Shopify Single Sign-On (SSO) – Shopify SSO Integration


Shopify Single Sign-On SSO - Login application by miniOrange allows users to SSO into your Shopify Store (Plus & Non plus). Configure SSO with integration protocols such as SAML 2.0, OAuth 2.0, OpenID Connect, JWT, LDAP, API authentication, etc. for different IDPs like Okta, ADFS, Azure AD, Azure B2C, Onelogin, AWS Cognito, GSuite/Google Apps, etc. or any Custom Identity provider along with MFA features.
Select your Identity provider and start setting Single Sign-On (SSO) for your Shopify store within minutes.


Get the Setup guide to configure Single Sign-On with your IDP

Providers Links
Okta Click Here
Azure AD Click Here
Azure B2C Click Here
AWS Cognito Click Here
Auth0 Click Here
ADFS Click Here
Providers Links
AWS Cognito
as userstore
Click Here
Salesforce Click Here
Pingfederate Click Here
Keycloak Click Here
Ientity
Server 4
Click Here
Providers Links
Discord Click Here
Wordpress Click Here
PingOne Click Here
WSO2 Click Here
Zendesk Click Here
Shibboleth Click Here
Providers Links
Google Click Here
GSuite Click Here
Twitter Click Here
LinkedIn Click Here
Facebook Click Here
Apple Click Here

Pre-requisite : Single Sign On - SSO Application

To configure SSO with Apple as IDP, you will need to install the miniOrange Single Sign On - SSO Application on your Shopify store:

miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify applications(both plus and Non plus Stores).

Step-by-Step Guide for configuring Shopify Single Sign On (SSO) App

1. Configure IDP for enabling SSO

  • Click on Setup IDP in the top left in navigation bar of Shopify SSO App. You’ll be redirected to identity provider menu of miniOrange.
  • Shopify Single Sign-On (SSO) - Configure IDP for enabling Single Sign-On (SSO)
  • In the right upper corner, select Add Identity Provider.
  • Shopify Single Sign-On (SSO) - Add Identity Provider
  • Select protocol which you want to use for SSO from SAML,OAuth2.0, OpenID, CAS, Radius, LDAP etc.


2. Setup SSO into Shopify Store


    2.1. Getting Metadata details from Shopify

    • Select SAML
    • Shopify Single Sign-On (SSO) - Select IDP details
    • Click on the Click here link to get miniOrange metadata from Shopify SSO application. This metadata will be required while configuring SAML IDP
    • Shopify Single Sign-On (SSO) - Select IDP details
    • After clicking on the Click here button, two flows will be displayed: SP - INITIATED SSO and IDP - INITIATED SSO. For SP - INITIATED SSO, either Metadata URL can be copied or Metadata details can be individually copied for further configuration. Follow any one of the following steps to keep the miniOrange metadata.
    • Here Metadata details are shown by selecting the Show Metadata Details option.
    • Shopify Single Sign-On (SSO) - Select IDP details

    2.2. Configuring your IDP with miniOrange SP

    • Go to the developers console of your preferred IDP.
    • Create a new Application.
    • Select SAML protocol for this newly created Application.
    • Enter Metadata URL or paste the individual Metadata details of miniOrange generated in Step 1.
    • Save the configurations.
    • Get the following data from your IDP:
    • I. IdP Entity ID
      II. SAML Login URL
      III. Logout URL
      IV. SAML X.509 Certificate

    • Create a user in your IDP with which you are looking for SSO into Shopify.

    2.3. Set up SAML IDP in Shopify SSO Application

    • Go back to your Shopify Store. In miniOrange Single Sign On - SSO Application, click on Setup IDP
    • Shopify Single Sign-On (SSO) - Select IDP details
    • Go to Configure SSO -> Add Identity provider. Select SAML.
    • Shopify Single Sign-On (SSO) - Select IDP details Shopify Single Sign-On (SSO) - Select IDP details
    • Enter the IDP Name of your choice.
    • Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) from your IDP.
    • Or you can directly upload an XML file containing relative information.
    • Shopify Single Sign-On (SSO) - Select IDP details
    • Leave the other configurations and checkboxes as it is.
    • After filling these fields click on the “Save” button to save the details.

    2.4. Test Connection

    • Go to the Configure SSO tab.
    • Click on Select->Test Connection option against the Identity Provider you configured.
    • Shopify Single Sign-On (SSO) - Select IDP details
    • After entering the correct credentials of the user present in your IDP, you will get a successful test connection screen.
    • Shopify Single Sign-On (SSO) - Select IDP details
    • We support all standard IDPs like Okta, Azure AD, Keycloak, ADFS, Onelogin, Google Apps, Salesforce, Ping Identity, etc. and Custom IDPs too.

3. Attribute Mapping

This feature can be used to map user attributes coming from Identity Provider into your Shopify store customer profile.

  • Go to Single Sign On - SSO Application from Admin Dashboard.
  • Scroll down to Attribute Mapping Section.
  • Enter the attributes values or 'keys' like email, firstname, lastname, etc from your Identity provider to map them into your store’s customer profile.
  • Save your configurations.
  • Shopify Single Sign-On (SSO) - Restrict Shopify Store to logged in users

4. Domain Mapping

  • If your primary domain is different than your Shopify domain then add your primary domain URL in the Domain settings section of Single Sign On - SSO Application.
  • Note: Remove “https:” and slashes from the URL while adding it here.

  • Save your configurations.
  • Shopify Single Sign-On (SSO) - Restrict Shopify Store to logged in users

5. Configuration on Shopify Store Admin Page

  • Go to your Shopify store admin page.
  • In the left section, click on the Online Store and select Preferences.
  • Scroll down to the Spam Protection section and uncheck the second option "Enable Google reCAPTCHA on login, create account and password recovery pages"
  • Save your changes.
  • Shopify Single Sign-On (SSO) - Restrict Shopify Store to logged in users

6. Testing IDP configuration

  • Go to you Shopify Store login page.
  • Click on login button you customized earlier.
  • You’ll be redirected to login page of IDP you configured earlier. Enter your account credentials
  • You’ll be successfully login to your shopify store.

7. Restrict Complete Store to logged-in users

If you want to restrict Shopify Store to only logged-in users please follow the below steps and If you want to allow SSO only from the /account/login page you can skip this step.


Prerequisite : You should have enabled password protection on your shopify store


  • You need to get storefront_digest cookie for configuring Complete Store with SSO. Click on lock-shaped icon in the address bar of the browser and than click on cookies
  • Shopify Single Sign-On (SSO) - Restrict Shopify Store to logged in users
  • After that click on tab with name similar to your store domain and than click on submenu - Cookies
  • Shopify Single Sign-On (SSO) - Restrict Shopify Store to logged in users
  • Now search for storefront_digest variable and then click on it, After that you can see it’s value under the content section as shown below. Copy this value
  • Shopify Single Sign-On (SSO) - Restrict Shopify Store to logged in users
  • Paste the storefront_digest cookie value in the store access cookie section as shown below and then click on the Save button.
  • Shopify Single Sign-On (SSO) - Restrict Shopify Store to logged in users
  • Now go to https://< your-store-domain >/password and click on Enter using Password in the top right corner. After that click on the Login widget to initiate the SSO.
  • Shopify Single Sign-On (SSO) - Restrict Shopify Store to logged in users
Hence you have successfully configured Single Sign-On (SSO) into Shopify store using your application as an Identity Provider.

Additional Resources


Free Trial

If you don't find what you are looking for, please contact us at shopifysupport@xecurify.com or call us at +1 978 658 9387 to find an answer to your question about Shopify Single Sign-On (SSO).

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com