Search Results :

×

SAML Shopify Single Sign-On (SSO) Using PingOne as Identity Provider

How can we authenticate users into Shopify using PingOne as Identity Provider?

miniOrange allows PingOne to act as an IDP (Identity Provider), which allows users to Single Sign-On (SSO) into Shopify using PingOne Credentials. Our application is compatible with all the SAML / OAuth compliant Identity Providers. We will go through a step-by-step guide to configure Single Sign-On (SSO) into Shopify using PingOne as IdP (Identity Provider) and Shopify store as SP (Service Provider).

To configure SSO into Shopify using PingOne as an identity provider (IDP), you will need to install the miniOrange Shopify Single Sign-On - SSO Login Application on your store.


Youtube-color Created with Sketch.

Check out our video, to know more about how Single-Sign-On works in Shopify.

Follow the step-by-step guide to configure Single Sign-On in Shopify store using PingOne as an identity provider.

  • Log in to PingIdentity Admin and then navigate to Administrators Section.
  • PINGONE as IDP -SAML Single Sign-On(SSO) for Shopify - add application

  • On your Dashboard menu, click on Connections section.
  • PINGONE as IDP -SAML Single Sign-On(SSO) for Shopify - add application

  • In the Connections menu, Click on Application and to create an application click on the + icon beside its name.
  • PINGONE as IDP -SAML Single Sign-On(SSO) for Shopify - add application

  • Provide appropriate Application Name and choose the Application Type as SAML. Click on Save button.
  • PINGONE as IDP -SAML Single Sign-On(SSO) for Shopify - add application

  • For the SAML configuration you need to get the Entity ID and ACS URL from Shopify.
  • Open your Shopify store and navigate to the App section and click on Single Sign On - SSO login application.
  • Shopify SSO - single sign on application

  • Click on the Add identity Provider button to add your IDP.
  • Shopify SSO - Add Identity Provider

  • Select SAML protocol.
  • Shopify SSO - Select SAML Protocol

  • From the list of identity providers (IDPs), select PingOne as your identity provider.
  • Shopify SSO - Select SAML Protocol

  • Click on the Get Metadata to get the service provider (Shopify) metadata.
  • Shopify SSO - Download SP Metadata

  • For SP-Initiated SSO, note down the required details to configure SSO in PingOne.
  • Shopify SSO - Shopify SP-initiated Metadata

  • Navigate to Import from URL tab, and paste the copied metadata URL in import URL section. Click on Import.
  • Shopify SSO - SP-initiated Metadata

  • Click on Save.
  • Now go to configuration tab and click on Download Metadata button to download IDP metadata. Keep it handy as it will be used in further steps.
  • Shopify SSO - SP-initiated Metadata

  • Navigate to Attribute Mappings tab and map the attributes as shown in the below table.
  • saml_subject Email Address
    NameID Email Address
    Shopify SSO - SP-initiated Metadata

  • Save your Application and on the Application Dashboard and enable the "User Access" button next to your application name.
  • Shopify SSO - SP-initiated Metadata

You have successfully completed PingOne side configuration.

  • Navigate back to the miniOrange Single Sign On-SSO application and click on Add identity Provider button.

    Shopify SSO - single sign on application
  • Select SAML protocol.
  • Shopify SSO - Select SAML protocol

  • From the list of identity providers (IDPs), select PingOne.
  • Shopify SSO - Select PingOne as IDP

  • Enter the identity provider (IDP) display name.
  • Click on the Import IDP Metadata button.
  • Shopify SSO - Import PingOne Metadata

  • Select the upload method as Metadata Link. Paste the copied XML file link from Step 1 and Click on Import.
  • Shopify SSO - Select PingOne as IDP

  • Click on Save.
  • Add the appropriate IDP Name and click on Save.
Save Configuration - Shopify Okta SSO

  • After saving the IDP configuration, you will be redirected to Test Connection step.
  • Perform test connection before mapping or fetching attributes, test connection ensures that your IDP configuration is correct.
  • Click on Test Connection.
  • Shopify SSO - PingOne login page

  • You'll be redirected to the login page of the IDP you configured in previous step.
  • Log in with your IDP account credentials.
  • PingOne Single Sign On SSO SuccessTestConnection

  • Click on the Fetch Attributes to fetch IDP attribute.
  • Shopify SSO - Fetch Attributes from IDP
  • Click on the + Attribute Mapping button to map attributes between Shopify and PingOne.
  • Shopify SSO - Add Attribute Mapping

  • Map the attributes by referring the table below:
  • Shopify SSO - Add Attribute Values

    Attribute Name in Shopify Choose the attribute from the list of predefined attributes
    Attribute Type IDP Attribute
    Attribute Value Select the attribute value you have fetched from your IDP
  • Click on Save.

Select Shopify Store Type:

SSO Configuration in Non-Plus Shopify Stores

Choose the type of account you have enabled on your Shopify Store:

  • Go to the application dashboard, enable the customer accounts extension as shown in the below image.
Shopify ADFS SSO Login - Enable Customer

  • Enable the New Customer Accounts extension and click on Save.
Shopify ADFS SSO Login - Enable /wp-content/uploads/2025/05/shopify-sso-paste-multipass-token.webps

  • Navigate to the application home page and enable the IDP Login toggle option against the IDP you have configured.
Shopify ADFS SSO Login - Make app default

Testing Single Sign-On (SSO) for your Shopify store

  • Go to your Shopify Store.(https://<your-shopify-storedomain>)
  • Click on the User login icon.
SSO Login into Store - Shopify miniOrange SSO

  • You’ll be redirected to the login page of the identity provider (IDP) you configured in the previous step. Log in with your IDP account credentials.
  • Next, enter the six-digit OTP that will be sent to your registered email address. (This is a one-time process)
Shopify miniOrange SSO - 6 Digit OTP customer accounts

  • You’ll be successfully logged in to your Shopify store.
  • Go to the application dashboard, you will see a warning box to add the login button extension on the Account page, click on the login widget extension link as shown in the below image to enable it.
Shopify ADFS SSO Login - Make app default

  • Navigate to the application home page and enable the IDP Login toggle option against the IDP you have configured.
Shopify ADFS SSO Login - Make app default

  • If you want to configure SSO into Shopify using multiple IDPs, then select your IDP from the list provided here, and setup SSO using that IDP.
  • Enable the IDP login toggle option for enabling SSO into Shopify using multiple IDPs.
Shopify ADFS SSO Login - Make app default

Testing Single Sign-On (SSO) for your Shopify store

  • Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
  • Click on the login button you customized earlier.
SSO Login into Store - Shopify miniOrange SSO

  • You'll be redirected to the identity provider (IDP) login page. Now log in with your existing account credentials.
  • After login, if you encounter an "invalid or missing reCAPTCHA token" error, accompanied by a "Something went wrong" message, refer to this FAQ to resolve the error.
Shopify miniOrange SSO - Something went wrong error

SSO Configuration in Plus Shopify Stores

Choose the type of account you have enabled on your Shopify Store:

  • Go back to the SSO application, and navigate to Connect Store tab. Copy the Client ID, Client Secret, Post-Logout Redirect URL and Discovery Endpoint URL and keep them handy.
Shopify ADFS SSO Login - Copy Client ID and Secret

  • Click on the Customer Accounts link as shown in the below image.
Shopify ADFS SSO Login - Click on Customer Accounts

  • Select the Customer accounts option recommended by Shopify & look for the Identity Provider option, if not present please reach out to shopifysupport@xecurify.com.
Shopify ADFS SSO Login - Select Customer Accounts option

  • If the identity provider is present, click on Manage.
Shopify ADFS SSO Login - Click Manage

  • Click on Connect to Provider button.
Shopify ADFS SSO Login - Connect to identity provider

  • Add the Identity Provider name and fill in the details such as Discovery endpoint URL, Client ID, Client secret, Additional Scopes, Post-logout redirect URI parameter that you copied from above step. Click on Save.
Shopify ADFS SSO Login - Add identity provider name

Shopify ADFS SSO Login - Add metadata

  • Once the Identity Provider has been added, do the Test Connection.
Shopify ADFS SSO Login - Test Connections

  • After verifying the flow make the identity provider as Active.
Shopify ADFS SSO Login - Make identity provider active

  • Navigate to the application home page and enable the IDP Login toggle option against the IDP you have configured.
Shopify ADFS SSO Login - Make app default

Testing Single Sign-On (SSO) for your Shopify store

  • Go to your Shopify Store.(https://<your-shopify-storedomain>)
  • Click on the User login icon.
SSO Login into Store - Shopify miniOrange SSO
  • You’ll be redirected to the login page of the identity provider (IDP) you configured in the previous step. Log in with your IDP account credentials.
  • You’ll be successfully logged in to your Shopify store.
  • Now, click on the Setup Guide button and follow the steps mentioned to get multipass token.
Shopify ADFS SSO Login - Get multipass token

  • Enable the Multipass Token option. Refer to this Faq to get the Multipass token value and paste it in the below field.
Shopify ADFS SSO Login - Enable multipass token

  • Click on Save.
  • Go to the application dashboard, you will see a warning box to add the login button extension on the Account page, click on the login widget extension link as shown in the below image to enable it.
Shopify ADFS SSO Login - Make app default

  • Navigate to the application home page and enable the IDP Login toggle option against the IDP you have configured.
Shopify ADFS SSO Login - Make app default

  • If you want to configure SSO into Shopify using multiple IDPs, then select your IDP from the list provided here, and setup SSO using that IDP.
  • Enable the IDP login toggle option for enabling SSO into Shopify using multiple IDPs.
Shopify ADFS SSO Login - Make app default

Testing Single Sign-On (SSO) for your Shopify store

  • Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
  • Click on the login button you customized earlier.
SSO Login into Store - Shopify miniOrange SSO

  • You'll be redirected to the identity provider (IDP) login page. Now log in with your existing account credentials.
  • If you encounter an "invalid or missing reCAPTCHA token" error, accompanied by a "Something went wrong" message, refer to this FAQ to resolve the error.
Shopify miniOrange SSO - Something went wrong error

  • You’ll be successfully logged in to your Shopify store.

Hence you have successfully configured Shopify Single Sign-On (SSO) using PingOne as IDP and Shopify as SP using miniOrange Single Sign-On (SSO) login application. This solution ensures that you are ready to roll out secure access to your Shopify store using PingOne login credentials within minutes.

More FAQs ➔

Follow the steps outlined here to configure SSO in Shopify with your preferred IDP.

Redirection to any other site might be blocked in the browser. Please follow the steps given here to resolve the issue.

Follow the steps outlined here to redirect your customer to collections/cart or any other page.

You must upgrade to the SSO application's Enterprise plan to enable the Auto-Redirect to the IDP feature. Follow the steps outlined here to enable this feature.

Please reach out to us at shopifysupport@xecurify.com, and our team will assist you with setting up the Shopify SSO application. Our team will help you to select the best suitable solution/plan as per your requirement.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support