nopCommerce SAML Single Sign-On (SSO) with Azure AD as IDP
nopCommerce SAML Single Sign-On (SSO)
plugin gives the ability to enable SAML Single Sign-On for your nopCommerce
applications. Using Single Sign-On you can use only one password to access
your nopCommerce application and services. Our plugin is compatible with all
the SAML compliant identity providers. Here we will go through a step-by-step
guide to configure Single Sign-On (SSO) between nopCommerce and Microsoft
Entra ID (formerly Azure AD) considering Azure AD as IdP. To know more about
the features we provide for nopCommerce SSO, click
Pre-requisites : Download And Installation
Download from nopCommerce Dashboard
To download the plugin zip, login as admin into your nopCommerce store. In
the admin dashboard, go to Configuration Tab > All Plugins and
Themes or search for All Plugins and Themes in the Admin search bar.
Search for the SAML Single Sign-On (SSO) - miniOrange plugin and
click the Download button to get the zip.
To install the plugin, login as admin into your nopCommerce website. In the
admin dashboard, go to Configuration Tab >> Local plugins.
On the top right corner of the page select the
Upload plugin or theme button to upload the downloaded plugin zip.
Follow the instructions further to install the plugin.
Steps to configure nopCommerce Single Sign-On (SSO) using Azure AD as Identity
1. Configure Azure AD as IDP
You need to send your SP metadata to identity provider, Microsoft Entra ID
(formerly Azure AD). For SP metadata, use the SP metadata URL or download
the SP metadata as a .xml file and upload it at your IdP end. You can find
both these options under the
Service Provider Metadata tab.
Alternatively, you can manually add the SP Entity ID and ACS URL from
Service Provider metadata tab in the plugin to your IdP
In the Redirect URL field, provide the ACS URL provided in
Service Provider Metadata tab of the plugin and click
on Register button.
Navigate to Expose an API from left menu panel.
Click the Set button and replace the
APPLICATION ID URL with the plugin's SP Entity ID.
Please ensure that the SP Entity ID value from the Service Provider
Metadata tab doesn't have a trailing slash('/'). If SP Entity ID has a
trailing slash then update it by removing the trailing slash from the SP
EntityID / Issuer field under the Service Provider Metadata tab of the
plugin, enter the updated value at Azure and click on the Save button.
Go back to Azure Active Directory ⇒
App Registrations window and click on
This will navigate up to a window with multiple URLs.
Copy the Federation Metadata document URL to get the
Endpoints required for configuring your Service Provider.
You have successfully configured Microsoft Entra ID (formerly Azure AD)
as SAML IdP ( Identity Provider) for achieving Azure AD SSO login into
your WordPress (WP) Site.
2. Configure nopCommerce as SP (SSO Plugin)
Note: After installation of the plugin, we need to setup the trust
between your nopCommerce application and your Azure AD account. SAML metadata
is shared with Microsoft Entra ID (formerly Azure AD) so they can update their
inbuilt configuration to support Single Sign-On.
2.1: Share SP SAML metadata with Azure AD
Click on Add New IDP to configure nopCommerce Single Sign-On (SSO)
using Microsoft Entra ID (formerly Azure AD) as IDP.
Under Service Provider Metadata tab, you can either copy-paste the
metadata URL on your IDP side or download the SP metadata as
an XML file. Additionally, you have the choice to manually copy and paste
Base URL, SP Entity ID, and ACS URL.
Share SAML metadata with Azure AD.
2.2: Import Azure AD SAML metadata
Under Identity Provider Settings tab, select Azure AD as your
preferred identity provider.
There are two methods for configuring nopCommerce as service provider:
To upload IDP's metadata, you can either provide the
metadata URL or upload XML file.
Alternatively, under the Identity Provider Settings tab, you can
manually fill in the mandatory fields like IDP Name,
IDP Entity ID and Single Sign-On URL and hit Save.
3. Testing SAML SSO
Before testing, please ensure the following:
The nopCommerce (SP) SAML metadata has been exported to Azure AD (IDP).
Importing the Azure AD (IDP) SAML metadata in nopCommerce (SP).
if you haven't already configured MFA on Azure AD. You can also disable
MFA for Microsoft Entra ID (formerly Azure AD) by clicking
Hover on Select Action and click on the
Test Configuration button to verify if you have configured the plugin
Click the Test Configuration button to verify if you have configured
the plugin correctly.
On successful configuration, you will get Attribute Name and Attribute
Values in Test Configuration window.
4. Attribute Mapping
After successful test configuration, click on
Edit Configuration and navigate to Attribute Mapping section.
On the right side, you can see the IDP response table, map attribute names
provided by your IDP with your store attributes, under
Attribute/Role Mapping tab.
Click on Save button.
5. Enabling SSO in your nopCommerce store
Enable SSO for your nopCommerce store by dragging the slider as shown below.
Under the Redirection & SSO link tab, use the URL labeled as
Your Store SSO Link in your store to initiate the SSO.
Not able to find your identity provider? Mail us on
and we'll help you set up SSO with your IDP and for quick guidance (via
email/meeting) on your requirement and our team will help you to select the
best suitable solution/plan as per your requirement.
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.