Search Results :

×

OAuth Single Sign-On (SSO) For Shopify Using Microsoft Entra ID (Azure AD) as an Identity Provider

miniOrange allows Microsoft Entra ID (OAuth) to act as an IDP (Identity Provider), which allows users to Single Sign-On (SSO) into Shopify using Microsoft Entra ID (Azure AD) Credentials. Our application is compatible with all the SAML / OAuth-compliant Identity Providers. We will go through a step-by-step guide to configure Single Sign-On (SSO) into Shopify using Microsoft Entra ID (Azure AD) as IdP (OAuth) (Identity Provider) and Shopify store as SP (Service Provider).

To configure SSO into Shopify with Microsoft Entra ID (Azure AD) (OAuth) as IDP, you will need to install the miniOrange Shopify Single Sign On - SSO Login application on your store.

Youtube-color Created with Sketch.

Check out our video, to learn more about how Shopify SSO application works in Shopify.


Setup guide for Configuring Microsoft Entra ID (Azure AD) as IDP (OAuth) for SSO into Shopify

  • Go to your Shopify store and navigate to the App section and click on Single Sign On - SSO login application.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - navigate to Shopify SSO App

  • Click on the Add Identity Provider button to add your IDP.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Add Identity Provider

  • Select OAuth 2.0 protocol.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Select OAuth 2.0 Protocol

  • Now choose Microsoft Entra ID (Azure AD) from the list of IDPs.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Choose Azure AD as IDP

  • Copy the OAuth Callback URL and keep it handy as it will be used in further steps.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Copy Callback URL from SSO App

Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Go to Shopify SSO App

  • Now, click on App Registrations and then click on the New Registration option to create a new (Microsoft Entra ID) Azure AD application.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Register New App

  • Configure the following options to create a new application.
    • Enter a name for your application under the Name text field.
    • In supported account types, select 3rd option ‘Accounts in any identity provider or organizational directory (for authenticating users with user flows)’.
    • In the Redirect URI section, select the Platform type as Web and paste the callback URL copied from Step 1.
    • Click on the Register button to create your application.
    Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Register New App

  • After successful application creation, you will be redirected to the newly created application’s overview page. If not, you can go to the app registrations and search the name of your application and you will find your application in the list.
  • Copy your Application ID and save it under your Client ID textbox in your Shopify Single Sign-On (SSO) Login application.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Go to Shopify SSO App

  • Then click on Certificates and Secrets and then click on New client secret to generate a client secret. Enter a description and click on the Add button.
  • Copy the secret value from the certificates & secrets page and store it as a Client secret in your Shopify Single Sign-On (SSO) Login application.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Client Secret

  • Go to Application >> Select the application and go to the API Permissions tab.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Shopify API Permissions

  • Click on the Add permission button, and then Microsoft Graph API -> Delegated Permissions select openid, Profile scope, and click on the Add Permissions button.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Request API Permissions

  • Click on the Grant admin consent for Demo button.
  • Go to the Manifest tab and find groupMembershipClaims change its value to "All" and click on the save button.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Shopify OAuth Manifest

  • Navigate to the Overview section >> Endpoints.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Shopify Endpoints

  • To get the User Info Endpoint, Copy your Tenant ID as Shown in the below image. For Azure AD single-tenant environment append the tenant id in the url https://login.windows.net/tenant-id/openid/userinfo.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Client ID

You have completed Microsoft Entra ID (Azure AD) side configuration.

  • Navigate back to the miniOrange Single Sign On-SSO application.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Go to Shopify SSO App

  • Click on the Add Identity Provider button to add your IDP.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Add Identity Provider

  • Select OAuth 2.0 protocol.
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Select OAuth 2.0 protocol

  • From the list of IDPs, select Entra ID (Azure AD).
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Select Microsoft Entra ID as IDP

  • Now, fill in the required details like Client ID, Client Secret, Endpoints, and Scope.
  • Please refer to the below table for configuring the values.
IDP Display Name Choose appropriate Name
OAuth Authorize Endpoint from Step 3
OAuth Access Token Endpoint from Step 3
Userinfo Endpoint from Step 3
Client ID From step 2
Client secret From step 2
Scope openid
Shopify OAuth SSO using Microsoft Entra ID (Azure AD) - Azure AD SSO configurations

  • Click on Save.

You have configured Entra ID (Azure AD) as an identity provider (IDP) in Shopify.

  • After saving the IDP configuration, you will be redirected to the Test Connection step.
    Please perform Test Connection before mapping or fetching attributes, test connection ensures that your IDP configuration is correct.
  • Click on the Test Connection button.
Test Connection - Shopify OAuth SSO using Microsoft Entra ID (Azure AD)

  • On entering valid Entra ID credentials you will see a pop-up window which is shown in the below screen.
Connection Succesfull - Shopify OAuth SSO using Microsoft Entra ID (Azure AD)

  • Click on the Fetch Attributes button to fetch the IDP attribute.
Fetch Attributes - Shopify OAuth SSO using Microsoft Entra ID (Azure AD)

  • Click on the + Attribute Mapping button to map attributes between Shopify and Entra ID.
Attribute Mapping - Shopify OAuth SSO using Microsoft Entra ID (Azure AD)

  • Map the attributes by referring to the table below:
Attribute Name in Shopify Choose the attribute from the list of predefined attributes
Attribute Type IDP Attribute
Attribute Value Select the attribute value you have fetched from your IDP
Map Attributes - Shopify OAuth SSO using Microsoft Entra ID (Azure AD)

  • Click on Next.

Hence you have successfully configured Shopify Single Sign-On (SSO) using Google as IDP and Shopify as SP using miniOrange Single Sign-On (SSO) login application. This solution ensures that you are ready to roll out secure access to your Shopify store using Google login credentials within minutes.

More FAQs ➔

Follow the steps outlined here to configure SSO in Shopify with your preferred IDP.

Redirection to any other site might be blocked in the browser. Please follow the steps given here to resolve the issue.

Follow the steps outlined here to redirect your customer to collections/cart or any other page.

You must upgrade to the SSO application’s Enterprise plan to enable the Auto-Redirect to the IDP feature. Follow the steps outlined here to enable this feature.


Please reach out to us at shopifysupport@xecurify.com, and our team will assist you with setting up the Shopify SSO application. Our team will help you to select the best suitable solution/plan as per your requirement.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support