How to use Shopify as an Identity provider for single sign-on(SSO)?

Page and Post Restriction for WordPress (WP) banner

Key Features

Single Sign-On(SSO)

Easy and seamless access to all resources. Single Sign-On (SSO) into any SAML2.0, WS-FED or JWT Application using Shopify credentials.

User Attribute Mapping

Allow Service providers to mapped user details directly from Shopify IDP (First Name, Last Name, Phone number, Email id, etc.)

User Groups Mapping

Allows service Providers to map user’s Group from Identity Provider to service provider groups. The user groups are updated on SSO.

Custom Redirect URL

Configure the URL wherever you want to redirect your Single Sign-On users after SSO login or after logout.

Single Logout

When the Shopify IDP session expires, log out the user from all service providers.

Easily Integrate

Easily integrate the login link from your Shopify site using short code for IDP initiated SSO.

Slider

SSO is based on a trust relationship between the identity provider and service provider. This secure authentication is based upon a certification that is exchanged between the Shopify identity provider and the service provider you have chosen.

The certificate can be used to sign identity details sent from the Shopify identity provider to the service provider, ensuring that the service provider is receiving it from a reliable source (Shopify IDP). This identity data is stored in Shopify SSO as tokens, which contain identifying details about the user such as an email address or a username, among other things.






Shopify as idp

Step-by-Step Guide for configuring Shopify as Identity Provider APP

Step 1: Install and setup App


  • Click on Add App in Login with Customer Account App on Shopify App Store
  • Click on install app button at right bottom of screen.
  • Accept the recurring charges shown by our App. After that you’ll be automatically redirected to the Application home page.
  • Enter primary domain of your Shopify Store in Domain Settings section of the Application after that click on Save
  • Single Sign-On (SSO)for Shopify (Plus and Non Plus),set your domain

Step 2: Configure Application for enabling Single Sign On

  • Click on Setup Application in the top left in the navigation bar of Shopify as Identity Provider App. You’ll be redirected to the Add Application menu of miniOrange.

  • Single Sign-On (SSO)for Shopify (Plus and Non Plus), setup-application
  • Click on Configure Apps button.

  • Single Sign-On (SSO)for Shopify (Plus and Non Plus), configure-apps
  • Select the protocol which you Application support in which you want to integrate SSO through Shopify as Identity Provider

Configure Single Sign-On (SSO) Settings for SAML Apps:

  • Click on the SAML tab and search for your Application. If you can't find your application in the below list then select Custom APP and you can also submit your app request to add the application as a pre-integrated app.


  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, Details of SP metadata
  • Once you select the Custom App option, you will find a window similar to :
  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, custom-app
  • Either you can Copy Paste all the attributes of Service Provider (SP), Or you can directly upload an XML file containing relative information.
  • To upload the file, follow these steps: Click on Import SP Metadata button
  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, import SP metadata
  • You will get a popup with following options.
  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, add  SP metadata popup

    Here is the description of what each field means (present on the app configuration window).

    SP Entity ID SP Entity ID is used to identify your app against the SAML request received from SP. Make sure the SP Entity ID or Issuer is in this format: httpss://www.domain-name.com/a/[domain_name]/acs.
    ACS URL Assertion Consumer Service URL defines where the SAML Assertion should be sent after authentication. Make sure the ACS URL is in the format: httpss://www.domain-name.com/a/[domain_name]/acs.
    Single Logout URL Single Logout URL defines where the user should be redirected after receiving the logout request from SP. You can mention your applications logout page URL here. Make sure the Single Logout URL is in the format: httpss://mail.domain-name.com/a/out/tld/?logout.
    Audience URI Audience URI, as the name suggests, specifies the valid audience for SAML Assertion. It is usually the same as SP Entity ID. If Audience URI is not specified separately by SP, leave it blank.
    NameID NameID defines what SP is expecting in the subject element of SAML Assertion. Generally, NameID is Username of Email Address
  • NameID Format defines the format of subject element content, i.e. NameID. For example, Email Address NameID Format defines that the NameID is in the form of an email address, specifically “addr-spec”. An addr-spec has the form local-part@domain, has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by “<” and “>”. If NameID Format is not externally specified by SP, leave it unspecified.
  • You can Add Attributes to be sent in SAML Assertion to SP. The attributes include user’s profile attributes such as first name, last name, fullname, username, email, custom profile attributes, and user groups, etc.
  • The next section on the same window is for adding a policy for your app.
  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, add-policy
  • Select a Group Name as Default for making Shopify as Identity Provider.
  • Give a policy name for Custom App in Policy Name.
  • Select the Login Method as Password for using Shopify as Identity Provider
  • Click on Save button to add a policy for Apps (Single Sign-On).

Configure Service Provider (SP)

  • From the list of Apps configured, you can locate the app you created, you can see the Metadata option present in front of that specific app.
  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, click-on-metadata
  • Click on the Metadata option, you will get a window similar to:
  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, view metdata
  • If you want to make it quick and easy, click on the Download Metadata button to get XMl file which you can upload while configuring SP.
  • When you want to make Shopify as the Identity Provider, you have to use different set of URLs listed under "Information required to Authenticate with External IDPs" heading (as shown in the following image)
  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, download-metadata

Configure Single Sign-On (SSO) Settings for OAuth Apps:

  • Click on OAuth/OIDC tab. and search for your Application. If you can't find your application in the below list then select Custom OpenID Connect APP and you can also submit your app request to add the application as a pre-integrated app


  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, selectapp
  • You can add any OAuth Client app here to enable Shopify as OAuth Server . Few popular OAuth client apps for single sign-on are Salesforce, WordPress, Joomla, Atlassian, etc.
  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, custom-oauth
  • Enter the Client Name.
  • Make sure Redirect-URL is in this format https://< mycompany.domain-name.com >.
  • Add Description if you required.
  • Single Sign-On (SSO) for Shopify (Plus and Non Plus), SAML SSO, client-id
  • Click on Save button.
  • You can edit Application by using the following steps:

    • Login as a customer from the Admin Console.
    • Go to Apps >> Manage Apps.
    • Search for your app and Click on edit in Action menu against your app.
    • Provide the required settings to your OAuth Client Application in which you want Single Sign On via Shopify As Identity Provider:
    • Application Name Enter Application Name
      Client Name Enter Client Name
      Client ID Enter Client ID
      OAuth Authorize URL https://<store.xecurify.com>/moas/broker/login/oauth/<customerid>
      -Use this endpoint when you want use Shopify as Identity Provider
      OAuth Token Endpoint URL https://<store.xecurify.com>/moas/rest/oauth/token
      OAuth User Info Endpoint URL https://<mycompany.domainname.com>/moas/rest/oauth/getuserinfo

Step 3: Test the Single Sign On

  • Initiate Single Sign On(SSO) from the configured Application.
  • It will redirect you to Shopify Store Login Page if user is not already logged in to store .
  • Enter Your Shopify Store customer credentials .
  • After Successful authentication you’ll be redirected back to configured Application and you’ll be logged in.

Let's begin, Single Sign-On (SSO) with popular Service Providers

 docebo lms as SP with Shopify IDP
Invision Community as SP with Shopify IDP
Craft CMS as SP with Shopify IDP
Kajabi as SP with Shopify IDP
Shopify as SP with Shopify IDP
Thinkific as SP with Shopify IDP
Tableau as SP with Shopify IDP
Zoom as SP with Shopify IDP
Moodle as SP with Shopify IDP
NextCloud as SP with Shopify IDP
Zoho as SP with Shopify IDP
Cognito as SP with Shopify IDP
Talent LMS as SP with Shopify IDP
Owncloud as SP with Shopify IDP
Canvas LMS as SP with Shopify IDP
Absorb LMS as SP with Shopify IDP
RocketChat as SP with Shopify IDP
AWS as SP with Shopify IDP
WordPress as SP with Shopify IDP
Zendesk as SP with Shopify IDP
Salesforce as SP with Shopify IDP
WordPress as SP with Shopify IDP


Your preferred SP is not mentioned? Contact us at shopifysupport@xecurify.com and we'll help you with SSO setup.
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com