Search Results :

×

nopCommerce OAuth Single Sign-On (SSO) with Okta as OAuth Provider


nopCommerce OAuth Single Sign-On (SSO) module gives the ability to enable OAuth Single Sign-On for your nopCommerce store or site. Using Single Sign-On you can use only one password to access your nopCommerce store or site and services. Our module is compatible with all the OAuth-compliant identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between nopCommerce and Okta considering Okta as OAuth Provider.

Pre-requisites: Download and Installation

  • Download the nopCommerce OAuth Single Sign-On (SSO) module.
  • To install the plugin, login as admin into your nopCommerce site or store. In the admin dashboard, navigate to Configuration Tab >> Local plugins.
  • On the top right corner of the page select the Upload plugin or theme button to upload the downloaded plugin zip. Follow the instructions further to install the plugin.

Steps to configure nopCommerce OAuth Single Sign-On (SSO) using Okta as Identity Provider

1. Configure Okta as IDP

  • First of all, go to https://www.okta.com/login and log into your Okta account.
  • Go to the Okta Admin panel. Go to Applications -> Applications.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Add App Shortcut
  • You will get the following screen. Click on Create App Integration button.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Add Application
  • Select sign in method as the OIDC - OpenID Connect option and select Application type as web application, click on Next button.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Select Methods
  • You will be redirected to the app details page. Enter App integration name and Sign-in redirect URIs. you will get that from miniOrange nopCommerce OAuth Plugin
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - callbackURL
  • Scroll down and you will see the Assignments section. Choose a controlled access option and uncheck the Enable immediate access with Federation Broker Mode option. Click on Save button.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Unchecked Box
  • Now you will get the Client credentials and okta domain. Copy these credentials in miniorange nopCommerce OAuth Plugin configuration on corresponding fields.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - clientcredentials
  • Go to Applications tab and Click on your application.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Select App
  • Select the Assignments tab.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - assignment
  • Click Assign and select Assign to People.
  • If you want to assign the application to multiple users at the same time then select Assign to Groups [If an app is assigned to a group then, the app will be assigned to all the people in that group]
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - select assign people
  • Click Assign next to a user name.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - click on assign
  • Click Save and Go Back.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - go back
  • Click Done.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Click on Done
  • In your Okta admin dashboard, navigate to Security -> API.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Navigate to API
  • Select your SSO application and click on the edit icon.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Click on Edit
  • Go to claims tab and select the ID token option.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Select ID Token
  • click on Add claim button.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Add claims
  • Give a Name to your claim/attribute and Select ID Token from the token type dropdown. Now, enter the value user.$attribute in the Value field based on the attribute you want to receive. Keep other settings as default and click on Create button.
  • okta Single Sign-On (SSO) OAuth/OpenID WordPress create-newclient login button setting
  • Follow the similar steps for all the attributes you want to see. You will have a list similar to the below one.
  • okta Single Sign-On (SSO) OAuth/OpenID WordPress create-newclient login button setting

You have successfully configured Okta as OAuth Server (identity provider) for achieving SSO login into your nopCommerce application.

2. Configure nopCommerce as SP

  • Under the Configure OAuth/OIDC tab, select Okta from the list of identity providers shown below
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - SAML-compliant identity providers list
  • When you are done configuring your identity provider, you will get client ID, client secret and all required authentication endpoints.
  • Copy the Redirect/Callback URL from the plugin and provide it to your identity provider to configure it on their side.
  • Fill the rest acquired details into the corresponding fields shown below:
  • Click on Save.
  • Note: Please make sure the Enable SSO checkbox is ticked.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Fill in identity provider's endpoints

3. Testing OAuth SSO

  • Click on Test Configuration to verify if you have configured the plugin correctly.
  • On successful configuration, you will get attributes name and attribute values in the test configuration window.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Testing OAuth SSO test configuration

4. Attribute Mapping

  • Under Attribute/Role Mapping tab, map the attribute names provided by your identity provider with your nopcommerce store attributes.
  • Click on Save button.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Attribute Mapping

5. Adding SSO link for your nopCommerce store

  • Under the Redirection & SSO Link tab, use the URL labelled as Your Store SSO Link in your store to initiate the SSO.
  • nopCommerce OAuth Single Sign-On (SSO) using Okta as IDP - Attribute Mapping

You can even configure the Umbraco SAML Single Sign-On (SSO) module with any identity provider such as ADFS, Azure AD, Bitium, centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider. To check other identity providers, click here.

Additional Resources


Need Help?

Not able to find your identity provider? Mail us on nopcommercesupport@xecurify.com and we'll help you set up SSO with your IDP and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com