Search Results :

×

SAML Single Sign-On (SSO) For Shopify Using Azure AD as IDP

miniOrange allows Azure AD to act as an IDP (Identity Provider), which allows users to Single Sign-On (SSO) into Shopify using (Microsoft Entra ID) Azure AD credentials. Our application is compatible with all the SAML / OAuth-compliant Identity Providers. We will go through a step-by-step guide to configure Single Sign-On (SSO) into Shopify using (Microsoft Entra ID) Azure AD as IDP (Identity Provider) and Shopify store as SP (Service Provider).


Note and Contact Us - SSO between two WordPress sites

Note: If you want to set up SSO in Shopify using (Microsoft Entra ID) Azure AD as a the IDP and the OAuth protocol, follow the instructions provided here.

To configure SSO into Shopify using (Microsoft Entra ID) Azure AD as IDP, you will need to install the miniOrange Shopify Single Sign On - SSO Login Application on your store.


Youtube-color Created with Sketch.

Check out our video, to know more about how Single-Sign-On works in Shopify.

Step by Step guide for Single Sign-On in Shopify Store Using (Microsoft Entra ID) Azure AD

Azure AD Admin Dashboard - Shopify Azure AD SSO

  • Navigate to Add >> Enterprise Application.
Enterprise Application - Shopify Azure AD SSO

  • Click on Create your own Application.
Create Own App - Shopify Azure AD SSO

  • Enter the name of your app, then select the Non-gallery application section and click on Create button.

Name App & Create - Shopify Azure AD SSO

  • Click on Setup Single sign-on.
Setup SSO - Shopify Azure AD SSO

  • Select the SAML tab.
SAML - Shopify Azure AD SSO

  • Click on Edit.
Edit SAML Configuration - Shopify Azure AD SSO

Edit SAML Configuration - Shopify Azure AD SSO

  • For the above SAML configuration, you need to get the Entity ID and ACS URL from Shopify.
  • Now go to your Shopify store navigate to the App section and click on Single Sign On - SSO login application.
SSO Login App - Shopify Azure AD SSO

  • Click on the Add Identity Provider button to add your IDP.
Add IDP - Shopify Azure AD SSO

  • Select SAML protocol.
SAML - Shopify Azure AD SSO

  • Now choose Azure AD from the list of IDPs.
Azure AD IDP - Shopify Azure AD SSO

  • Click on the Get metadata button, as shown on the below screen to get the service provider metadata.
Get Metadata - Shopify Azure AD SSO

  • Navigate to the SP Initiated Metadata section and copy down the ACS URL and Entity ID or Issuer.
SP Initiated Metadata - Shopify Azure AD SSO

  • Navigate to IDP Initiated Metadata section and copy down the ACS URL and Entity ID or Issuer.
IDP Initiated Metadata - Shopify Azure AD SSO

  • Enter the values in the basic SAML configuration as shown in the below screen.

Identifier (Entity ID) Entity ID or Issuer
Reply URL (Assertion Consumer Service URL) ACS URL
Configure SAML - Shopify Azure AD SSO

  • By default, the following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the Attributes tab.
  • Click on Edit to add or edit claims.
Attribute Statements - Shopify Azure AD SSO

  • Click on Add new claim.
Add New Claim - Shopify Azure AD SSO

  • Example: In Microsoft Entra ID, add a claim for the Country attribute by specifying the claim name.
  • Select the source attribute as user.country and click on Save.
Country Atrribute - Shopify Azure AD SSO

  • Copy the App Federation Metadata URL. This will be used while configuring the (Microsoft Entra ID) Azure AD as IDP in Step 2.
App Federation Metadata URL - Shopify Azure AD SSO

  • Assign users and groups to your SAML application.
  • As a security control, (Microsoft Entra ID) Azure AD will not issue a token allowing a user to sign in to the application unless (Microsoft Entra ID) Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
  • Click on Users and Groups from the application's left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.
Users and Groups - Shopify Azure AD SSO

  • After clicking on Add User, Select Users and Groups in the Add Assignment screen.
  • The next screen presents the option for selecting user or invite an external user. Select the appropriate user and click on the Select button.
Assign Users - Shopify Azure AD SSO

  • Here, you can also assign a role to this user under the Select Role section. Finally, click on the Assign button to assign that user or group to the SAML application.
Select Role - Shopify Azure AD SSO

You have successfully completed (Microsoft Entra ID) Azure AD side configuration.



  • Navigate back to the miniOrange Single Sign On-SSO application and click on the Add Identity Provider button.
Add IDP - Shopify Azure AD SSO

  • Select SAML protocol.
SAML - Shopify Azure AD SSO

  • From the list of IDPs, select Azure AD.
Azure AD - Shopify Azure AD SSO

  • Click on the Import IDP Metadata button.
Import IDP Metadata - Shopify Azure AD SSO

  • Select the upload method as Metadata Link. Paste the copied XML file link from Step 1 and Click on Import.
Metadata Link - Shopify Azure AD SSO

  • Add the appropriate IDP Name and click on Save.
Save Configuration - Shopify Azure AD SSO


  • Go to More actions against the IDP you have configured and click on the Show SSO Link button.
Show SSO Link - Shopify Azure AD SSO

  • Copy the SSO URL.
SSO URL - Shopify Azure AD SSO

  • Now go to the Single sign-on tab in Azure AD or Microsoft Entra ID. Under the Basic SAML Configuration tab and click on Edit.
Edit SAML Configuration - Shopify Azure AD SSO

  • Paste the copied SSO URL Link in the Relay State section.
Relay State - Shopify Azure AD SSO

  • Click on Save.

  • After saving the IDP configuration, you will be redirected to the Test Connection step.
    Please perform Test Connection before mapping or fetching attributes, test connection ensures that your IDP configuration is correct.
  • Click on the Test Connection button.
Test Connection - Shopify Azure AD SSO

  • On entering valid Azure AD credentials you will see a pop-up window which is shown in the below screen.
Connection Succesfull - Shopify Azure AD SSO

  • Click on the Fetch Attributes button to fetch the IDP attribute.
Fetch Attributes - Shopify Azure AD SSO


  • Click on the + Attribute Mapping button to map attributes between Shopify and Azure AD.
Attribute Mapping - Shopify Azure AD SSO

  • Map the attributes by referring to the table below:
Attribute Name in Shopify Choose the attribute from the list of predefined attributes
Attribute Type IDP Attribute
Attribute Value Select the attribute value you have fetched from your IDP
Map Attributes - Shopify Azure AD SSO

  • Click on Save.
Save Configurations - Shopify Azure AD SSO

  • Navigate to the application home page. Go to More actions against the IDP you have configured and click on the Make Default button to make the IDP default.
Make Default - Shopify Azure AD SSO


Testing SSO into Shopify using your Azure AD or Microsoft Entra ID credentials.

  • Go to your Shopify Store login page.(https://<your-Shopify-storedomain>/account/login)
  • Click on the login button you customized earlier.
 Shopify Store Login - Shopify Azure AD SSO

  • If you encounter an "invalid or missing reCAPTCHA token" error accompanied by a "Something went wrong" message, refer to this FAQ to resolve the error.
  • Shopify Entra ID SSO - Something went wrong error

  • Else, you’ll be redirected to the login page of the IDP you configured in the previous step. Log in with your IDP account credentials.
  • You’ll be successfully logged in to your Shopify store.
  • Navigate to Single sign-on tab and scroll down to Test single sign-on section. Click on the Test button.
Test SSO - Shopify Azure AD SSO

  • Now open the Test sign in link in incognito tab.
Test Sign In - Shopify Azure AD SSO

  • After login into the Microsoft account using your Azure AD or Microsoft Entra ID credentials, you will be auto-logged in to your Shopify Store.

Hence your configuration of (Microsoft Entra ID) Azure AD as IDP in Shopify is successfully completed.


Follow the steps outlined here to configure SSO in Shopify with your preferred IDP.

Redirection to any other site might be blocked in the browser. Please follow the steps given here to resolve the issue.

Follow the steps outlined here to redirect your customer to collections/cart or any other page.

You must upgrade to the SSO application’s Enterprise plan to enable the Auto-Redirect to the IDP feature. Follow the steps outlined here to enable this feature.


Please reach out to us at shopifysupport@xecurify.com, and our team will assist you with setting up the Shopify SSO application. Our team will help you to select the best suitable solution/plan as per your requirement.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com