How to Set Up Okta OAuth SSO in Shopify using Okta as an Identity Provider?

miniOrange allows Okta (OAuth) to act as an Identity Provider (IdP), enabling secure and seamless Single Sign-On (SSO) into your Shopify Storefront using Okta credentials. With OAuth 2.0–based authentication, users can log in once via Okta and gain instant access to your Shopify store without needing to manage separate credentials.

Our solution supports both New Shopify Customer Accounts and Classic (Legacy) Customer Accounts, making it compatible with all Shopify storefront configurations.

Whether you run a Shopify Plus or non-Plus store, or require advanced B2B Store and B2B Login functionality, the miniOrange Shopify Okta SSO integration delivers a flexible, secure, and scalable authentication solution for businesses of all sizes.

Install Application

Pricing Plans

Configure [SAML] SSO into Shopify using Okta as IdP

To set up Single Sign-On (SSO) with Shopify via the SAML protocol using Okta as an identity provider (IdP), follow the steps outlined here.

Pre-requisites: App Installation

Log in to your Shopify Admin.
Go to Apps → Shopify App Store
Search for miniOrange Single Sign-On – SSO
Click Install to add the app to your store
Open the app from Apps to start Okta OAuth SSO in Shopify configuration

Step by Step guide for Configuring Okta as IDP (OAuth) for SSO into Shopify

Step 1: Get the Callback URL from the Shopify SSO App

Go to your Shopify store and navigate to the App section and click on Single Sign On - SSO login application.

Shopify Okta OAuth SSO - navigate to Shopify SSO App

Click on the Add Identity Provider button to add your IDP.

Shopify Okta OAuth SSO - Add Identity Provider

Select OAuth 2.0 protocol.

Shopify Okta OAuth SSO - Select OAuth 2.0 Protocol

Now choose Okta from the list of IDPs.

Shopify Okta OAuth SSO - Choose Okta as IDP

Copy the OAuth Callback URL and keep it handy as it will be used in further steps.

Step 2: Configuring Shopify as a Service Provider (SP) in Okta (OAuth)

First of all, go to Admin dashboard and log into your Okta account.
Go to the Okta Admin panel. Go to Applications -> Applications.

You will get the following screen. Click on Create App Integration button.

Select sign in method as the OIDC - OpenID Connect option and select Application type as web application, click on Next button.

You will be redirected to the app details page. Enter App integration name and Sign-in redirect URIs. you will get that from miniOrange Shopify Single Sign-On (SSO) application under the Callback URL field from Step 1.

Scroll down and you will see the Assignments section. Choose a controlled access option and uncheck the Enable immediate access with Federation Broker Mode option. Click on Save button.

Now you will get the Client credentials and okta domain. Copy these credentials in miniOrange Shopify Single Sign-On (SSO) application on corresponding fields.

Step 2.1: Assign an App integration to a user

Go to Applications tab and Click on your application.

Select the Assignments tab.

Click Assign and select Assign to People.
If you want to assign the application to multiple users at the same time then select Assign to Groups [If an app is assigned to a group then, the app will be assigned to all the people in that group]

Click Assign next to a user name.

Click Save and Go Back.

Click Done.

Step 2.2: Profile Attributes for the ID Token

In your Okta admin dashboard, navigate to Security -> API.

Select your SSO application and click on the edit icon.

Go to claims tab and select the ID token option.

Click on Add claim button.

Give a Name to your claim/attribute and Select ID Token from the token type dropdown. Now, enter the value user.$attribute in the Value field based on the attribute you want to receive. Keep other settings as default and click on Create button.

Follow the similar steps for all the attributes you want to see. You will have a list similar to the below one.

You have completed Okta side configuration.

Step 3: Configure Okta (OAuth) as Identity Provider (IDP) in Shopify

Navigate back to the miniOrange Single Sign On-SSO application.

Shopify Okta OAuth SSO - Go to Shopify SSO App

Click on the Add Identity Provider button to add your IDP.

Select OAuth 2.0 protocol.

From the list of IDPs, select Okta.

Shopify Okta OAuth SSO - Select Okta IDP

Now, fill in the required details like Client ID, Client Secret, Endpoints, and Scope.
Please refer to the below table for configuring the values.

IDP Display Name	[enter any app name of your choice]
OAuth Authorize Endpoint	https://{yourOktaDomain}.com/oauth2/v1/authorize
OAuth Access Token Endpoint	https://{yourOktaDomain}.com/oauth2/v1/token
OAuth Get User Info Endpoint (optional)	https://{yourOktaDomain}.com/oauth2/v1/userinfo
Client ID	From step 1
Client secret	From step 1
Scope	email profile openid (enter this text exactly as shown)

Click on Save.

Step 4: Test Connections

After saving the IDP configuration, you will be redirected to the Test Connection step.
Please perform Test Connection before mapping or fetching attributes, test connection ensures that your IDP configuration is correct.
Click on the Test Connection button.

On entering valid Okta credentials you will see a pop-up window which is shown in the below screen.

Connection Succesfull - Shopify Okta SSO

Click on the Fetch Attributes button to fetch the IDP attribute.

Step 5: Attribute Mapping

Click on the + Attribute Mapping button to map attributes between Shopify and Okta.

Map the attributes by referring to the table below:

Attribute Name in Shopify	Choose the attribute from the list of predefined attributes
Attribute Type	IDP Attribute
Attribute Value	Select the attribute value you have fetched from your IDP

Click on Next.

Step 6: Enable & Test SSO Configurations

Select Shopify Store Type:

Non-Plus Store
Plus Store

SSO Configuration in Non-Plus Shopify Stores

Choose the type of account you have enabled on your Shopify Store:

Customer Accounts
Legacy Customer Accounts

Note: If you’re using a password-protected store or working on a Shopify development store, click here to set up the storefront digest cookie so SSO can work on your store.

Go to the application dashboard, enable the customer accounts extension as shown in the below image.

Enable the New Customer Accounts extension and click on Save.

Shopify SSO Login - Enable /wp-content/uploads/2025/05/shopify-sso-paste-multipass-token.webps

Navigate to the application home page and enable the IDP Login toggle option against the IDP you have configured.

Allow Only SSO Users to Complete Checkout - Restrict Others

This feature allows only users who log in via Single Sign-On (SSO) to complete the checkout process. Other users will be blocked from proceeding with checkout.

Navigate to Settings.

Shopify SSO Login - Navigate to Settings

Open the Checkout section.

Shopify SSO Login - Open Shopify Checkout

Scroll downwards, in the checkout rules section, click on Add rule.

Click on SSO Checkout Validation.

Shopify SSO Login - SSO Checkout Validation

Deselect the "Allow all customers to complete checkout" option, and click on Save.

Shopify SSO Login - Deselect Allow All Customers to Complete Checkout

Now, you can Turn on the checkout rule.

Shopify SSO Login - Turn On SSO Checkout Validation

If you attempt to checkout without performing SSO, an error will appear as shown below.

Shopify SSO Login - SSO Checkout Validation Error

Testing Single Sign-On (SSO) for your Shopify store

Go to your Shopify Store.(https://<your-shopify-storedomain>)
Click on the User login icon.

SSO Login into Store - Shopify miniOrange SSO

You’ll be redirected to the login page of the identity provider (IDP) you configured in the previous step. Log in with your IDP account credentials.
Next, enter the six-digit OTP that will be sent to your registered email address. (This is a one-time process)

Shopify miniOrange SSO - 6 Digit OTP customer accounts

You’ll be successfully logged in to your Shopify store.

Go to the application dashboard, you will see a warning box to add the login button extension on the Account page, click on the login widget extension link as shown in the below image to enable it.

Navigate to the application home page and enable the IDP Login toggle option against the IDP you have configured.

If you want to configure SSO into Shopify using multiple IDPs, then select your IDP from the list provided here, and setup SSO using that IDP.
Enable the IDP login toggle option for enabling SSO into Shopify using multiple IDPs.

Testing Single Sign-On (SSO) for your Shopify store

Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
Click on the login button you customized earlier.

You'll be redirected to the identity provider (IDP) login page. Now log in with your existing account credentials.

After login, if you encounter an "invalid or missing reCAPTCHA token" error, accompanied by a "Something went wrong" message, refer to this FAQ to resolve the error.

Shopify miniOrange SSO - Something went wrong error

SSO Configuration in Plus Shopify Stores

Choose the type of account you have enabled on your Shopify Store:

Customer Accounts
Legacy Customer Accounts

Navigate back to the SSO application, and click on the Connect Store tab.
Copy the Discovery Endpoint URL Client ID, Client Secret, Additional Scopes and Post-Logout Redirect URI Parameter and keep them handy.

Shopify SSO Login - Copy Client ID and Secret

Click on the Customer Accounts link as shown in the below image.

Shopify SSO Login - Click on Customer Accounts

Select the Customer Accounts option as recommended by Shopify. Next, look for the Authentication option and click on Manage.
If you do not find the option, please reach out to shopifysupport@xecurify.com for assistance.

Shopify SSO Login - Manage Authentication

Click on the Manage Providers button.

Click on Connect to Provider button.

Shopify SSO Login - Connect to identity provider

Add the Identity Provider name and from the Provider dropdown, select Custom or other.

Shopify SSO Login - Add identity provider name

Fill in the details such as Discovery endpoint URL, Client ID, Client secret, Additional Scopes, Post-logout redirect URI parameter that you copied from above step. Click on Save.

Once the Identity Provider has been added, do the Test Connection.

After verifying the flow make the identity provider as Active.

Shopify SSO Login - Make identity provider active

Navigate to the application home page and enable the IDP Login toggle option against the IDP you have configured.

Testing Single Sign-On (SSO) for your Shopify store

Go to your Shopify Store.(https://<your-shopify-storedomain>)
Click on the User login icon.

You’ll be redirected to the login page of the identity provider (IDP) you configured in the previous step. Log in with your IDP account credentials.

You’ll be successfully logged in to your Shopify store.

Provide Login Using Username & Password

If you want to provide login using username & password along with your login with IDP option for your B2B store, then click here

Shopify Login - With Username and Password

Provide Login Using Email OTP

If you want to provide login using Email OTP along with your login with IDP option for your B2B store, then click here

Now, click on the Setup Guide button and follow the steps mentioned to get multipass token.

Enable the Multipass Token option. Refer to this Faq to get the Multipass token value and paste it in the below field.

Shopify SSO Login - Enable multipass token

Click on Save.

Go to the application dashboard, you will see a warning box to add the login button extension on the Account page, click on the login widget extension link as shown in the below image to enable it.

Navigate to the application home page and enable the IDP Login toggle option against the IDP you have configured.

If you want to configure SSO into Shopify using multiple IDPs, then select your IDP from the list provided here, and setup SSO using that IDP.
Enable the IDP login toggle option for enabling SSO into Shopify using multiple IDPs.

Testing Single Sign-On (SSO) for your Shopify store

Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
Click on the login button you customized earlier.

You'll be redirected to the identity provider (IDP) login page. Now log in with your existing account credentials.

If you encounter an "invalid or missing reCAPTCHA token" error, accompanied by a "Something went wrong" message, refer to this FAQ to resolve the error.

You’ll be successfully logged in to your Shopify store.

You’ve completed the Shopify Okta integration using the OAuth protocol, with Okta as the IdP and Shopify as the SP. This setup enables seamless Single Sign-On (SSO) into Shopify using Okta credentials, giving users one-click access without multiple logins while enhancing security. By leveraging OAuth-based authentication, store owners can simplify operations and deliver a trusted, consistent login experience for customers, employees, partners, and B2B users.

Supported Integrations & Features

More Features ➔

Troubleshooting

I have followed the steps to set IDP but where can I check SSO?

First, make sure the customer login or account link is visible on your Shopify storefront.

If it is visible, click the Login option to proceed.

If it is not visible, enable it from Shopify Admin, go to Settings, then Customer Accounts, and turn on Show login link in the header and at checkout.

Legacy Shopify Customer Accounts

Click the Account/Login link or go to /account/login. Select Okta OAuth SSO Login, enter your Okta credentials, and you will be logged in.

New Shopify Customer Accounts

Click the user icon in the top-right corner. You will be taken to the Okta OAuth login page. Sign in with your Okta credentials and complete the 6-digit OTP verification if it is enabled to access the store.

For detailed steps, refer to the Okta OAuth Shopify SSO documentation.

After performing SSO, I want my customers to redirect to the collections or discount offer page.

After setting up Okta OAuth SSO for Shopify, you can manage where users go after they log in. Open the Shopify SSO application for Okta, go to More Actions, then Additional Settings, and select the Post Login Configurations tab. Enter the redirect path you want (for example, /cart or /collections) without including the full store URL. If needed, enable Restrict User SignUp, then save the settings.

For detailed, step-by-step instructions, check the Okta OAuth Shopify SSO documentation.

How do I enable the SSO application’s auto redirect to the IDP feature on my Shopify store?

To enable Auto-Redirect to Okta, upgrade the Shopify SSO application for Okta to the Enterprise (Scale) plan.

Go to Apps, then miniOrange Single Sign-On (SSO), and select Pricing. Click Upgrade under the Scale Plan. After you upgrade, open the Global Configurations tab and enable Auto Redirect to IDP under Store Access Settings. If prompted, follow the link to enable the required extension and save the changes. Decide whether the auto-redirect should apply to the entire store or just the login page, then click Save to activate Auto-Redirect to Okta.

Refer to the Okta OAuth Shopify SSO documentation for detailed setup steps.

Frequently Asked Questions (FAQs)

More FAQs ➔

How do I configure Shopify SSO so that only users with a verified company domain in Okta can access it?

Yes, you can restrict Shopify access so that only users with a verified company domain in Okta can log in by integrating Okta as your Identity Provider (IdP) with Shopify using the Shopify Single Sign-On (SSO) solution.

Here’s how it works:

Configure Okta as the Identity Provider (IdP): In your Okta admin dashboard, create a new App Integration using OAuth 2.0 or OIDC (OpenID Connect). Add your Shopify store details from the Shopify SSO app, including Redirect URI and other settings, and configure attribute statements (claims) like email, first name, and last name. Hence, Okta passes this user data to Shopify.

Add Okta to Shopify with miniOrange: Add the Shopify SSO app to your Shopify store. Enter your Okta Client ID, Client Secret, and OAuth endpoints (authorization and token URLs) into the Shopify SSO app. The app then connects Shopify to Okta, establishing a secure trust relationship.

Restrict access by verified company domain: Inside Okta, configure your sign-on policies so that only users whose email addresses end with your verified domain (e.g., @company.com) are allowed to authenticate.

When users attempt to log into your Shopify store, the miniOrange SSO app relies on Okta to validate that the email belongs to your company domain before granting access.

How do I force all Shopify users to log in through Okta OAuth and remove the default login options?

Yes, you can force all Shopify users to log in exclusively through Okta and remove the default Shopify login options by integrating Okta as your Identity Provider (IdP) in Shopify Shopify Store.

Here’s how this typically works:

Connect Shopify to Okta for SSO: In Okta, create a new application using OAuth 2.0 / OpenID Connect (OIDC). Enter your Shopify store details provided by the Shopify SSO app, including redirect URLs and other credentials.

Set up Shopify as the Service Provider (SP) with miniOrange: Install the Shopify SSO app directly in your Shopify store. Add your Okta application details (client ID, secret, endpoints) into the Shopify SSO app. This creates the trusted SSO connection between Shopify and Okta, without needing manual SAML certificate handling or editing your theme code.

Enforce SSO and remove default login options: In the Shopify SSO app settings, you can choose to enforce SSO, meaning every user trying to access your Shopify store will be redirected to authenticate through Okta only. The app also allows you to hide or disable Shopify’s default login and registration forms, so customers can’t bypass SSO and log in with classic Shopify credentials.

By doing this, users see only the “Login with Okta” button (or your branded SSO button), creating a consistent and secure login flow.

How do I restrict Shopify SSO to specific groups or organizational units in Okta?

Yes, you can restrict Shopify Single Sign-On (SSO) access so that only users in specific Okta groups or organizational units (OUs) can log in by configuring your store with the Shopify SSO app.

Here’s how the process works:

Connect Okta to Shopify: In your Okta admin console, create an application using OAuth 2.0 / OpenID Connect. Enter the redirect URIs and other details provided by the Shopify SSO app. Configure attribute statements in Okta so that group or OU information (like memberOf or custom claims) is included in the tokens sent to Shopify.

Set up attribute-based access control in Shopify: Install and open the Shopify SSO app inside your Shopify store. Navigate to the Store Access Restrictions or similar section in the app settings and enable the option to restrict SSO access based on user attributes.

Define which Okta groups or OUs can log in: In the Shopify SSO, add rules that check specific attribute values (e.g., group names or OU names) coming from Okta.

For example, allow login only if the user belongs to the Marketing or VIP Customers groups in Okta. Anyone outside those groups will be denied access and won’t be able to complete the SSO login.

Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Help & Support

Contents

How to Set Up Okta OAuth SSO in Shopify using Okta as an Identity Provider?

Pre-requisites: App Installation

Step by Step guide for Configuring Okta as IDP (OAuth) for SSO into Shopify

Step 1: Get the Callback URL from the Shopify SSO App

Step 2: Configuring Shopify as a Service Provider (SP) in Okta (OAuth)

Step 2.1: Assign an App integration to a user

Step 2.2: Profile Attributes for the ID Token

Step 3: Configure Okta (OAuth) as Identity Provider (IDP) in Shopify

Step 4: Test Connections

Step 5: Attribute Mapping

Step 6: Enable & Test SSO Configurations

Allow Only SSO Users to Complete Checkout - Restrict Others

Testing Single Sign-On (SSO) for your Shopify store

Testing Single Sign-On (SSO) for your Shopify store

Testing Single Sign-On (SSO) for your Shopify store

Testing Single Sign-On (SSO) for your Shopify store

Supported Integrations & Features

Troubleshooting

I have followed the steps to set IDP but where can I check SSO?

After performing SSO, I want my customers to redirect to the collections or discount offer page.

How do I enable the SSO application’s auto redirect to the IDP feature on my Shopify store?

Frequently Asked Questions (FAQs)

How do I configure Shopify SSO so that only users with a verified company domain in Okta can access it?

How do I force all Shopify users to log in through Okta OAuth and remove the default login options?

How do I restrict Shopify SSO to specific groups or organizational units in Okta?

We'll Reach Out to You at the Earliest!