Search Results :

×

Configure SSO into your Applications using Shopify Store Credentials

Users can sign in to your Shopify Store using their Shopify Store login credentials when using the Shopify Store as IDP Application. Once a user has logged in to one Store, they can access other applications, including the Shopify store, with a single click - there is no need to log in or sign up again. You can map any user profile attribute to your Application for a login experience that uses their current Shopify Store credentials if desired. Users can use their store credentials to log into any application that supports SAML, OAuth, JWT, or API authentication methods.




To configure SSO into your application with Shopify as IDP, you will need to install the miniOrange: Store as IDP- SSO Login Application on your Shopify store.

Step-by-Step Guide for configuring SSO into your application using Shopify Store as IDP

  • Go to your Shopify store, click on the Apps tab, and select Store as IDP-SSO login application.
SSO using Shopify as IDP - Go to Apps and Select Store as IDP-SSO login

  • From the left navigation bar select Apps and click on Add Application button.
SSO using Shopify as IDP - Click on Add Application

  • Select the protocol that your Application supports in which you want to integrate SSO through Shopify as an Identity Provider
Configure Single Sign-On (SSO) Settings for SAML Apps:

  • Click on the SAML tab and search for your Application.
SSO using Shopify as IDP - search for SAML App

  • If you can't find your application in the below list then select Custom APP and you can also submit your app request to add the application as a pre-integrated app.
SSO using Shopify as IDP - select Custom app

  • Once you select the Custom App option, you will find a window similar to:
SSO using Shopify as IDP - SAML App Window

  • Either you can Copy and Paste all the attributes of the Service Provider (SP), Or you can directly upload an XML file containing relative information.
  • To upload the file, follow these steps: Click on the Import SP Metadata button.
SSO using Shopify as IDP - Import SP Metadata

  • You will get a popup with the following options.
SSO using Shopify as IDP - Enter SP Metadata

  • Below is the description of what each field means (present on the app configuration window).

  • SP Entity ID SP Entity ID is used to identify your app against the SAML request received from SP. Make sure the SP Entity ID or Issuer is in this format: httpss://www.domain-name.com/a/[domain_name]/acs.
    ACS URL Assertion Consumer Service URL defines where the SAML Assertion should be sent after authentication. Make sure the ACS URL is in the format: httpss://www.domain-name.com/a/[domain_name]/acs.
    Single Logout URL A Single Logout URL defines where the user should be redirected after receiving the logout request from SP. You can mention your application logout page URL here. Make sure the Single Logout URL is in the format: httpss://mail.domain-name.com/a/out/tld/?logout.
    Audience URI Audience URI, as the name suggests, specifies the valid audience for SAML Assertion. It is usually the same as the SP Entity ID. If the Audience URI is not specified separately by SP, leave it blank.
    NameID NameID defines what SP is expecting in the subject element of SAML Assertion. Generally, NameID is the Username or Email Address
  • NameID Format defines the format of subject element content, i.e. NameID. For example, Email Address NameID Format defines that the NameID is in the form of an email address, specifically “addr-spec”. An addr-spec has the form local-part@domain, has no phrase (such as a common name) before it, has no comment (text surrounded in parentheses) after it, and is not surrounded by “<” and “>”. If NameID Format is not externally specified by SP, leave it unspecified.
  • You can Add Attributes to be sent in SAML Assertion to SP. The attributes include the user’s profile attributes such as first name, last name, fullname, username, email, custom profile attributes, and user groups, etc.
  • The next section on the same window is for adding a policy for your app.
SSO using Shopify as IDP - Add policy

  • Select a Group Name as Default for making Shopify as an Identity Provider.
  • Give a policy name for the Custom App in Policy Name.
  • Select the Login Method as Password for using Shopify as an Identity Provider
  • Click on the Save button to add a policy for Apps (Single Sign-On).

Configure Service Provider (SP)

  • Now navigate to the Select >> Metadata option against your configured application.
SSO using Shopify as IDP - Get IDP Metadata

  • Now click on Show Metadata Details under INFORMATION REQUIRED TO AUTHENTICATE VIA EXTERNAL IDPS section. Copy down these data as they will be used in configuring Shopify as SP in your IDP.
SSO using Shopify as IDP - Show IDP Metadata
SSO using Shopify as IDP - Copy IDP Metadata

Configure Single Sign-On (SSO) Settings for OAuth/OIDC Apps:

  • Click on OAuth/OIDC tab. and select your Application.
SSO using Shopify as IDP - Click OAuth/OIDC

  • If you can't find your application in the below list then select OpenID Connect APP and you can also submit your app request to add the application as a pre-integrated app.
SSO using Shopify as IDP - Select OpenID Connect

  • You can add any OAuth Client app here to enable Shopify as OAuth Server. Few popular OAuth client apps for single sign-on are Salesforce, WordPress, Joomla, Atlassian, etc.
SSO using Shopify as IDP - Enter SP Metadata

  • Fill out the below fields:
  • Client Name Enter appropriate Client Name.
    Redirect-URL Make sure Redirect-URL is in this format https://<mycompany.domain-name.com>
    Description Add Description if you required
  • The next section on the same window is for adding a policy for your app.
SSO using Shopify as IDP - Add policy

  • Select a Group Name as Default for making Shopify as an Identity Provider.
  • Give a policy name for Custom App in Policy Name.
  • Select the Login Method as Password for using Shopify as an Identity Provider
  • Click on Save button. You will be redirected to the Apps Section.
  • Now navigate to Select >> Edit option against your configured applciation.
SSO using Shopify as IDP - get IDP Metadata

  • Click on the Click to reveal client secret link to reveal the client secret. Copy down the Client ID, Client Secret, and OAuth Endpoints that will be used in configuring Shopify as SP in your IDP.
SSO using Shopify as IDP - Copy SP Metadata

Configure Single Sign-On (SSO) Settings for JWT:

  • Navigate to the External/JET/PwdLess tab and then select External App section.
SSO using Shopify as IDP - Select JWT Protocol

  • Once you select the Custom App option, you will find a window similar to:
SSO using Shopify as IDP - Enter SP Metadata

  • Enter the values by referring the below table.
  • Custom Application Name Choose an appropriate name according to your choice.
    Description Add appropriate description according to your choice.
    Redirect-URL Endpoint of your application, which will receive the JSON Web token and process it.
    Group Name Default.
    Policy Name Add policy name according to your Preference.
    Login Method Password.
  • In case you are setting up SSO with Mobile Applications where you can't create an endpoint for Redirect or Callback URL, use below URL.
    https://login.xecurify.com/moas/jwt/mobile
  • Click on Save button.
Configure Service Provider (SP)
  • Now navigate to Select >> Edit option against your configured applciation.
SSO using Shopify as IDP - get IDP Metadata

    Client ID If your application provides its own client ID, you can configure it by clicking on the Customize button.
    App Secret You can find App Secret by clicking on the icon as shown below.
    Description Add appropriate description according to your choice.
    Signature Algorithm Select your signature algorithm from the dropdown.
    Redirect URL Given below is your app url where you will receive your token.
    RSA 256 : <your_app-login-url> (Here token will be added by the system)
    HS256 : <app-login-url/?id_token=>
You have completed the Shopify side configuration.
  • Navigate to the Additional Settings section and enable the Attribute Blocking feature.
SSO using Shopify as IDP - Attribute Blocking

  • Click on the + button. Enter the Attribute Name (for example: email) and Attribute Value. Select the Condition and click on Save.
SSO using Shopify as IDP - Enter Attribute Value

  • Go back to your Shopify Store Admin Dashboard and navigate to Online Store >> Themes. Click on the Customize button.
SSO using Shopify as IDP - theme customization

  • Click on the App embeds option and enable the Store as IDP Login option as shown in the below image. Click on Save.
SSO using Shopify as IDP - enable login widget

  • When a user clicks on the forgot password button or creates a new user account on the Shopify Store during the SSO process, they will be automatically logged in to the Service provider after successfully changing their password or creating a new account.
  • Initiate Single Sign On (SSO) from the configured Application.
  • It will redirect you to the Shopify Store Login Page if the user is not already logged in to the store.
  • Enter Your Shopify Store customer credentials.
  • After Successful authentication, you’ll be redirected back to the configured Application and you’ll be logged in.

Please reach out to us at shopifysupport@xecurify.com, and our team will assist you with setting up the application. Our team will help you to select the best suitable solution/plan as per your requirement.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support