         post_data = {
             "kind": PrescriberChooseKindForm.KIND_AUTHORIZED_ORG,
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         # Step 4: ask the user to confirm the "authorized" character of his organization.
         url = reverse("signup:prescriber_confirm_authorization")
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
         post_data = {
             "confirm_authorization": 1,
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         # Step 5: Inclusion Connect button
         url = reverse("signup:prescriber_user")
-        self.assertRedirects(response, url)
-        response = self.client.get(url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        assertRedirects(response, url)
+        response = client.get(url)
+        sso_setup.assertContainsButton(response)
+
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:prescriber_user")
         next_url = reverse("signup:prescriber_join_org")
@@ -347,22 +363,22 @@ def test_create_user_prescriber_with_authorized_org_of_unknown_kind(self, mock_c
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         previous_url = reverse("signup:prescriber_user")
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         # Check `User` state.
-        user = User.objects.get(email=OIDC_USERINFO["email"])
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
         assert user.kind == UserKind.PRESCRIBER
 
         # Emails are not checked in Django anymore.
@@ -384,13 +400,15 @@ def test_create_user_prescriber_with_authorized_org_of_unknown_kind(self, mock_c
         subject = mail.outbox[0].subject
         assert "Vérification de l'habilitation d'une nouvelle organisation" in subject
 
+    @sso_parametrize
     @respx.mock
-    @mock.patch("itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK)
-    def test_create_user_prescriber_with_unauthorized_org(self, mock_call_ban_geocoding_api):
+    def test_create_user_prescriber_with_unauthorized_org(self, client, mocker, sso_setup):
         """
         Test the creation of a user of type prescriber with an unauthorized organization.
         """
-
+        mock_call_ban_geocoding_api = mocker.patch(
+            "itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK
+        )
         siret = "26570134200148"
 
         # Step 1: search organizations with SIRET
@@ -399,30 +417,31 @@ def test_create_user_prescriber_with_unauthorized_org(self, mock_call_ban_geocod
             "siret": siret,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         # Step 2: select kind of organization.
         url = reverse("signup:prescriber_choose_org", kwargs={"siret": siret})
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
         post_data = {
             "kind": PrescriberOrganizationKind.OTHER.value,
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
         mock_call_ban_geocoding_api.assert_called_once()
 
         # Step 3: select the kind of prescriber 'UNAUTHORIZED'.
         url = reverse("signup:prescriber_choose_kind")
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
         post_data = {
             "kind": PrescriberChooseKindForm.KIND_UNAUTHORIZED_ORG,
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         # Step 4: Inclusion Connect button
         url = reverse("signup:prescriber_user")
-        self.assertRedirects(response, url)
-        response = self.client.get(url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        assertRedirects(response, url)
+        response = client.get(url)
+        sso_setup.assertContainsButton(response)
+
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:prescriber_user")
         next_url = reverse("signup:prescriber_join_org")
@@ -431,21 +450,21 @@ def test_create_user_prescriber_with_unauthorized_org(self, mock_call_ban_geocod
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         # Check `User` state.
-        user = User.objects.get(email=OIDC_USERINFO["email"])
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
         assert user.kind == UserKind.PRESCRIBER
 
         # Emails are not checked in Django anymore.
@@ -465,7 +484,7 @@ def test_create_user_prescriber_with_unauthorized_org(self, mock_call_ban_geocod
         # No email has been sent to support (validation/refusal of authorisation not needed).
         assert len(mail.outbox) == 0
 
-    def test_create_user_prescriber_with_existing_siren_other_department(self):
+    def test_create_user_prescriber_with_existing_siren_other_department(self, client):
         """
         Test the creation of a user of type prescriber with existing SIREN but in an other department
         """
@@ -484,13 +503,13 @@ def test_create_user_prescriber_with_existing_siren_other_department(self):
             "siret": siret2,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         # Step 2: redirect to kind of organization selection.
         url = reverse("signup:prescriber_choose_org", kwargs={"siret": siret2})
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
 
-    def test_create_user_prescriber_with_existing_siren_same_department(self):
+    def test_create_user_prescriber_with_existing_siren_same_department(self, client):
         """
         Test the creation of a user of type prescriber with existing SIREN in a same department
         """
@@ -507,8 +526,8 @@ def test_create_user_prescriber_with_existing_siren_same_department(self):
             "siret": siret2,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
-        self.assertContains(response, existing_org_with_siret.display_name)
+        response = client.post(url, data=post_data)
+        assertContains(response, existing_org_with_siret.display_name)
 
         # Request for an invitation link.
         prescriber_membership = (
@@ -518,15 +537,15 @@ def test_create_user_prescriber_with_existing_siren_same_department(self):
             .order_by("-is_admin", "joined_at")
             .first()
         )
-        self.assertContains(
+        assertContains(
             response,
             reverse("signup:prescriber_request_invitation", kwargs={"membership_id": prescriber_membership.id}),
         )
 
         # New organization link.
-        self.assertContains(response, reverse("signup:prescriber_choose_org"))
+        assertContains(response, reverse("signup:prescriber_choose_org"))
 
-    def test_create_user_prescriber_with_existing_siren_without_member(self):
+    def test_create_user_prescriber_with_existing_siren_without_member(self, client):
         """
         Test the creation of a user of type prescriber with existing organization does not have a member
         """
@@ -542,47 +561,48 @@ def test_create_user_prescriber_with_existing_siren_without_member(self):
             "siret": siret2,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         url = reverse("signup:prescriber_choose_org", kwargs={"siret": siret2})
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
 
+    @sso_parametrize
     @respx.mock
-    def test_create_user_prescriber_without_org(self):
+    def test_create_user_prescriber_without_org(self, client, sso_setup):
         """
         Test the creation of a user of type prescriber without organization.
         """
-
         # Step 1: the user clicks on "No organization" in search of organization
         # (SIREN and department).
         url = reverse("signup:prescriber_check_already_exists")
-        response = self.client.get(url)
+        response = client.get(url)
 
         # Step 2: Inclusion Connect button
         url = reverse("signup:prescriber_user")
-        self.assertContains(response, url)
-        response = self.client.get(url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        assertContains(response, url)
+        response = client.get(url)
+        sso_setup.assertContainsButton(response)
+
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:prescriber_user")
         params = {
             "user_kind": KIND_PRESCRIBER,
             "previous_url": previous_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         # Check `User` state.
-        user = User.objects.get(email=OIDC_USERINFO["email"])
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
         assert user.kind == UserKind.PRESCRIBER
 
         # Emails are not checked in Django anymore.
@@ -594,9 +614,9 @@ def test_create_user_prescriber_without_org(self):
         # No email has been sent to support (validation/refusal of authorisation not needed).
         assert len(mail.outbox) == 0
 
+    @sso_parametrize
     @respx.mock
-    @mock.patch("itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK)
-    def test_create_user_prescriber_with_same_siret_and_different_kind(self, mock_call_ban_geocoding_api):
+    def test_create_user_prescriber_with_same_siret_and_different_kind(self, client, mocker, sso_setup):
         """
         A user can create a new prescriber organization with an existing SIRET number,
         provided that:
@@ -607,7 +627,9 @@ def test_create_user_prescriber_with_same_siret_and_different_kind(self, mock_ca
         - user can't create 2 PLIE with the same SIRET
         - user can create a PLIE and a ML with the same SIRET
         """
-
+        mock_call_ban_geocoding_api = mocker.patch(
+            "itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK
+        )
         # Same SIRET as mock.
         siret = "26570134200148"
         respx.get(f"{settings.API_INSEE_SIRENE_BASE_URL}/siret/{siret}").mock(
@@ -621,20 +643,21 @@ def test_create_user_prescriber_with_same_siret_and_different_kind(self, mock_ca
             "siret": siret,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
-        self.assertContains(response, existing_org_with_siret.display_name)
+        response = client.post(url, data=post_data)
+        assertContains(response, existing_org_with_siret.display_name)
 
         # Step 2: Select kind
         url = reverse("signup:prescriber_choose_org", kwargs={"siret": siret})
         post_data = {"kind": PrescriberOrganizationKind.PLIE.value}
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
         mock_call_ban_geocoding_api.assert_called_once()
 
         # Step 3: Inclusion Connect button
         url = reverse("signup:prescriber_user")
-        self.assertRedirects(response, url)
-        response = self.client.get(url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        assertRedirects(response, url)
+        response = client.get(url)
+        sso_setup.assertContainsButton(response)
+
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:prescriber_user")
         next_url = reverse("signup:prescriber_join_org")
@@ -643,18 +666,18 @@ def test_create_user_prescriber_with_same_siret_and_different_kind(self, mock_ca
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         # Check new org is OK.
         same_siret_orgs = PrescriberOrganization.objects.filter(siret=siret).order_by("kind").all()
@@ -663,15 +686,17 @@ def test_create_user_prescriber_with_same_siret_and_different_kind(self, mock_ca
         assert PrescriberOrganizationKind.ML.value == org1.kind
         assert PrescriberOrganizationKind.PLIE.value == org2.kind
 
+    @sso_parametrize
     @respx.mock
-    @mock.patch("itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK)
-    def test_create_user_prescriber_with_same_siret_and_same_kind(self, mock_call_ban_geocoding_api):
+    def test_create_user_prescriber_with_same_siret_and_same_kind(self, client, mocker, sso_setup):
         """
         A user can't create a new prescriber organization with an existing SIRET number if:
         * the kind of the new organization is the same as an existing one
         * there is no duplicate of the (kind, siret) pair
         """
-
+        mock_call_ban_geocoding_api = mocker.patch(
+            "itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK
+        )
         # Same SIRET as mock but with same expected kind.
         siret = "26570134200148"
         respx.get(f"{settings.API_INSEE_SIRENE_BASE_URL}/siret/{siret}").mock(
@@ -684,19 +709,19 @@ def test_create_user_prescriber_with_same_siret_and_same_kind(self, mock_call_ba
             "siret": siret,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
-        self.assertContains(response, prescriber_organization.display_name)
+        assertContains(response, prescriber_organization.display_name)
 
         url = reverse("signup:prescriber_choose_org", kwargs={"siret": siret})
         post_data = {
             "kind": PrescriberOrganizationKind.PLIE.value,
         }
-        response = self.client.post(url, data=post_data)
-        self.assertContains(response, "utilise déjà ce type d'organisation avec le même SIRET")
+        response = client.post(url, data=post_data)
+        assertContains(response, "utilise déjà ce type d'organisation avec le même SIRET")
         mock_call_ban_geocoding_api.assert_called_once()
 
-    def test_form_to_request_for_an_invitation(self):
+    def test_form_to_request_for_an_invitation(self, client):
         siret = "26570134200148"
         prescriber_org = PrescriberOrganizationWithMembershipFactory(siret=siret)
         prescriber_membership = prescriber_org.prescribermembership_set.first()
@@ -706,18 +731,18 @@ def test_form_to_request_for_an_invitation(self):
             "siret": prescriber_org.siret,
             "department": prescriber_org.department,
         }
-        response = self.client.post(url, data=post_data)
-        self.assertContains(response, prescriber_org.display_name)
+        response = client.post(url, data=post_data)
+        assertContains(response, prescriber_org.display_name)
 
         url = reverse("signup:prescriber_request_invitation", kwargs={"membership_id": prescriber_membership.id})
-        response = self.client.get(url)
-        self.assertContains(response, prescriber_org.display_name)
+        response = client.get(url)
+        assertContains(response, prescriber_org.display_name)
 
-        response = self.client.post(url, data={"first_name": "Bertrand", "last_name": "Martin", "email": "beber"})
-        self.assertContains(response, "Saisissez une adresse e-mail valide.")
+        response = client.post(url, data={"first_name": "Bertrand", "last_name": "Martin", "email": "beber"})
+        assertContains(response, "Saisissez une adresse e-mail valide.")
 
         requestor = {"first_name": "Bertrand", "last_name": "Martin", "email": "bertand@wahoo.fr"}
-        response = self.client.post(url, data=requestor)
+        response = client.post(url, data=requestor)
         assert response.status_code == 302
 
         assert len(mail.outbox) == 1
@@ -729,54 +754,57 @@ def test_form_to_request_for_an_invitation(self):
         invitation_url = f'{reverse("invitations_views:invite_prescriber_with_org")}?{urlencode(requestor)}'
         assert invitation_url in mail_body
 
+    @sso_parametrize
     @respx.mock
-    def test_prescriber_already_exists__simple_signup(self):
+    def test_prescriber_already_exists__simple_signup(self, client, sso_setup):
         """
         He does not want to join an organization, only create an account.
         He likely forgot he had an account.
         He will be logged in instead as if he just used the login through IC button
         """
         #### User is a prescriber. Update it and connect. ####
-        PrescriberFactory(email=OIDC_USERINFO["email"], username=OIDC_USERINFO["sub"])
-        self.client.get(reverse("signup:prescriber_check_already_exists"))
+        PrescriberFactory(email=sso_setup.oidc_userinfo["email"], username=sso_setup.oidc_userinfo["sub"])
+        client.get(reverse("signup:prescriber_check_already_exists"))
 
         # Step 2: register as a simple prescriber (orienteur).
-        response = self.client.get(reverse("signup:prescriber_user"))
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(reverse("signup:prescriber_user"))
+        sso_setup.assertContainsButton(response)
+
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:prescriber_user")
         params = {
             "user_kind": KIND_PRESCRIBER,
             "previous_url": previous_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         # Connect with Inclusion Connect.
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
-        user = User.objects.get(email=OIDC_USERINFO["email"])
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
         assert user.has_sso_provider
 
+    @sso_parametrize
     @respx.mock
-    def test_prescriber_already_exists__create_organization(self):
+    def test_prescriber_already_exists__create_organization(self, client, sso_setup):
         """
         User is already a prescriber.
         We should update his account and make him join this new organization.
         """
         org = PrescriberOrganizationFactory.build(kind=PrescriberOrganizationKind.OTHER)
-        user = PrescriberFactory(email=OIDC_USERINFO["email"], username=OIDC_USERINFO["sub"])
+        user = PrescriberFactory(email=sso_setup.oidc_userinfo["email"], username=sso_setup.oidc_userinfo["sub"])
 
-        self.client.get(reverse("signup:prescriber_check_already_exists"))
+        client.get(reverse("signup:prescriber_check_already_exists"))
 
-        session_signup_data = self.client.session.get(global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY)
+        session_signup_data = client.session.get(global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY)
         # Jump over the last step to avoid double-testing each one
         # as they are already tested on prescriber's signup views.
         # Prescriber's signup process heavily relies on session data.
@@ -802,13 +830,14 @@ def test_prescriber_already_exists__create_organization(self):
             "prescriber_org_data": prescriber_org_data,
         }
 
-        client_session = self.client.session
+        client_session = client.session
         client_session[global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY] = session_signup_data
         client_session.save()
         signup_url = reverse("signup:prescriber_user")
 
-        response = self.client.get(signup_url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(signup_url)
+        sso_setup.assertContainsButton(response)
+
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:prescriber_user")
         next_url = reverse("signup:prescriber_join_org")
@@ -817,19 +846,19 @@ def test_prescriber_already_exists__create_organization(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         # Connect with Inclusion Connect.
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
         # Check organization
         org = PrescriberOrganization.objects.get(siret=org.siret)
@@ -841,11 +870,11 @@ def test_prescriber_already_exists__create_organization(self):
         membership = user.prescribermembership_set.get(organization=org)
         assert membership.is_admin
 
-    @mock.patch("itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK)
-    def test_hidden_organization_kinds(self, _mock_call_ban_geocoding_api):
+    def test_hidden_organization_kinds(self, client, mocker):
         """
         HIDDEN_PRESCRIBER_KINDS should not be displayed or chosen in the form
         """
+        mocker.patch("itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK)
 
         siret = "26570134200148"
 
@@ -855,42 +884,43 @@ def test_hidden_organization_kinds(self, _mock_call_ban_geocoding_api):
             "siret": siret,
             "department": "67",
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
 
         # Step 2: ask the user to choose the organization he's working for in a pre-existing list.
         url = reverse("signup:prescriber_choose_org", kwargs={"siret": siret})
-        self.assertRedirects(response, url)
+        assertRedirects(response, url)
 
-        response = self.client.get(url)
-        self.assertContains(response, PrescriberOrganizationKind.CAP_EMPLOI.value)
-        self.assertNotContains(response, PrescriberOrganizationKind.OHPD.value)
-        self.assertNotContains(response, PrescriberOrganizationKind.OCASF.value)
+        response = client.get(url)
+        assertContains(response, PrescriberOrganizationKind.CAP_EMPLOI.value)
+        assertNotContains(response, PrescriberOrganizationKind.OHPD.value)
+        assertNotContains(response, PrescriberOrganizationKind.OCASF.value)
         # We cannot check for Orienteur since it's also in the template in other places
         # but we can check it's refused in the form
         post_data = {
             "kind": PrescriberOrganizationKind.ORIENTEUR.value,
         }
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
         assert "kind" in response.context["form"].errors
 
 
-class InclusionConnectPrescribersViewsExceptionsTest(MessagesTestMixin, InclusionConnectBaseTestCase):
+class TestProConnectPrescribersViewsExceptions:
     """
     Prescribers' signup and login exceptions: user already exists, ...
     """
 
+    @sso_parametrize
     @respx.mock
-    def test_organization_creation_error(self):
+    def test_organization_creation_error(self, client, sso_setup):
         """
         The organization creation didn't work.
         The user is still created and can try again.
         """
         org = PrescriberOrganizationFactory(kind=PrescriberOrganizationKind.OTHER)
-        user = PrescriberFactory(email=OIDC_USERINFO["email"], username=OIDC_USERINFO["sub"])
+        user = PrescriberFactory(email=sso_setup.oidc_userinfo["email"], username=sso_setup.oidc_userinfo["sub"])
 
-        self.client.get(reverse("signup:prescriber_check_already_exists"))
+        client.get(reverse("signup:prescriber_check_already_exists"))
 
-        session_signup_data = self.client.session.get(global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY)
+        session_signup_data = client.session.get(global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY)
         # Jump over the last step to avoid double-testing each one
         # as they are already tested on prescriber's signup views.
         # Prescriber's signup process heavily relies on session data.
@@ -918,52 +948,56 @@ def test_organization_creation_error(self):
             "prescriber_org_data": prescriber_org_data,
         }
 
-        client_session = self.client.session
+        client_session = client.session
         client_session[global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY] = session_signup_data
         client_session.save()
         signup_url = reverse("signup:prescriber_user")
 
-        response = self.client.get(signup_url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(signup_url)
+        sso_setup.assertContainsButton(response)
 
         # Connect with Inclusion Connect.
         previous_url = reverse("signup:prescriber_user")
         next_url = reverse("signup:prescriber_join_org")
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
             next_url=next_url,
         )
         # Follow the redirection.
-        response = self.client.get(response.url)
-        self.assertRedirects(
+        response = client.get(response.url)
+        assertRedirects(
             response,
-            add_url_params(reverse("inclusion_connect:logout"), {"token": 123456}),
+            add_url_params(sso_setup.logout_url, {"token": 123456}),
             fetch_redirect_response=False,
         )
 
         # The user should be logged out and redirected to the home page.
-        assert not self.client.session.get(INCLUSION_CONNECT_SESSION_KEY)
-        assert not auth.get_user(self.client).is_authenticated
+        assert not client.session.get(INCLUSION_CONNECT_SESSION_KEY)
+        assert not client.session.get(PRO_CONNECT_SESSION_KEY)
+        assert not auth.get_user(client).is_authenticated
 
         # Check user was created but did not join an organisation
-        user = User.objects.get(email=OIDC_USERINFO["email"])
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
         assert not user.prescriberorganization_set.exists()
 
+    @sso_parametrize
     @respx.mock
-    def test_non_prescriber_cant_join_organisation(self):
+    def test_non_prescriber_cant_join_organisation(self, client, sso_setup):
         """
         The organization creation didn't work.
         The user is still created and can try again.
         """
         org = PrescriberOrganizationFactory(kind=PrescriberOrganizationKind.OTHER)
-        EmployerFactory(email=OIDC_USERINFO["email"], username=OIDC_USERINFO["sub"], with_company=True)
+        EmployerFactory(
+            email=sso_setup.oidc_userinfo["email"], username=sso_setup.oidc_userinfo["sub"], with_company=True
+        )
 
-        response = self.client.get(reverse("signup:prescriber_check_already_exists"))
+        response = client.get(reverse("signup:prescriber_check_already_exists"))
         assert response.status_code == 200
 
-        session_signup_data = self.client.session.get(global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY)
+        session_signup_data = client.session.get(global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY)
         # Jump over the last step to avoid double-testing each one
         # as they are already tested on prescriber's signup views.
         # Prescriber's signup process heavily relies on session data.
@@ -991,53 +1025,55 @@ def test_non_prescriber_cant_join_organisation(self):
             "prescriber_org_data": prescriber_org_data,
         }
 
-        client_session = self.client.session
+        client_session = client.session
         client_session[global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY] = session_signup_data
         client_session.save()
         signup_url = reverse("signup:prescriber_user")
 
-        response = self.client.get(signup_url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(signup_url)
+        sso_setup.assertContainsButton(response)
 
         # Connect with Inclusion Connect.
         previous_url = signup_url
         next_url = reverse("signup:prescriber_join_org")
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
             next_url=next_url,
             register=False,
         )
         # Follow the redirection.
-        response = self.client.get(response.url, follow=True)
-        self.assertTemplateNotUsed(response, "welcoming_tour/prescriber.html")
+        response = client.get(response.url, follow=True)
+        assertTemplateNotUsed(response, "welcoming_tour/prescriber.html")
 
         # The user should be redirected to home page with a warning, the session isn't flushed
-        assert self.client.session.get(INCLUSION_CONNECT_SESSION_KEY)
-        assert auth.get_user(self.client).is_authenticated
-        self.assertRedirects(response, reverse("search:employers_home"))
-        self.assertMessages(
+        assert client.session.get(sso_setup.session_key)
+        assert auth.get_user(client).is_authenticated
+        assertRedirects(response, reverse("search:employers_home"))
+        assertMessages(
             response,
             [
                 messages.Message(
                     messages.ERROR,
-                    "Vous ne pouvez pas rejoindre une organisation avec ce compte car vous n'êtes pas prescripteur.",
+                    "Vous ne pouvez pas rejoindre une organisation avec ce compte "
+                    "car vous n'êtes pas prescripteur.",
                 )
             ],
         )
 
+    @sso_parametrize
     @respx.mock
-    def test_employer_already_exists(self):
+    def test_employer_already_exists(self, client, sso_setup):
         """
         User is already a member of an SIAE.
         Raise an exception.
         """
         org = PrescriberOrganizationFactory.build(kind=PrescriberOrganizationKind.OTHER)
-        user = EmployerFactory(email=OIDC_USERINFO["email"], username=OIDC_USERINFO["sub"])
-        self.client.get(reverse("signup:prescriber_check_already_exists"))
+        user = EmployerFactory(email=sso_setup.oidc_userinfo["email"], username=sso_setup.oidc_userinfo["sub"])
+        client.get(reverse("signup:prescriber_check_already_exists"))
 
-        session_signup_data = self.client.session.get(global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY)
+        session_signup_data = client.session.get(global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY)
         # Jump over the last step to avoid double-testing each one
         # as they are already tested on prescriber's signup views.
         # Prescriber's signup process heavily relies on session data.
@@ -1063,50 +1099,52 @@ def test_employer_already_exists(self):
             "prescriber_org_data": prescriber_org_data,
         }
 
-        client_session = self.client.session
+        client_session = client.session
         client_session[global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY] = session_signup_data
         client_session.save()
         signup_url = reverse("signup:prescriber_user")
 
-        response = self.client.get(signup_url)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(signup_url)
+        sso_setup.assertContainsButton(response)
 
         # Connect with Inclusion Connect.
         previous_url = reverse("signup:prescriber_user")
         next_url = reverse("signup:prescriber_join_org")
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             previous_url=previous_url,
             next_url=next_url,
-            expected_redirect_url=add_url_params(reverse("inclusion_connect:logout"), {"redirect_url": previous_url}),
+            expected_redirect_url=add_url_params(sso_setup.logout_url, {"redirect_url": previous_url}),
         )
 
         # IC logout redirects to previous_url
-        response = self.client.get(previous_url)
+        response = client.get(previous_url)
         # Show an error and don't create an organization.
 
-        self.assertMessages(
+        assertMessages(
             response,
             [
                 messages.Message(
                     messages.ERROR,
                     "Un compte employeur existe déjà avec cette adresse e-mail. Vous devez créer un compte "
-                    "Inclusion Connect avec une autre adresse e-mail pour devenir prescripteur sur la plateforme. "
+                    f"{sso_setup.identity_provider.label} avec une autre adresse e-mail pour devenir prescripteur "
+                    "sur la plateforme. "
                     f"Besoin d'aide ? <a href='{global_constants.ITOU_HELP_CENTER_URL}/requests/new' "
                     "target='_blank'>Contactez-nous</a>.",
                 )
             ],
         )
 
-        user = User.objects.get(email=OIDC_USERINFO["email"])
-        assert user.first_name != OIDC_USERINFO["given_name"]
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
+        assert user.first_name != sso_setup.oidc_userinfo["given_name"]
         organization_exists = PrescriberOrganization.objects.filter(siret=org.siret).exists()
         assert not organization_exists
         assert not user.prescriberorganization_set.exists()
 
+    @sso_parametrize
     @respx.mock
-    def test_prescriber_signup__pe_organization_wrong_email(self):
+    def test_prescriber_signup__pe_organization_wrong_email(self, client, sso_setup):
         """
         A user creates a prescriber account on Itou with Inclusion Connect.
         He wants to join a Pôle emploi organization
@@ -1117,54 +1155,54 @@ def test_prescriber_signup__pe_organization_wrong_email(self):
 
         # Go through each step to ensure session data is recorded properly.
         # Step 1: choose organization kind or go to the "no organization" page.
-        self.client.get(reverse("signup:prescriber_check_already_exists"))
+        client.get(reverse("signup:prescriber_check_already_exists"))
 
         # Step 2: find PE organization by SAFIR code.
         safir_step_url = reverse("signup:prescriber_pole_emploi_safir_code")
-        response = self.client.get(safir_step_url)
+        response = client.get(safir_step_url)
         post_data = {"safir_code": pe_org.code_safir_pole_emploi}
-        response = self.client.post(safir_step_url, data=post_data, follow=True)
+        response = client.post(safir_step_url, data=post_data, follow=True)
 
         # Step 3: check email
         check_email_url = reverse("signup:prescriber_check_pe_email")
         post_data = {"email": pe_email}
-        response = self.client.post(check_email_url, data=post_data, follow=True)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.post(check_email_url, data=post_data, follow=True)
+        sso_setup.assertContainsButton(response)
 
         # Connect with Inclusion Connect but, this time, don't use a PE email.
         previous_url = reverse("signup:prescriber_pole_emploi_user")
         next_url = reverse("signup:prescriber_join_org")
         wrong_email = "athos@touspourun.com"
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_PRESCRIBER,
             user_email=pe_email,
             channel="pole_emploi",
             previous_url=previous_url,
             next_url=next_url,
             user_info_email=wrong_email,
-            expected_redirect_url=add_url_params(reverse("inclusion_connect:logout"), {"redirect_url": previous_url}),
+            expected_redirect_url=add_url_params(sso_setup.logout_url, {"redirect_url": previous_url}),
         )
 
         # IC logout redirects to previous_url
-        response = self.client.get(previous_url)
-        self.assertMessages(
+        response = client.get(previous_url)
+        assertMessages(
             response,
             [
                 messages.Message(
                     messages.ERROR,
                     "L’adresse e-mail que vous avez utilisée pour vous connecter avec "
-                    "Inclusion Connect (athos@touspourun.com) est différente de celle que vous avez "
-                    "indiquée précédemment (athos@pole-emploi.fr).",
+                    f"{sso_setup.identity_provider.label} (athos@touspourun.com) est différente de celle que vous "
+                    "avez indiquée précédemment (athos@pole-emploi.fr).",
                 )
             ],
         )
 
         # Organization
-        assert not self.client.session.get(global_constants.ITOU_SESSION_CURRENT_ORGANIZATION_KEY)
+        assert not client.session.get(global_constants.ITOU_SESSION_CURRENT_ORGANIZATION_KEY)
         assert not User.objects.filter(email=pe_email).exists()
 
-    def test_permission_denied_when_skiping_first_step(self):
+    def test_permission_denied_when_skiping_first_step(self, client, subtests):
         urls = [
             reverse("signup:prescriber_request_invitation", kwargs={"membership_id": 1}),
             reverse("signup:prescriber_choose_org"),
@@ -1177,6 +1215,6 @@ def test_permission_denied_when_skiping_first_step(self):
             reverse("signup:prescriber_join_org"),
         ]
         for url in urls:
-            with self.subTest(url=url):
-                response = self.client.get(url)
+            with subtests.test(url=url):
+                response = client.get(url)
                 assert response.status_code == 403
diff --git a/tests/www/signup/test_siae.py b/tests/www/signup/test_siae.py
index 894c44ef72..2f8c161d48 100644
--- a/tests/www/signup/test_siae.py
+++ b/tests/www/signup/test_siae.py
@@ -1,16 +1,12 @@
-from unittest import mock
-
 import httpx
 import respx
-from django.conf import settings
 from django.contrib import messages
-from django.contrib.messages.test import MessagesTestMixin
 from django.core import mail
-from django.test import override_settings
 from django.urls import reverse
 from django.utils.html import escape
 from django.utils.http import urlencode
 from freezegun import freeze_time
+from pytest_django.asserts import assertContains, assertMessages, assertNumQueries, assertRedirects
 
 from itou.companies.enums import CompanyKind
 from itou.companies.models import Company
@@ -20,27 +16,26 @@
 from itou.utils.mocks.api_entreprise import ETABLISSEMENT_API_RESULT_MOCK, INSEE_API_RESULT_MOCK
 from itou.utils.mocks.geocoding import BAN_GEOCODING_API_RESULT_MOCK
 from itou.utils.templatetags.format_filters import format_siret
-from itou.utils.templatetags.theme_inclusion import static_theme_images
 from itou.utils.urls import get_tally_form_url
 from tests.companies.factories import CompanyFactory, CompanyMembershipFactory, CompanyWithMembershipAndJobsFactory
-from tests.openid_connect.inclusion_connect.test import InclusionConnectBaseTestCase
-from tests.openid_connect.inclusion_connect.tests import OIDC_USERINFO, mock_oauth_dance
+from tests.openid_connect.test import sso_parametrize
 from tests.users.factories import DEFAULT_PASSWORD, EmployerFactory, PrescriberFactory
-from tests.utils.test import BASE_NUM_QUERIES, ItouClient, TestCase
+from tests.utils.test import BASE_NUM_QUERIES, ItouClient
 
 
-class CompanySignupTest(MessagesTestMixin, InclusionConnectBaseTestCase):
-    def test_choose_user_kind(self):
+class TestCompanySignup:
+    def test_choose_user_kind(self, client):
         url = reverse("signup:choose_user_kind")
-        response = self.client.get(url)
-        self.assertContains(response, "Employeur inclusif")
+        response = client.get(url)
+        assertContains(response, "Employeur inclusif")
 
-        response = self.client.post(url, data={"kind": UserKind.EMPLOYER})
-        self.assertRedirects(response, reverse("signup:company_select"))
+        response = client.post(url, data={"kind": UserKind.EMPLOYER})
+        assertRedirects(response, reverse("signup:company_select"))
 
+    @sso_parametrize
     @freeze_time("2022-09-15 15:53:54")
     @respx.mock
-    def test_join_an_company_without_members(self):
+    def test_join_an_company_without_members(self, client, sso_setup):
         """
         A user joins a company without members.
         """
@@ -48,31 +43,31 @@ def test_join_an_company_without_members(self):
         assert 0 == company.members.count()
 
         url = reverse("signup:company_select")
-        response = self.client.get(url)
+        response = client.get(url)
         assert response.status_code == 200
 
         # Find a company by SIREN.
-        response = self.client.get(url, {"siren": company.siret[:9]})
+        response = client.get(url, {"siren": company.siret[:9]})
         assert response.status_code == 200
 
         # Choose a company between results.
         post_data = {"siaes": company.pk}
         # Pass `siren` in request.GET
-        response = self.client.post(f"{url}?siren={company.siret[:9]}", data=post_data)
+        response = client.post(f"{url}?siren={company.siret[:9]}", data=post_data)
         assert response.status_code == 302
-        self.assertRedirects(response, reverse("search:employers_home"))
+        assertRedirects(response, reverse("search:employers_home"))
 
         assert len(mail.outbox) == 1
         email = mail.outbox[0]
         assert "Un nouvel utilisateur souhaite rejoindre votre structure" in email.subject
 
         magic_link = company.signup_magic_link
-        response = self.client.get(magic_link)
+        response = client.get(magic_link)
         assert response.status_code == 200
 
         # No error when opening magic link a second time.
-        response = self.client.get(magic_link)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(magic_link)
+        sso_setup.assertContainsButton(response)
 
         # Check IC will redirect to the correct url
         token = company.get_token()
@@ -83,23 +78,23 @@ def test_join_an_company_without_members(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_EMPLOYER,
             previous_url=previous_url,
             next_url=next_url,
         )
-        response = self.client.get(response.url)
+        response = client.get(response.url)
         # Check user is redirected to the welcoming tour
-        self.assertRedirects(response, reverse("welcoming_tour:index"))
+        assertRedirects(response, reverse("welcoming_tour:index"))
         # Check user sees the employer tour
-        response = self.client.get(response.url)
-        self.assertContains(response, "Publiez vos offres, augmentez votre visibilité")
+        response = client.get(response.url)
+        assertContains(response, "Publiez vos offres, augmentez votre visibilité")
 
-        user = User.objects.get(email=OIDC_USERINFO["email"])
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
 
         # Check `User` state.
         assert user.kind == UserKind.EMPLOYER
@@ -111,16 +106,17 @@ def test_join_an_company_without_members(self):
         assert len(mail.outbox) == 1
 
         # Magic link is no longer valid because company.members.count() has changed.
-        response = self.client.get(magic_link, follow=True)
-        self.assertRedirects(response, reverse("signup:company_select"))
+        response = client.get(magic_link, follow=True)
+        assertRedirects(response, reverse("signup:company_select"))
         expected_message = (
             "Ce lien d'inscription est invalide ou a expiré. Veuillez procéder à une nouvelle inscription."
         )
-        self.assertContains(response, escape(expected_message))
+        assertContains(response, escape(expected_message))
 
+    @sso_parametrize
     @freeze_time("2022-09-15 15:53:54")
     @respx.mock
-    def test_join_an_company_without_members_as_an_existing_employer(self):
+    def test_join_an_company_without_members_as_an_existing_employer(self, client, sso_setup):
         """
         A user joins a company without members.
         """
@@ -128,14 +124,16 @@ def test_join_an_company_without_members_as_an_existing_employer(self):
         assert 0 == company.members.count()
 
         user = EmployerFactory(
-            username=OIDC_USERINFO["sub"], email=OIDC_USERINFO["email"], has_completed_welcoming_tour=True
+            username=sso_setup.oidc_userinfo["sub"],
+            email=sso_setup.oidc_userinfo["email"],
+            has_completed_welcoming_tour=True,
         )
         CompanyMembershipFactory(user=user)
         assert 1 == user.company_set.count()
 
         magic_link = company.signup_magic_link
-        response = self.client.get(magic_link)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(magic_link)
+        sso_setup.assertContainsButton(response)
 
         # Check IC will redirect to the correct url
         token = company.get_token()
@@ -146,40 +144,43 @@ def test_join_an_company_without_members_as_an_existing_employer(self):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_EMPLOYER,
             previous_url=previous_url,
             next_url=next_url,
         )
-        response = self.client.get(response.url)
+        response = client.get(response.url)
         # Check user is redirected to the dashboard
-        self.assertRedirects(response, reverse("dashboard:index"))
+        assertRedirects(response, reverse("dashboard:index"))
 
         # Check `User` state.
         assert company.has_admin(user)
         assert 1 == company.members.count()
         assert 2 == user.company_set.count()
 
+    @sso_parametrize
     @freeze_time("2022-09-15 15:53:54")
     @respx.mock
-    def test_join_an_company_without_members_as_an_existing_employer_returns_on_other_browser(self):
+    def test_join_an_company_without_members_as_an_existing_employer_returns_on_other_browser(self, client, sso_setup):
         """
         A user joins a company without members.
         """
         company = CompanyFactory(kind=CompanyKind.ETTI)
 
         user = EmployerFactory(
-            username=OIDC_USERINFO["sub"], email=OIDC_USERINFO["email"], has_completed_welcoming_tour=True
+            username=sso_setup.oidc_userinfo["sub"],
+            email=sso_setup.oidc_userinfo["email"],
+            has_completed_welcoming_tour=True,
         )
         CompanyMembershipFactory(user=user)
 
         magic_link = company.signup_magic_link
-        response = self.client.get(magic_link)
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        response = client.get(magic_link)
+        sso_setup.assertContainsButton(response)
 
         # Check IC will redirect to the correct url
         token = company.get_token()
@@ -190,12 +191,12 @@ def test_join_an_company_without_members_as_an_existing_employer_returns_on_othe
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
         other_client = ItouClient()
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_EMPLOYER,
             previous_url=previous_url,
             next_url=next_url,
@@ -203,20 +204,18 @@ def test_join_an_company_without_members_as_an_existing_employer_returns_on_othe
         )
         response = other_client.get(response.url)
         # Check user is redirected to the dashboard
-        self.assertRedirects(response, reverse("dashboard:index"))
+        assertRedirects(response, reverse("dashboard:index"))
 
         # Check `User` state.
         assert company.has_admin(user)
         assert 1 == company.members.count()
         assert 2 == user.company_set.count()
 
-    def test_user_invalid_company_id(self):
+    def test_user_invalid_company_id(self, client):
         company = CompanyFactory(kind=CompanyKind.ETTI)
-        response = self.client.get(
-            reverse("signup:employer", kwargs={"company_id": "0", "token": company.get_token()})
-        )
-        self.assertRedirects(response, reverse("signup:company_select"))
-        self.assertMessages(
+        response = client.get(reverse("signup:employer", kwargs={"company_id": "0", "token": company.get_token()}))
+        assertRedirects(response, reverse("signup:company_select"))
+        assertMessages(
             response,
             [
                 messages.Message(
@@ -226,15 +225,15 @@ def test_user_invalid_company_id(self):
             ],
         )
 
-    def test_join_invalid_company_id(self):
+    def test_join_invalid_company_id(self, client):
         user = EmployerFactory(with_company=True)
-        self.client.force_login(user)
+        client.force_login(user)
         company = CompanyFactory(kind=CompanyKind.ETTI)
-        response = self.client.get(
+        response = client.get(
             reverse("signup:company_join", kwargs={"company_id": "0", "token": company.get_token()}), follow=True
         )
-        self.assertRedirects(response, reverse("signup:company_select"))
-        self.assertMessages(
+        assertRedirects(response, reverse("signup:company_select"))
+        assertMessages(
             response,
             [
                 messages.Message(
@@ -244,15 +243,16 @@ def test_join_invalid_company_id(self):
             ],
         )
 
+    @sso_parametrize
     @respx.mock
-    @mock.patch("itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK)
-    @override_settings(
-        API_INSEE_BASE_URL="https://insee.fake",
-        API_INSEE_SIRENE_BASE_URL="https://entreprise.fake",
-        API_INSEE_CONSUMER_KEY="foo",
-        API_INSEE_CONSUMER_SECRET="bar",
-    )
-    def test_create_facilitator(self, mock_call_ban_geocoding_api):
+    def test_create_facilitator(self, client, mocker, settings, sso_setup):
+        settings.API_INSEE_BASE_URL = "https://insee.fake"
+        settings.API_INSEE_SIRENE_BASE_URL = "https://entreprise.fake"
+        settings.API_INSEE_CONSUMER_KEY = "foo"
+        settings.API_INSEE_CONSUMER_SECRET = "bar"
+        mock_call_ban_geocoding_api = mocker.patch(
+            "itou.utils.apis.geocoding.call_ban_geocoding_api", return_value=BAN_GEOCODING_API_RESULT_MOCK
+        )
         respx.post(f"{settings.API_INSEE_BASE_URL}/token").mock(
             return_value=httpx.Response(200, json=INSEE_API_RESULT_MOCK)
         )
@@ -268,26 +268,26 @@ def test_create_facilitator(self, mock_call_ban_geocoding_api):
         respx.get(f"{settings.API_INSEE_SIRENE_BASE_URL}/siret/{FAKE_SIRET}").mock(
             return_value=httpx.Response(404, json={})
         )
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
         mock_call_ban_geocoding_api.assert_not_called()
-        self.assertContains(response, f"SIRET « {FAKE_SIRET} » non reconnu.")
+        assertContains(response, f"SIRET « {FAKE_SIRET} » non reconnu.")
 
         # Mock a valid answer from the server
         respx.get(f"{settings.API_INSEE_SIRENE_BASE_URL}/siret/{FAKE_SIRET}").mock(
             return_value=httpx.Response(200, json=ETABLISSEMENT_API_RESULT_MOCK)
         )
-        response = self.client.post(url, data=post_data)
+        response = client.post(url, data=post_data)
         mock_call_ban_geocoding_api.assert_called_once()
-        self.assertRedirects(response, reverse("signup:facilitator_user"))
+        assertRedirects(response, reverse("signup:facilitator_user"))
 
         # Checks that the SIRET and  the enterprise name are present in the second step
-        response = self.client.post(url, data=post_data, follow=True)
-        self.assertContains(response, "Centre communal")
-        self.assertContains(response, format_siret(FAKE_SIRET))
+        response = client.post(url, data=post_data, follow=True)
+        assertContains(response, "Centre communal")
+        assertContains(response, format_siret(FAKE_SIRET))
 
         # Now, we're on the second page.
         url = reverse("signup:facilitator_user")
-        self.assertContains(response, static_theme_images("logo-inclusion-connect-one-line.svg"))
+        sso_setup.assertContainsButton(response)
 
         # Check IC will redirect to the correct url
         previous_url = reverse("signup:facilitator_user")
@@ -297,23 +297,23 @@ def test_create_facilitator(self, mock_call_ban_geocoding_api):
             "previous_url": previous_url,
             "next_url": next_url,
         }
-        url = escape(f"{reverse('inclusion_connect:authorize')}?{urlencode(params)}")
-        self.assertContains(response, url + '"')
+        url = escape(f"{sso_setup.authorize_url}?{urlencode(params)}")
+        assertContains(response, url + '"')
 
-        response = mock_oauth_dance(
-            self.client,
+        response = sso_setup.mock_oauth_dance(
+            client,
             KIND_EMPLOYER,
             previous_url=previous_url,
             next_url=next_url,
         )
-        response = self.client.get(response.url)
+        response = client.get(response.url)
         # Check user is redirected to the welcoming tour
-        self.assertRedirects(response, reverse("welcoming_tour:index"))
+        assertRedirects(response, reverse("welcoming_tour:index"))
         # Check user sees the employer tour
-        response = self.client.get(response.url)
-        self.assertContains(response, "Publiez vos offres, augmentez votre visibilité")
+        response = client.get(response.url)
+        assertContains(response, "Publiez vos offres, augmentez votre visibilité")
 
-        user = User.objects.get(email=OIDC_USERINFO["email"])
+        user = User.objects.get(email=sso_setup.oidc_userinfo["email"])
 
         # Check `User` state.
         assert user.kind == UserKind.EMPLOYER
@@ -325,14 +325,14 @@ def test_create_facilitator(self, mock_call_ban_geocoding_api):
         # No sent email.
         assert len(mail.outbox) == 0
 
-    def test_facilitator_base_signup_process(self):
+    def test_facilitator_base_signup_process(self, client):
         url = reverse("signup:company_select")
-        response = self.client.get(url, {"siren": "111111111"})  # not existing SIREN
-        self.assertContains(response, global_constants.ITOU_HELP_CENTER_URL)
-        self.assertContains(response, get_tally_form_url("wA799W"))
-        self.assertContains(response, reverse("signup:facilitator_search"))
+        response = client.get(url, {"siren": "111111111"})  # not existing SIREN
+        assertContains(response, global_constants.ITOU_HELP_CENTER_URL)
+        assertContains(response, get_tally_form_url("wA799W"))
+        assertContains(response, reverse("signup:facilitator_search"))
 
-    def test_company_select_does_not_die_under_requests(self):
+    def test_company_select_does_not_die_under_requests(self, client):
         companies = (
             CompanyWithMembershipAndJobsFactory(siret="40219166200001"),
             CompanyWithMembershipAndJobsFactory(siret="40219166200002"),
@@ -349,47 +349,46 @@ def test_company_select_does_not_die_under_requests(self):
         # ensure we only perform 4 requests, whatever the number of companies sharing the
         # same SIREN. Before, this request was issuing 3*N slow requests, N being the
         # number of companies.
-        with self.assertNumQueries(
+        with assertNumQueries(
             BASE_NUM_QUERIES
             + 1  # SELECT companies with active admins
             + 1  # SELECT the conventions for those companies
             + 1  # prefetch memberships
             + 1  # prefetch users associated with those memberships
         ):
-            response = self.client.get(url, {"siren": "402191662"})
+            response = client.get(url, {"siren": "402191662"})
         assert response.status_code == 200
-        self.assertContains(response, "402191662", count=7)  # 1 input + 6 results
-        self.assertContains(response, "00001", count=1)
-        self.assertContains(response, "00002", count=1)
-        self.assertContains(response, "00003", count=1)
-        self.assertContains(response, "00004", count=1)
-        self.assertContains(response, "00005", count=2)
-
-
-class CompanySignupViewsExceptionsTest(MessagesTestMixin, TestCase):
-    def test_non_staff_cant_join_a_company(self):
-        company = CompanyFactory(kind=CompanyKind.ETTI)
-        assert 0 == company.members.count()
-
-        user = PrescriberFactory(email=OIDC_USERINFO["email"])
-        self.client.login(email=user.email, password=DEFAULT_PASSWORD)
-
-        # Skip IC process and jump to joining the company.
-        token = company.get_token()
-        url = reverse("signup:company_join", args=(company.pk, token))
-
-        response = self.client.get(url)
-        self.assertMessages(
-            response,
-            [
-                messages.Message(
-                    messages.ERROR,
-                    "Vous ne pouvez pas rejoindre une structure avec ce compte car vous n'êtes pas employeur.",
-                )
-            ],
-        )
-        self.assertRedirects(response, reverse("search:employers_home"))
+        assertContains(response, "402191662", count=7)  # 1 input + 6 results
+        assertContains(response, "00001", count=1)
+        assertContains(response, "00002", count=1)
+        assertContains(response, "00003", count=1)
+        assertContains(response, "00004", count=1)
+        assertContains(response, "00005", count=2)
+
+
+def test_non_staff_cant_join_a_company(client):
+    company = CompanyFactory(kind=CompanyKind.ETTI)
+    assert 0 == company.members.count()
+
+    user = PrescriberFactory()
+    client.login(email=user.email, password=DEFAULT_PASSWORD)
+
+    # Skip IC process and jump to joining the company.
+    token = company.get_token()
+    url = reverse("signup:company_join", args=(company.pk, token))
+
+    response = client.get(url)
+    assertMessages(
+        response,
+        [
+            messages.Message(
+                messages.ERROR,
+                "Vous ne pouvez pas rejoindre une structure avec ce compte car vous n'êtes pas employeur.",
+            )
+        ],
+    )
+    assertRedirects(response, reverse("search:employers_home"))
 
-        # Check `User` state.
-        assert not company.has_admin(user)
-        assert 0 == company.members.count()
+    # Check `User` state.
+    assert not company.has_admin(user)
+    assert 0 == company.members.count()
diff --git a/tests/www/welcoming_tour/tests.py b/tests/www/welcoming_tour/tests.py
index cc0f3a3edc..f5a9afc071 100644
--- a/tests/www/welcoming_tour/tests.py
+++ b/tests/www/welcoming_tour/tests.py
@@ -9,10 +9,7 @@
 from itou.users.models import User
 from itou.utils import constants as global_constants
 from tests.companies.factories import CompanyFactory
-from tests.openid_connect.inclusion_connect.test import (
-    override_inclusion_connect_settings,
-)
-from tests.openid_connect.inclusion_connect.tests import mock_oauth_dance
+from tests.openid_connect.test import sso_parametrize
 from tests.users.factories import DEFAULT_PASSWORD, JobSeekerFactory
 
 
@@ -56,27 +53,27 @@ def test_new_job_seeker_sees_welcoming_tour_test(self, client):
         assert response.wsgi_request.path == reverse("welcoming_tour:index")
         assertTemplateUsed(response, "welcoming_tour/job_seeker.html")
 
+    @sso_parametrize
     @respx.mock
-    @override_inclusion_connect_settings
-    def test_new_prescriber_sees_welcoming_tour_test(self, client):
+    def test_new_prescriber_sees_welcoming_tour_test(self, client, sso_setup):
         session = client.session
         session[global_constants.ITOU_SESSION_PRESCRIBER_SIGNUP_KEY] = {"url_history": []}
         session.save()
-        response = mock_oauth_dance(client, KIND_PRESCRIBER)
+        response = sso_setup.mock_oauth_dance(client, KIND_PRESCRIBER)
         response = client.get(response.url, follow=True)
 
         # User should be redirected to the welcoming tour as he just signed up
         assert response.wsgi_request.path == reverse("welcoming_tour:index")
         assertTemplateUsed(response, "welcoming_tour/prescriber.html")
 
+    @sso_parametrize
     @respx.mock
-    @override_inclusion_connect_settings
-    def test_new_employer_sees_welcoming_tour(self, client):
+    def test_new_employer_sees_welcoming_tour(self, client, sso_setup):
         company = CompanyFactory(with_membership=True)
         token = company.get_token()
         previous_url = reverse("signup:employer", args=(company.pk, token))
         next_url = reverse("signup:company_join", args=(company.pk, token))
-        response = mock_oauth_dance(
+        response = sso_setup.mock_oauth_dance(
             client,
             KIND_EMPLOYER,
             previous_url=previous_url,