Easy and seamless access to all resources. Single Sign-On (SSO) into any SAML2.0, WS-FED or JWT Application using Shopify credentials.
Allow Service providers to mapped user details directly from Shopify IDP (First Name, Last Name, Phone number, Email id, etc.)
Allows service Providers to map user’s Group from Identity Provider to service provider groups. The user groups are updated on SSO.
Configure the URL wherever you want to redirect your Single Sign-On users after SSO login or after logout.
When the Shopify IDP session expires, log out the user from all service providers.
Easily integrate the login link from your Shopify site using short code for IDP initiated SSO.
SSO is based on a trust relationship between the identity provider and service provider. This secure authentication is based upon a certification that is exchanged between the Shopify identity provider and the service provider you have chosen. The certificate can be used to sign identity details sent from the Shopify identity provider to the service provider, ensuring that the service provider is receiving it from a reliable source (Shopify IDP). This identity data is stored in Shopify SSO as tokens, which contain identifying details about the user such as an email address or a username, among other things.
Here is the description of what each field means (present on the app configuration window).
|SP Entity ID||SP Entity ID is used to identify your app against the SAML request received from SP. Make sure the SP Entity ID or Issuer is in this format: httpss://www.domain-name.com/a/[domain_name]/acs.|
|ACS URL||Assertion Consumer Service URL defines where the SAML Assertion should be sent after authentication. Make sure the ACS URL is in the format: httpss://www.domain-name.com/a/[domain_name]/acs.|
|Single Logout URL||Single Logout URL defines where the user should be redirected after receiving the logout request from SP. You can mention your applications logout page URL here. Make sure the Single Logout URL is in the format: httpss://mail.domain-name.com/a/out/tld/?logout.|
|Audience URI||Audience URI, as the name suggests, specifies the valid audience for SAML Assertion. It is usually the same as SP Entity ID. If Audience URI is not specified separately by SP, leave it blank.|
|NameID||NameID defines what SP is expecting in the subject element of SAML Assertion. Generally, NameID is Username of Email Address|
You can edit Application by using the following steps:
|Application Name||Enter Application Name|
|Client Name||Enter Client Name|
|Client ID||Enter Client ID|
|OAuth Authorize URL||https://<store.xecurify.com>/moas/broker/login/oauth/<customerid>
-Use this endpoint when you want use Shopify as Identity Provider
|OAuth Token Endpoint URL||https://<store.xecurify.com>/moas/rest/oauth/token||OAuth User Info Endpoint URL||https://<mycompany.domainname.com>/moas/rest/oauth/getuserinfo|