ServiceNow Single Sign-On (SSO) using Shopify Store as Identity Provider

Overview

ServiceNow Single Sign On (SSO) using your Shopify store. miniOrange provides a ready-to-use solution for your Shopify store. This solution ensures that you are ready to roll out secure access to your ServiceNow LMS using Shopify Store credentials within minutes.

Login using the Shopify ( Shopify Store as SAML IDP ) application gives you the ability to use your Shopify store credentials to log into ServiceNow LMS. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between the ServiceNow LMS as a Service Provider and the Shopify store as an Identity Provider.

Pre-requisites: Store as IDP - SSO Login Application

To configure SSO into ServiceNow LMS with Shopify as IDP, you will need to install the miniOrange: Store as IDP- SSO Login Application on your Shopify store.

Configuration Steps

Step-by-Step Guide for configuring SSO into ServiceNow LMS using Shopify Store as IDP

Step 1: Configure Shopify Store as IdP (Identity Provider)

• Go to your shopify store, click on Apps tab and select Store as IDP-SSO login application.

• Click on the Setup Application button in the left navigation bar.

• From the left navigation bar select Apps and click on Add Application button.

• Go to SAML tab and search for Custom SAML and select Custom SAML Application.

• In the Add Application Section and Add Policy Section, enter the values by refering the below table.

• Click on the Save button to save your configuration.
• Now navigate to Select option and choose Metadata tab.

• Now copy the Metadata URL under INFORMATION REQUIRED TO AUTHENTICATE VIA EXTERNAL IDPS section. This will be used in furthur steps.

You have completed Shopify side configurations.

Step 2: Configure SAML in ServiceNow

• Login to ServiceNow as the system administrator.
• Activate the Integration - Multiple Provider Single Sign-On Installer plugin by doing the following:
• Search for plugins in the Filter navigator (top left input field).
• Search for Integration - Multiple Provider Single Sign-On Installer from the search bar at the top of the Plugins page:
• Right-click on the correct plugin, then select Activate/Upgrade:



• This completes the installation of the Multiple Provider Single Sign-On plugin, allowing you to now configure Single Sign-On settings within ServiceNow.

• Search for Multi-Provider SSO in the Filter navigator (top left input field). Select Identity Providers.
• Click the SAML2 Update1 > Name. Select Configure > Form Design from the Additional actions menu.

• The new Form Design tab should appear. Set the Sign LogoutRequest field after Sign AuthnRequest.
• Click Save (top right). Close the Form Design tab.

Step 3: Configure Shopify in ServiceNow

• Go back to the Identity providers menu. Click New.

• Select the SAML2 Update1 option.

• An Import Identity Provider Metadata pop-up dialogue appears.
• Enter the Metadata URL you have copied from Step 2. Click on Import butto.

• Check Active. Check Default (if you want this SAML configuration to be the default).
• In the user field, specify the ServiceNow user attributes that you will be matching against miniOrange with SAML. By default, this is user_name, but can be configured to match other attributes such as email, depending on your use-case.
• Enter the following Identity Provider's SingleLogoutRequest URL: Sign into the miniOrange Admin Dashboard to generate this variable.
• Change the Protocol Binding for the IDP's SingleLogoutRequest to the following: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
• Check Create AuthnContextClass.
• Signing/Encryption Key Alias: Enter the alias name you created for the SAML 2.0 Keystore. By default, the integration looks for the alias saml2sp.
• Signing/Encryption Key Password: Enter the password to your SAML 2.0 Keystore. By default, the password is the same as the default alias name.
• Check Force AuthnRequest if you want to enable Force AuthnRequest.
• Check Sign LogoutRequest and Uncheck Auto Provisioning User.
• Uncheck Update User Record Upon Each Login. Your settings should look like this:

• Click Update. Click Generate Metadata: The new metadata tab appears.
• Save the X509Certificate value.

• Create a file in a text editor in the following format:

      -----BEGIN CERTIFICATE-----
          [your X509Certificate value]
          -----END CERTIFICATE-----
         

• Save the text file as servicenow_slo.cert: and close the metadata tab.
• Select Properties under Administration from the Multi-Provider SSO sidebar on the left.
• Check Enable multiple provider SSO.
• Uncheck Enable Auto Importing of users from all identity providers into the user table. Click Save.

You have completed ServiceNow side configurations.

Step 4: Testing SSO for ServiceNow

• Go to your ServiceNow Application login page.
• Click on the login button you customized earlier. You’ll be redirected to the login page of the Shopify store.

• Enter your Shopify Store login credential and click on Login. You will be automatically logged in to your ServiceNow Application account.

You have configured Shopify as Identity Provider for your ServiceNow Application application.

Let's begin and Setup Single Sign-On (SSO) with popular Service Providers

Additional Resources

• Shopify Security Solutions
• Shopify Single Sign-On (SSO)
• Shopify Content restriction
• Shopify Subscription
• Convert Shopify Store into LMS platform

Get in Touch

Please reach out to us at shopifysupport@xecurify.com, and our team will assist you with setting up the application. Our team will help you to select the best suitable solution/plan as per your requirement.