Search Results :

×
Sign Up Contact Us

Contents

How to Implement SSO with Salesforce as IDP using Shopify?

Teams running Salesforce and Shopify together often face the same problem. Contacts need separate logins for each platform. This creates friction, password fatigue, and a poor customer experience. Single Sign On between Salesforce and Shopify resolves this by allowing contacts to access the store using their existing Salesforce identity. This guide explains the complete Shopify and Salesforce integration for SSO using the miniOrange SSO app, enabling Shopify access with Salesforce contacts without requiring a user license.

Shopify SSO using Salesforce contacts | Demo Request a Demo

Before starting the configuration, make sure the following are ready:

  • Install Shopify SSO app on the Shopify store (You can use miniOrange SSO app for Shopify)
  • miniOrange Salesforce SSO package is installed in the Salesforce org
  • Admin access is available for both the Salesforce org and the Shopify store
  • Log in to the Salesforce org.
  • Navigate to the Salesforce Setup section.
  • Open the App Launcher and search for miniOrange SSO.
Shopify SSO using Salesforce contacts | miniOrange SSO App

  • Click on the miniOrange SSO Configuration tab and select the signing algorithm from the available options.
  • Enter the Secret key in the designated field. This key must match the secret key configured in the miniOrange app on Shopify.
  • Scroll down and click Save Configuration.
Shopify SSO using Salesforce contacts | Save Configuration

  • Navigate back to the Salesforce Setup section.
  • In the Quick Find box, type Flows and select it from the results.
Shopify SSO using Salesforce contacts | Setup Flow

  • Click New Flow to open the flow creation screen.
  • Select a flow type based on your use case. Any flow type works here, so choose the one that fits the intended trigger or user journey.
Shopify SSO using Salesforce contacts | Setup Flow

  • Inside the Flow Builder canvas, search for and add the Generate JWT Token and URL component.
  • Configure the component with the following values:
Field Value
Base URL https://<your-store-name>.myshopify.com
Subject (sub) Email
Audience (aud) https://<your-store-name>.myshopify.com
Issuer (iss) https://<your-domain>.my.salesforce.com
Relay State https://<your-store-name>.myshopify.com/account
Note and Contact Us - Salesforce Shopify SSO using custom Objects

Note: Replace your-store-name with the actual Shopify store name and your-domain with the actual Salesforce My Domain subdomain.
The Issuer (iss) field must contain the exact Salesforce My Domain URL. Even a small mismatch here will cause the login to fail. The Relay State is where Shopify sends the user after a successful login. The /account path is the default, but it can point to any valid page on the store.

Shopify SSO using Salesforce contacts | Add Token and URL to Flow

  • Click Save to save the flow
  • Click Activate to make the flow live.

Once the flow is active, the Generate JWT Token and Login URL component outputs a Login URL every time the flow runs. That Login URL is the SSO entry point. Sharing or triggering this URL logs the Salesforce contact directly into Shopify, completing the Single Sign On between Salesforce and Shopify setup.

The Shopify Salesforce integration using JWT has been successfully configured. Salesforce contacts can now log into the Shopify store through the generated Login URL without needing a separate password or a Salesforce user license.


Yes. Implementing SSO with Salesforce (as IDP) using Shopify is a fully supported configuration. In this path, Salesforce issues SAML assertions, and the miniOrange app handles the Shopify Service Provider (SP) side. You can configure Salesforce to use Contacts or custom objects as the identity source, depending on how your organization stores user data. The Salesforce OAuth SSO setup guide for Shopify is also available for teams that prefer OAuth 2.0 over JWT or SAML. For assistance with any of these configurations, please contact the miniOrange support team.

Yes. JWT-based SSO Salesforce to Shopify works for both Shopify Plus and Non-Plus stores. The miniOrange SSO app supports JWT, SAML, OAuth, and OpenID Connect across both store types. The Shopify and Salesforce integration is not limited by the store plan, so merchants on any Shopify tier can set this up.

No, a Salesforce user license is not required. This setup enables Salesforce SSO without the user license. Salesforce Contacts (or even custom objects, if configured) are different from licensed Salesforce Users. With Salesforce contact-based authentication for Shopify, the token carries the contact's email identity, and Shopify validates that identity directly. No Salesforce user license check is involved.

Yes. The Relay State can be set to any valid URL within the Shopify store. For Salesforce customer login, whether the identity source is a Contact or a custom object, you can direct users to a specific dashboard or custom page by updating the relay state field in the JWT component and resaving the flow.

Related Articles



 Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again


ADFS_sso ×
Hello there!

Need Help? We are right here!

support