Setup Single Sign-On (SSO) into the Shopify Store using OAuth

Shopify Single Sign-On (SSO) Login application enables login into a Shopify store using multiple Identity Providers (IDPs) through the OAuth protocol. It supports advanced Single Sign-On (SSO) features like user profile attribute mapping, role mapping, and more. To learn about other features provided in our Shopify Single Sign-On application, click here.

Pre-requisite : Shopify Single Sign-On (SSO) Application

To configure SSO into Shopify with different IDPs, you will need to install the miniOrange Shopify Single Sign On - SSO Login Application on our store.

Step-by-Step Guide for Configuring Shopify Single Sign On (SSO) Application using OAuth

1. Get a callback URL from Shopify

• Go to your Shopify store and navigate to the App section. Click on Shopify Single Sign-On (SSO) Login


• Click on the Setup IDP button in the left navigation bar.

• In the right upper corner, select Add Identity Provider.

• Select OAuth 2.0

• Copy OAuth Callback URL. This URL is required for creating an OAuth application on the OAuth Provider.

You have successfully obtained the Callback URL from Shopify.

2 Configuring Shopify as SP in your OAuth IDP

• Go to the developer's console of your preferred OAuth Server.
• Create a new Application. Enter the basic details required for creating an application.
• Now, you will need to configure the Callback/ Redirect URL copied from Step 1
• Select proper scopes based on the OAuth Server. The Same scopes will be required to configure in the Shopify SSO Application during OAuth IDP configurations.
• Once, all the required details are entered. Please Save the configurations.
• After saving the configurations, your IDP will provide Client ID & Client Secret for your recently configured application. These details are also required while setting up the OAuth Server in Shopify Single Sign-On Application.

You have successfully configured Shopify as SP in your OAuth IDP

3 Configure OAuth IDP in Shopify

• Go to your Shopify store navigate to the App section and click on Single Sign On -SSO login application.
  
  
• Click on theSetup IDP button in the left navigation bar.
  
  
• In the right upper corner, select Add Identity Provider.

• Select OAuth 2.0

• Select the App Name which you want to configure as IDP.
• Provide the required settings:

App Display Name	Enter a display name of your choice
Client ID	Client ID of your configured IDP from Step 2
Client Secret	Client Secret of your configured IDP from Step 2
OAuth Authorize Endpoint	https://<url_based_on_idp>/authorize
OAuth Access Token Endpoint	https://<url_based_on_idp>/token
OAuth Get User Info Endpoint	https://<url_based_on_idp>/getuserinfo
Scope	Provide valid scopes as per your IDP

• We support all standard IDPs like AWS Cognito, Azure B2C, Salesforce, Google, Facebook, LinkedIn, Apple, Discord, etc.

You have now completed the configuration for OAuth IDP into your Shopify SSO Application

Additional Settings

1. Attribute Mapping

This feature can be used to map user attributes coming from Identity Provider into your Shopify store customer profile.

• Go to Single Sign On - SSO Application from Admin Dashboard.
• Scroll down to the Attribute Mapping Section.
• Enter the attribute values or 'keys' like email, first name, last name, etc. from your Identity provider to map them into your store’s customer profile.
• Save your configurations.


2. Domain Mapping

• If your primary domain is different than your Shopify domain then add your primary domain URL in the Domain settings section of Single Sign On - SSO Application.
Note: Remove “https:” and slashes from the URL while adding it here.


• Save your configurations.


3. Restrict Page Access

• Navigate to the Additional Settings section in the application dashboard.

• Enable the Restrict Page Access option. Click on the + icon and add a page extension (eg: /account) as shown in the above image to restrict access to that page.
• Click on Save.

4. Block SSO based on attributes from the IDP

• Navigate to the Additional Settings section in the application dashboard.

• Enable the Block SSO based on attributes from IDP option. Click on the + icon and add an attribute as shown in the above image. If the IDP value matches the blocked attribute value, the user will be blocked from logging into the Shopify store.
• Click on Save.

5. Configuration on Shopify Store Admin Page

• Go to your Shopify store admin page.
• In the left section, click on the Online Store and select Preferences.
• Scroll down to the Spam Protection section and uncheck the second option "Enable Google reCAPTCHA on login, create account and password recovery pages"
• Save your changes.


6. Testing IDP configuration

• Go to your Shopify Store login page.
• Click on thelogin button you customized earlier.
• You’ll be redirected to thelogin page of IDP you configured earlier. Enter your account credentials
• You’ll be successfully logges in to your Shopify store.

7. Restrict Complete Store to logged-in users

• If you want to restrict Shopify Store to only logged-in users please follow the below steps and If you want to allow SSO only from the /account/login page you can skip this step.



Prerequisite : You should have enabled password protection on your Shopify store



• You need to get a storefront_digest cookie for configuring the complete store with OTP Verification. Right-click on your keyboard and click on Inspect option.

• Now navigate to the Application section and then select the Cookie option in the left menu. Select your store and search for Storefront_digest. Copy this Value.

• Paste the storefront_digest cookie value in the store access cookie section as shown below and then click on the Save button.

• Now go to https://< your-store-domain >/password and click on Enter using Password in the top right corner. After that click on the Login widget to initiate the SSO.

Hence you have successfully configured Single Sign-On (SSO) into the Shopify store using your application as an Identity Provider.

---

Free Trial

If you don't find what you are looking for, please contact us at shopifysupport@xecurify.com or call us at +1 978 658 9387 to find an answer to your question about Shopify Single Sign-On (SSO).