Search Results :

×
Sign Up Contact Us

This use case explores how Shopify B2B merchants can manage access at an organizational level, whether across multiple companies, departments within a single company, or vendors without a centralized Identity Provider (IdP). When users log in through their company’s IdP, attributes such as company or department are used to assign tags in Shopify, ensuring the right level of access and visibility. With robust solutions such as Shopify Single Sign-On (SSO), SCIM-based user sync, and Content Restriction from miniOrange, merchants can simplify company provisioning in Shopify by assigning customer tags based on IDP attributes, streamlining department-based access, and implementing vendor-specific content restrictions within their store.

In this section, we'll discuss everything from requirements and implementation process to results.

  • Key Requirements:
usecase card logo

Single Sign-On SSO

Enable single sign-on into Shopify using identity provider credentials.

Install Application
usecase card logo

SyncUP: User Sync

To sync users & courses between Shopify and platforms using SCIM.

Install Application

  • Features that will play an important role:
usecase card logo

LockOn Content Restriction

Restrict product visibility or pricing based on customer tags and email domains.

Install Application

Scenario 1: Company-Based Access Using Different IDPs

I manage a Shopify B2B store that lists products from multiple partner companies, some with multiple departments. Each company has its own Identity Provider (IDP), and its employees need to log in and view their respective product catalogs. I wanted to enable B2B users to log into Shopify through their respective IDPs and ensure that users are assigned tags in Shopify based on their corresponding IdP attributes (company or department).


We also needed to restrict Shopify content by company or department. For example, only users from Company A should see Company A's products or pricing, and department-specific users should see only their assigned catalog.


Requirements:

  • Allow B2B customers to log in through their respective company’s IdP.
  • Redirect users to the appropriate IdP for Shopify login.
  • Assign customer tags in Shopify based on IDP attributes (e.g., company or department).
  • Restrict product visibility or pricing based on these tags to implement company or department-based access for Shopify B2B customers.

Scenario 2: Department-Based Access Within a Single Company

I run a Shopify store for a large organization that manages all its employees under one Identity Provider. The organization includes several departments, and each department should have access only to relevant store sections. We required an automated solution for Shopify organization provisioning to synchronize and update these permissions in real-time, in the event that employees’ roles changed.


Requirements:

  • Provision users in Shopify from IdP (identity provider) based on department data.
  • Automatically update roles and tags if an employee changes departments or leaves the company.

Scenario 3: Vendor Access Without an Identity Provider

I needed to provide store access to third-party vendors who do not have a centralized Identity Provider. These vendors log in to the Shopify store using the default login with OTP method for B2B. However, I still wanted to grant certain benefits or access to some vendors based on their company through Shopify company assignment.


Requirements:

  • Identify vendors using their email domain.
  • Provision companies and assign access rules using email domain-based login in Shopify.
  • Implement domain-based vendor provisioning in Shopify to tailor content visibility without manual updates or hassles.

Solution 1: Shopify SSO + LockOn

The Shopify Single Sign-On solution from miniOrange allows users to log in using their respective company’s identity provider. Users are redirected to their respective IDP to perform SSO, and upon successful authentication, they are automatically provisioned in Shopify based on their IDP attributes (company or department) with the help of tags.


To restrict content visibility as per these tags, the LockOn-Restrict Store app is used. This app enables merchants to assign access rules based on the user tags. Merchants can either display specific catalogs or show customized product pricing per company or department. This way, each user only sees the content relevant to their group, streamlining wholesale access and purchasing.

Shopify SSO + LockOn Solution

Solution 2: SCIM-Based Provisioning

The SyncUP solution enables real-time Shopify organizational roles and access provisioning for departments within a company. If any employee data changes in the company's IDP, e.g., a new employee joins or an existing employee switches departments or leaves the company, the user sync solution updates or deactivates the Shopify customer profile in real-time.


Real-time role provisioning through SCIM in Shopify helps merchants manage access for departments within the company efficiently. It also ensures dynamic access updates for department changes in Shopify, reducing manual workload and improving security.

SCIM-Based Provisioning

Solution 3: Content Restriction

In the absence of an identity provider, the LockOn Content Restriction application allows Shopify B2B store owners to set access policies for vendors that log in using Shopify's default email OTP flow. By mapping email IDs to specific companies, LockOn enables domain-based vendor provisioning in Shopify, assigning relevant tags and restricting or displaying content as needed.


This approach ensures seamless email domain-based provisioning in Shopify, even for vendors who do not have an IDP, and helps maintain tailored store experiences.

Content Restriction for Vendor Access
  • Enable Shopify login using company email domain with support for multiple Identity Providers, allowing users to authenticate through their organization-specific IDPs.
  • Map essential user details like name, email, and department directly from the IDP to Shopify customer accounts, using attribute mapping to automate Shopify Company provisioning.
  • Maintain up-to-date user data with two-way profile sync between Shopify and the IDP, ensuring dynamic access updates for department changes in Shopify.
  • Facilitate email domain-based access in Shopify by restricting store visibility and login to verified domains, supporting secure domain-based vendor provisioning in Shopify.
  • Apply Shopify tag-based restrictions to control access to pages, products, and collections, aligning store visibility with company or department-specific roles.

By implementing miniOrange's comprehensive Shopify provisioning solutions, B2B merchants were able to offer a seamless login flow tailored by company or department, ensuring that each user is routed to the correct authentication method and store view. Customer roles were automatically assigned and updated based on IDP data or email domains, minimizing the need for manual tagging or access configuration.


Additionally, implementing auto role provisioning through SCIM in Shopify, access control, and deprovisioning helped merchants save significant time and reduce administrative effort. These capabilities allowed stores to maintain secure, role-based access while keeping the login process simple and intuitive for users across different organizational structures.

Schedule a Demo

mo-form

 Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again

Table of Contents

Hello there!

Need Help? We are right here!

support