Setup Single Sign-On (SSO) into the Shopify Store using OAuth
Shopify Single Sign-On (SSO) Login application enables login into a Shopify store using multiple Identity Providers (IDPs) through the OAuth protocol. It supports advanced Single Sign-On (SSO) features like user profile attribute mapping, role mapping, and more. To learn about other features in our Shopify Single Sign-On application, click here.
Pre-requisite: Shopify Single Sign-On (SSO) Application
To configure SSO into Shopify with different IDPs, you must install the miniOrange Shopify Single Sign On - SSO Login Application on our store.
miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify store (both plus and non-Plus).
Step-by-Step Guide for Configuring Shopify Single Sign On (SSO) Application using OAuth
1. Get Callback URL (Redirect URI) from Shopify
- Go to your Shopify store & navigate to the App section and click on Single Sign On - SSO login application.
- Click on the Add Identity Provider button to add your IDP.
- Select OAuth 2.0 protocol.
- Now choose Custom IDP from the list of IDPs.
- Copy the OAuth Callback URL and keep it handy as it will be used in further steps.
You have successfully obtained the Callback URL (Redirect URI) from Shopify.
2 Configuring Shopify as SP in your OAuth IDP
- Go to the developer's console of your preferred OAuth Server.
- Create a new Application. Enter the basic details required for creating an application.
- Now, you will need to configure the Callback/ Redirect URL copied from Step 1
- Select proper scopes based on the OAuth Server. The Same scopes will be required to configure in the Shopify SSO Application during OAuth IDP configurations.
- Once, all the required details are entered. Please Save the configurations.
- After saving the configurations, your IDP will provide Client ID & Client Secret for your recently configured application. These details are also required while setting up the OAuth Server in Shopify Single Sign-On Application.
You have successfully configured Shopify as SP in your OAuth IDP
3 Configure OAuth IDP in Shopify
- Navigate back to the miniOrange Single Sign On-SSO application and click on the Add Identity Provider button.
- Select OAuth 2.0 protocol.
- From the list of IDPs, select Custom IDP.
- Provide the required configurations:
- Click on Save.
- We support all standard IDPs like AWS Cognito, Azure B2C, Salesforce, Google, Facebook, LinkedIn, Apple, Discord, etc.
| IDP Display Name | Enter a display name of your choice |
| Client ID | Client ID of your configured IDP from Step 2 |
| Client Secret | Client Secret of your configured IDP from Step 2 |
| OAuth Authorize Endpoint |
https://<url_based_on_idp>/authorize |
| OAuth Access Token Endpoint | https://<url_based_on_idp>/token |
| OAuth Get User Info Endpoint | https://<url_based_on_idp>/getuserinfo |
| Scope | Provide valid scopes as per your IDP |
You have now completed the configuration for OAuth IDP into your Shopify SSO Application
4. Test Connection
-
After saving the IDP configuration, you will be redirected to the Test Connection step.
Perform a test connection before mapping or fetching attributes, a test connection ensures that your IDP configuration is correct. - Click on Test Connection.
- On entering valid IDP credentials you will see a pop-up window which is shown in screen below.
- Click on the Fetch Attributes to fetch the IDP attribute.
5. Attribute Mapping
- Click on the + Attribute Mapping button to map attributes between Shopify and your IDP.
- Map the attributes by referring the table below:
- Click on Save.
- Navigate to the application home page. Click More actions against the configured IDP, and click on Make Default to set your IDP as default.
| Attribute Name in Shopify | Choose the attribute from the list of predefined attributes |
| Attribute Type | IDP Attribute |
| Attribute Value | Select the attribute value you have fetched from your IDP |
6. Testing SSO for your Shopify Store
- Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
- Click on the login button you customized earlier.
- You’ll be redirected to the login page of the IDP you configured in the previous step. Log in with your IDP account credentials.
- You’ll be successfully logged in to your Shopify store.
7. Restrict SSO based on the IDP Attributes
- You can control access to your Shopify Store by setting rules that allow or deny entry based on specific user attributes. For instance, you can restrict access to certain store sections for users with a particular tag or domain.
- Navigate to Apps and then select the miniOrange Single Sign On – SSO application.
- Navigate to the Store Access Restrictions section in the Advanced Settings.
- Enable the Based on IDP User Profile Attributes feature. Click on + Add Attribute to add an attribute as shown in the below image.
- If the attribute name from IDP matches the blocked attribute value, the user will be redirected to the blocked page after they SSO into the Shopify store.
- Click on Save.
- Example: If the blocked attribute name is “domain” and its value is “@gmail.com”, then all customers with a @gmail domain will be redirected to the blocked page after they perform SSO to the Shopify store.
8. Store Access Exclusively for Logged-In Users
- "Protect Complete Store with SSO" grants exclusive access to your Shopify store, ensuring that only logged-in users can access it. Any non-logged-in user attempting to access any page of your Shopify store will be redirected to the password page.
- Note: For the following steps, ensure that you have enabled password protection on your Shopify store.
- To configure your complete store with OTP Verification, you need to obtain a storefront_digest cookie.
- Go to your Shopify store. Right-click on the page and select the "Inspect" option.
- Now, navigate to the Application section and select the Cookies option from the left menu. Choose your store and search for storefront_digest. Copy the value associated with this cookie.
- Navigate to Apps and then select the miniOrange Single Sign On – SSO application.
- Go to Advanced Settings and then Store Access Settings. Under the Complete Store Protection section, paste the storefront_digest cookie value in the Store Token field, as shown in the image below.
- Click on Save.
- Now, go to https://<your-store-domain>/password and click on Enter using Password in the top right corner.
- After that, click on the SSO Login widget to initiate the Single Sign-On process. For example; Let us name our widget "Login with Okta" as shown in the below image.
Hence you have successfully configured Shopify Single Sign-On (SSO) using your Custom IDP and Shopify as a Service Provider. using the miniOrange Single Sign-On (SSO) login application. This solution ensures that you are ready to roll out secure access to your Shopify store using IDP login credentials within minutes.
Troubleshooting
invalid_request
This may be because your primary domain would be different from your Shopify domain. To check your primary domain and make SSO work, follow the steps given here.
shopify_plan_expired
This issue arises when either the trial period of your Development plan is expired. Or if your plan is not auto-renewed from the Shopify end. Contact us at shopifysupport@xecurify.com to resolve the plan upgrade issue and get smooth functioning of the SSO – Single Sign On Application.
invalid_attributes_received
As email is a required entity in Shopify for account creation as well as login operation, Single Sign On is not successful in this case. To resolve this error, please follow given here.
encountered_an_error
When I am performing SSO, I am getting ‘Please verify if Shopify App is installed’ error. To resolve this error, please follow given here.
If your error or query is not listed here, click here to see others.
Frequently Asked Questions (FAQs)
I have followed the steps to set IdP but where can I check SSO?
Follow the steps outlined here. to configure SSO in Shopify with your preferred IDP.
I installed the Shopify SSO application. I clicked on the “SETUP IDP” option but nothing opened up.
Redirection to any other site might be blocked in the browser. Please follow the steps given here to resolve the issue.
When I try to perform SSO, I get redirected to the “Incorrect App Configuration” page.
You might be trying to perform SSO in the different tab of the same
browser where you have opened our Single Sign-On – SSO Application or
accessed the configuration portal of our application. In this case,
SSO will be restricted due to security reasons.
Try to perform Single Sign On in a
new incognito/private window or in a
different browser in order to make SSO work.
After performing SSO, I want my customers to redirect to the collections or discount offer page.
Follow the steps outlined here. to redirect your customer to collections/cart or any other page.
Choose your preferred Identity Provider and start setting up SSO for Shopify right away
Additional Resources
If you are looking for anything which that you cannot find, please drop us an email at shopifysupport@xecurify.com
Need Help? We are right here!
