Shopify Single Sign-On (SSO) – Shopify SSO Integration
Shopify Single Sign-On SSO - Login application by miniOrange allows users to SSO into your Shopify Store (Plus & Non plus). Configure SSO with integration protocols such as SAML 2.0, OAuth 2.0, OpenID Connect, JWT, LDAP, API authentication, etc. for different IDPs like Okta, ADFS, Azure AD, Azure B2C, Onelogin, AWS Cognito, GSuite/Google Apps,
etc. or any Custom Identity provider along with MFA features.
Select your Identity provider and start setting Single Sign-On (SSO) for your Shopify store within minutes.
Get the Setup guide to configure Single Sign-On with your IDP
Click on the Click here link to get miniOrange metadata from Shopify SSO application. This metadata will be required while configuring SAML IDP
After clicking on the Click here button, two flows will be displayed: SP - INITIATED SSO and IDP - INITIATED SSO. For SP - INITIATED SSO, either Metadata URL can be copied or Metadata details can be individually copied for
further configuration. Follow any one of the following steps to keep the miniOrange metadata.
Here Metadata details are shown by selecting the Show Metadata Details option.
2.2. Configuring your IDP with miniOrange SP
Go to the developers console of your preferred IDP.
Create a new Application.
Select SAML protocol for this newly created Application.
Enter Metadata URL or paste the individual Metadata details of miniOrange generated in Step 1.
Save the configurations.
Get the following data from your IDP:
I. IdP Entity ID II. SAML Login URL III. Logout URL IV. SAML X.509 Certificate
Create a user in your IDP with which you are looking for SSO into Shopify.
2.3. Set up SAML IDP in Shopify SSO Application
Go back to your Shopify Store. In miniOrange Single Sign On - SSO Application, click on Setup IDP
Go to Configure SSO -> Add Identity provider. Select SAML.
Enter the IDP Name of your choice.
Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) from your IDP.
Or you can directly upload an XML file containing relative information.
Leave the other configurations and checkboxes as it is.
After filling these fields click on the “Save” button to save the details.
2.4. Test Connection
Go to the Configure SSO tab.
Click on Select->Test Connection option against the Identity Provider you configured.
After entering the correct credentials of the user present in your IDP, you will get a successful test connection screen.
We support all standard IDPs like Okta, Azure AD, Keycloak, ADFS, Onelogin, Google Apps, Salesforce, Ping Identity, etc. and Custom IDPs too.
2.1. Getting OAuth Callback URL from Shopify
Select OAuth 2.0
Copy OAuth Callback URL. This URL is required for creating an OAuth application on OAuth Provider.
2.2. Configuring OAuth IDP in Shopify SSO Application
Go to the developers console of your preferred OAuth Server.
Create a new Application. Enter the basic details required for creating an application.
Now, you will need to configure the Callback/ Redirect URL copied from Step 1
Select proper scopes based on the OAuth Server. Same scopes will be required to configure in Shopify SSO Application during OAuth IDP configurations.
Once, all the required details are entered. Please Save the configurations.
After saving the configurations, your IDP will provide Client ID & Client Secret for your recently configured application. These details are also required while setting up OAuth Server in Shopify Single Sign On Application.
2.3. Set up OAuth Server in Shopify SSO Application
Go to your Shopify store and navigate to App section and click on Single Sign On - SSO login application.
Click on Setup IDP button in the left navigation bar.
Select the App Name which you want to configure as IDP.
Provide the required settings:
App Display Name
Enter a display name of your choice
Client ID of your configured IDP from Step 2
Client Secret of your configured IDP from Step 2
OAuth Authorize Endpoint
OAuth Access Token Endpoint
OAuth Get User Info Endpoint
Provide valid scopes as per your IDP
We support all standard IDPs like AWS Cognito, Azure B2C, Salesforce, Google, Facebook, LinkedIn, Apple, Discord, etc.
3. Attribute Mapping
This feature can be used to map user attributes coming from Identity Provider into your Shopify store customer profile.
Go to Single Sign On - SSO Application from Admin Dashboard.
Scroll down to Attribute Mapping Section.
Enter the attributes values or 'keys' like email, firstname, lastname, etc from your Identity provider to map them into your store’s customer profile.
Save your configurations.
4. Domain Mapping
If your primary domain is different than your Shopify domain then add your primary domain URL in the Domain settings section of Single Sign On - SSO Application.
Note: Remove “https:” and slashes from the URL while adding it here.
Save your configurations.
5. Configuration on Shopify Store Admin Page
Go to your Shopify store admin page.
In the left section, click on the Online Store and select Preferences.
Scroll down to the Spam Protection section and uncheck the second option "Enable Google reCAPTCHA on login, create account and password recovery pages"
Save your changes.
6. Testing IDP configuration
Go to you Shopify Store login page.
Click on login button you customized earlier.
You’ll be redirected to login page of IDP you configured earlier. Enter your account credentials
You’ll be successfully login to your shopify store.
7. Restrict Complete Store to logged-in users
If you want to restrict Shopify Store to only logged-in users please follow the below steps and If you want to allow SSO only from the /account/login page you can skip this step.
Prerequisite : You should have enabled password protection on your shopify store
You need to get storefront_digest cookie for configuring Complete Store with SSO. Click on lock-shaped icon in the address bar of the browser and than click on cookies
After that click on tab with name similar to your store domain and than click on submenu - Cookies
Now search for storefront_digest variable and then click on it, After that you can see it’s value under the content section as shown below. Copy this value
Paste the storefront_digest cookie value in the store access cookie section as shown below and then click on the Save button.
Now go to https://< your-store-domain >/password and click on Enter using Password in the top right corner. After that click on the Login widget to initiate the SSO.
Hence you have successfully configured Single Sign-On (SSO) into Shopify store using your application as an Identity Provider.
If you don't find what you are looking for, please contact us at
firstname.lastname@example.org or call us at +1 978 658 9387 to find an answer to your question about Shopify Single Sign-On (SSO).
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.