Single Sign-On for Shopify

miniOrange Provides Secure Single Sign-On (SSO) Access to your Shopify applications(both plus and Non plus Stores).Our SSO integration protocols includes SAML 2.0,OAuth,Open ID with supported IDPs like ADFS, Azure AD, Okta, Onelogin, AWS Cognito, GSuite/Google Apps etc with Secured 2FA feature.

Setup Guidelines

Pricing

Download

Key Features

Single Sign-On

Seamless Single Sign-On (SSO) experience to store users and they can access their Shopify Store with existing IdP credentials providing affiliated login experience with one time login.

SSO Integrations

miniOrange provides Single Sign-On (SSO) integrations with all types of protocols like SAML, OAuth2.0, OpenID connect, CAS, LDAP, WS-Fed, Radius, etc.

Existing User store integrations (SSO)

Provides real time Single Sign-On(SSO) access for users without having to move users from their existing user stores like Federated Identity Provider, OAuth / OpenID Providers, Active Directory / LDAP, GSuite/Google Apps etc.

Multiple IDPs Supported

Configure SSO support for multiple IDPs and authenticating different types of users with different IDPs.

Risk Based authentication

Enhancing security to your Shopify Store access avoiding Fraud prevention based on IP, Device, Location and Time based rules.

Widget/Shortcode to add IDP Login

Configure your login widget according to your store’s theme .Contact us at info@xecurify.com for customizing the widget specifically for you.

Benefits

Easy to Configure

Login to your shopify store using SAML 2.0,OAuth,OpenID compliant Identity Providers with easy configuration.

More Secure

Add more security to your existing login with added layers of Multifactor Authentication like 2FA and OTP login.

Redirect URL

Adding Redirect URL for switching users to specific page of Shopify Store after SSO or leaving blank for bringing them back to the page where SSO is initiated.

Cost-effective

Get access to SSO in non-plus version of Shopify saving cost to purchase Shopify plus version

Easy to Integrate

Easily Integrate your existing LDAP/Active Directory in miniOrange to provide users login using their existing credentials and secure access to Shopify Stores.

24/7 Active Support

We provide world-class support and customers vouch for our support.

Plans For Everyone

B2C B2B

Standard

^$ 49/month^*
Upgrade now
See the Standard Plugin features list below
500 unique users per month allowed
Support for single SSO protocol from SAML, OAuth2.0, OpenID, CAS, RADIUS, LDAP, etc.
Support for SSO with Single Identity Provider
Customizable login widget with options available within app
Option, Shortcode to add IdP Login Link on your site
Auto-Redirect to IdP
Step-by-step guide to setup IdP
-
-
-
-
24*7 support

Premium

^$ 89/month^*
Upgrade now
See the Premium Plugin features list below
1000 unique users per month allowed
Support for multiple SSO protocols from SAML, OAuth2.0, OpenID, CAS, RADIUS, LDAP, etc.
Support for SSO with Multiple Identity Provider
Customizable login widget with options available within app
Option, Shortcode to add IdP Login Link on your site
Auto-Redirect to IdP
Step-by-step guide to setup IdP
Email domain mapping specific to Identity provider
More security with added layer of Multifactor Authentication
Fraud prevention based on IP, Device, Location and Time based rules
Login widget will be customized by our developers exclusively
24*7 support

Enterprise

^$ 129/month^*
Upgrade now
See the Enterprise Plugin features list below
3000 unique users per month allowed
Support for multiple SSO protocols from SAML, OAuth2.0, OpenID, CAS, RADIUS, LDAP, etc.
Support for SSO with Multiple Identity Provider
Customizable login widget with options available within app
Option, Shortcode to add IdP Login Link on your site
Auto-Redirect to IdP
Step-by-step guide to setup IdP
Email domain mapping specific to Identity provider
More security with added layer of Multifactor Authentication
Fraud prevention based on IP, Device, Location and Time based rules
Login widget will be customized by our developers exclusively
24*7 support

Professional

Contact Us
Contact Us
See the Professional Plugin features list below
3000+ unique users per month allowed
Support for multiple SSO protocols from SAML, OAuth2.0, OpenID, CAS, RADIUS, LDAP, etc.
Support for SSO with Multiple Identity Provider
Customizable login widget with options available within app
Option, Shortcode to add IdP Login Link on your site
Auto-Redirect to IdP
Step-by-step guide to setup IdP
Email domain mapping specific to Identity provider
More security with added layer of Multifactor Authentication
Fraud prevention based on IP, Device, Location and Time based rules
Login widget will be customized by our developers exclusively
24*7 support

*To qualify for B2C pricing, the authentication limit allowed per user is less than 5/Month

Standard

^$ 89/month^*
Upgrade now
See the Standard Plugin features list below
100 unique users per month allowed
Support for single SSO protocol from SAML, OAuth2.0, OpenID, CAS, RADIUS, LDAP, etc.
Support for SSO with Single Identity Provider
Customizable login widget with options available within app
Option, Shortcode to add IdP Login Link on your site
Auto-Redirect to IdP
Step-by-step guide to setup IdP
-
-
-
-
24*7 support

Premium

^$ 219/month^*
Upgrade now
See the Premium Plugin features list below
500 unique users per month allowed
Support for multiple SSO protocols from SAML, OAuth2.0, OpenID, CAS, RADIUS, LDAP, etc.
Support for SSO with Single Identity Provider
Customizable login widget with options available within app
Option, Shortcode to add IdP Login Link on your site
Auto-Redirect to IdP
Step-by-step guide to setup IdP
Email domain mapping specific to Identity provider
More security with added layer of Multifactor Authentication
Fraud prevention based on IP, Device, Location and Time based rules
Login widget will be customized by our developers exclusively
24*7 support

Enterprise

^$ 299/month^*
Upgrade now
See the Enterprise Plugin features list below
1000 unique users per month allowed
Support for multiple SSO protocols from SAML, OAuth2.0, OpenID, CAS, RADIUS, LDAP, etc.
Support for SSO with Multiple Identity Provider
Customizable login widget with options available within app
Option, Shortcode to add IdP Login Link on your site
Auto-Redirect to IdP
Step-by-step guide to setup IdP
Email domain mapping specific to Identity provider
More security with added layer of Multifactor Authentication
Fraud prevention based on IP, Device, Location and Time based rules
Login widget will be customized by our developers exclusively
24*7 support

Professional

Contact Us
Contact Us
See the Professional Plugin features list below
1000+ unique users per month allowed
Support for multiple SSO protocols from SAML, OAuth2.0, OpenID, CAS, RADIUS, LDAP, etc.
Support for SSO with Multiple Identity Provider
Customizable login widget with options available within app
Option, Shortcode to add IdP Login Link on your site
Auto-Redirect to IdP
Step-by-step guide to setup IdP
Email domain mapping specific to Identity provider
More security with added layer of Multifactor Authentication
Fraud prevention based on IP, Device, Location and Time based rules
Login widget will be customized by our developers exclusively
24*7 support

*To qualify for B2C pricing, the authentication limit allowed per user is less than 5/Month

Step-by-Step Guide for configuring Shopify Single Sign On (SSO) APP

Step 1: Download and setup App

Download Shopify SSO App from Shopify App Store
Click on install app button at right bottom of screen.
Accept the recurring charges shown by our App. After that you’ll be automatically redirected to Shopify SSO App home page.
Fill up different options available to customize the widget/login button which will be displayed at your store login page or you can move forward without customizing widget and use our already added default SSO widget

Step 2: Configure IDP for enabling SSO

Click on Setup IDP in the top left in navigation bar of Shopify SSO App. You’ll be redirected to identity provider menu of miniOrange.
In the right upper corner, select Add Identity Provider .
Select protocol which you want to use for SSO from SAML,OAuth2.0, OpenID, CAS, Radius, LDAP etc.

SAML SSO
OAuth 2.0 SSO

SAML SSO

Step 1: Getting details of SP metadata

Now click on the Click here link to get miniorange metadata as shown in Screen below.
In SP -INITIATED SSO section Select Show Metadata Details.
Keep these values , as they will be used later on in configuring IDP of your choice.

Step2: Configuring your IDP with miniOrange SP

Go to your IDP admin dashboard.
Create an application and select SAML as protocol.
Enter SP metadata details which you generated from miniOrange dashboard in your Identity provider application.
Get the following data from your IDP

I. IdP Entity ID
II. SAML Login URL
III. Logout URL
IV. SAML X.509 Certificate

Step 3: Setup the IDP

Go back to minOrange dashboard and go to Identity Provider-> Add Identity provider. Select SAML
Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) from your IdP and save it.
After filling these fields click On Save Settings button to save the details
Go to Identity Providers tab.
Click on Select>>Test Connection option against the Identity Provider you configured.

We support all standard IDPs like Okta, Azure AD, ADFS, Onelogin, Google Apps, Salesforce, Ping Identity, etc.

OAuth 2.0 SSO

Step 1: Configure OAuth App

Select App Name which you want as IDP. Also, copy OAuth Callback URL. This URL is required for creating OAuth application on OAuth Provider.

Single Sign-On (SSO)for Shopify (Plus and Non Plus), Shopify OAuth SSO Configure

Step 2: Configuring OAuth Provider.

Go to developer console page of selected app.
Create an application and You will be taken to the application settings page.
Enter the basic details required for configuring app and Click on Enable OAuth Settings
After enabling OAuth Settings you will be shown more options to configure, Such as Callback URL (Enter URL that you have copied in step-1). Select the scopes as required. Make sure that the same scopes are also added in miniOrange scope section plugin and then scroll all the way to the bottom to click on Save.
After performing SAVE action you will be taken to the Application Management page. Here, you will find Client ID and Client Secret
Enter Client ID & Client Secret in miniOrange step-1. Also enter valid scope & click on Save.

Step 3: Configuring OAuth Provider.

Go to the Identity Providers tab.
Click on Select>>Test Connection option against the Identity Provider you configured.

We support all standard IDPs like AWS Cognito, Azure AD, Salesforce, Google, Facebook, LinkedIn, etc

Step 3: Testing IDP configuration

Go to you Shopify Store login page.
Click on login button you customized earlier.
You’ll be redirected to login page of IDP you configured earlier. Enter your account credentials
You’ll be successfully login to your shopify store.

Step 4: Restricting Complete Store to logged-in users

If you want to restrict Shopify Store to only logged-in users please follow the below steps and If you want to allow SSO only from the /account/login page you can skip this step.

Prerequisite : You should have enabled password protection on your shopify store

You need to get storefront_digest cookie for configuring Complete Store with SSO. Click on lock-shaped icon in the address bar of the browser and than click on cookies

Single Sign-On (SSO)for Shopify (Plus and Non Plus), Restrict Shopify Store to logged in users

After that click on tab with name similar to your store domain and than click on submenu - Cookies

Now search for storefront_digest variable and then click on it, After that you can see it’s value under the content section as shown below. Copy this value

Paste the storefront_digest cookie value in the store access cookie section as shown below and then click on the Save button.

Now go to https://< your-store-domain >/password and click on Enter using Password in the top right corner. After that click on the Login widget to initiate the SSO.

Shopify Single Sign-On (SSO) | SAML Authentication | OAuth SSO