Brightspace Single Sign-On (SSO) using Shopify as IDP

Pre-requisite : Store as IDP - SSO Login Application

To configure SSO into Brightspace LMS with Shopify as IDP, you will need to install the miniOrange Store as IDP - SSO Login Application on your store.

Step-by-Step Guide for configuring SSO into Brightspace LMS using Shopify Store as IDP

1. Retrieve SP Metadata from Brightspace

• Login to your Brightspace LMS domain.
• Click on Settings icon, and under Security, select SAML Administration.

• Click on Add New Identity Provider.

• Copy the metadata URL of your Brightspace application or keep it handy, to configure Brightspace as a service provider in the IDP application.

2. Enable JIT Provisioning

• Note: Enable this if you want a new user to login.
• Login to your Brightspace LMS domain.
• Click on Settings icon, and under Security, select Roles and Permissions.

• Select your role according to your privileges, and click on Edit Permissions.

• Check the box for Manage SAML JIT Provisioning Configurations.

• Now, enable the JIT Provisioning for the creation of new user account.

3. Configure Shopify as IDP

• Navigate to your shopify store, click on Apps tab and select Store as IDP - SSO login application.

• Click on the Setup Application button in the left navigation bar.

• From the left navigation bar select Apps and click on Add Application button.

• Go to SAML tab and search for Brightspace and select Brightspace Community.

• To import the Brightspace metadata, click on Import SP Metadata.
• Enter the App Name and enter the metadata URL kept handy from Step 1.

• Manually enter the Audience URI same as the SP Entity ID.
• Click on Show Advanced Settings.
• Fields like Sign Response and Sign Assertion should be turned off and on respectively.

• Enter the remaining values by referring to the table below:

Name ID	Email Address
Name ID Format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Group Name	DEFAULT
Policy Name	Enter any name as per your choice
Login Method	Password

• Click on the Save button to save your configuration.
• Click on Edit.

• Set the Identity Source as shopifyasidp.

• Enter the Brightspace attributes from Step 2.

• Click on Save.
• Now, navigate to Select option and choose Metadata tab.

• Now click on Show Metadata Details under INFORMATION REQUIRED TO AUTHENTICATE VIA EXTERNAL IDPS section. Copy down these data as they will be used in further steps.

You have successfully completed the Shopify as IDP configurations.

4. Configure Brightspace as SP

• Login to your Brightspace LMS domain.
• Click on Settings icon, and under Security, select SAML Administration.

• Click on Add New Identity Provider.

• Enter the Display Name of your SAML identity provider.
• To configure Brightspace as your service provider, click on Import from your Identity Provider.

• Fields like Entity ID and Single Sign-On URL have been filled automatically.
• Set the User / Name ID Mapping as Email Address.

• Click on Save.
• You can see that your SAML Identity Provider has been successfully registered with Brightspace.
• Now, click on Manage Just-In-Time Provisioning.

• Under Attribute Map, check the box for Update attributes on login.
• Under Role Map, select Learner for Brightspace Role and Provider Role respectively.

• Click on Save and Close.

You have successfully completed the Brightspace side configurations.

5. Testing SSO for Brightspace LMS

• Go to your Brightspace LMS login page.
• Click on the login button you customized earlier. You’ll be redirected to the login page of the Shopify store.

• Enter your Shopify Store login credential and click on Login. You will be automatically logged in to your Brightspace LMS account.

You have successfully configured Shopify as Identity Provider for your Brightspace LMS application.