Setup Single Sign-On (SSO) into the Shopify Store using SAML

Shopify Single Sign-On (SSO) Login application enables login into a Shopify store using multiple Identity Providers (IDPs) through the SAML protocol. It supports advanced Single Sign-On (SSO) features like user profile attribute mapping, role mapping, and more. To learn about other features provided in our Shopify Single Sign-On application, click here.

Pre-requisite: Shopify Single Sign-On (SSO) Application

Step-by-Step Guide for Configuring Shopify Single Sign-On (SSO) Application

1. Get Service Provider (SP) metadata from the Shopify SSO application

• Go to your Shopify store and navigate to the App section. Click on Shopify Single Sign-On (SSO) Login

• Click on the Setup IDP button in the left navigation bar.

• In the right upper corner, select Add Identity Provider.

• Select SAML.

• Click on the Click here link to get Shopify metadata from the Shopify SSO application. This metadata will be required while configuring SAML IDP.

• After clicking on the Click here button, two flows will be displayed: SP-INITIATED SSO and IDP-INITIATED SSO. For SP-INITIATED SSO, follow any of the steps provided below to get the Shopify (SP) metadata.

• Copy SP metadata manually
• Copy metadata URL
• Download metadata

• Here Metadata details are shown by selecting the Show Metadata Details option.

• Copy the Shopify SSO metadata including (ACS URL, SLO, X.509 certificate, Entity ID, etc.)
• Click on the Save button.

• Copy the medata URL as shown in the below image.

• Click on the Save button.

• Select the Show Metadata Details option. and Click on the Download Medaada

• Click on the Save button.

You have successfully obtained Shopify SSO Metadata (SP Metadata) details from Shopify

2. Configuring Shopify as SP in your SAML IDP

• Go to the developer's console of your preferred IDP.
• Create a new Application.
• Select the SAML protocol for this newly created Application.
• Enter the Metadata URL or paste the individual Metadata details or upload the downloaded metadata file of the Shopify SSO application generated in Step 1.
• Save the configurations.
• Get the following data from your IDP:

I. IdP Entity ID
II. SAML Login URL
III. Logout URL
IV. SAML X.509 Certificate


• Create a user in your IDP with which you are looking for SSO into Shopify.

You have successfully configured Shopify as SP in your SAML IDP

3. Configure SAML IDP in the Shopify SSO Application

• Go to your Shopify store. Navigate to the App section, and click on Single Sign On - SSO login application.

• Click on the Setup IDP button in the left navigation bar.

• Go to Configure SSO >> Add Identity provider.

• Select SAML.

• Enter the IDP Name of your choice.
• Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) from your IDP.
• Or you can directly upload an XML file containing relative information.

• Leave the other configurations and checkboxes as it is.
• After filling these fields click on the “Save” button to save the details.

You have configured SAML IDP into your Shopify SSO Application.

4. Test Connection

• Go to the Configure SSO tab.
• Click on the Select >> Test Connection option against the Identity Provider you configured.

• After entering the correct credentials of the user present in your IDP, you will get a successful Test Connection screen.

• We support all standard IDPs like Okta, Azure AD, Keycloak, ADFS, OneLogin, Google Apps, Salesforce, Ping Identity, etc., and Custom IDPs too.

Additional Settings

1. Attribute Mapping

This feature can be used to map user attributes coming from Identity Provider into your Shopify store customer profile.

• Go to Single Sign On - SSO Application from Admin Dashboard.
• Scroll down to the Attribute Mapping Section.
• Enter the attribute values or 'keys' like email, firstname, lastname, etc. from your Identity provider to map them into your store’s customer profile.
• Save your configurations.

2. Domain Mapping

• If your primary domain is different than your Shopify domain then add your primary domain URL in the Domain settings section of Single Sign On - SSO Application.
Note: Remove “https:” and slashes from the URL while adding it here.


• Save your configurations.

3. Restrict Page Access

• Navigate to the Additional Settings section in the application dashboard.

• Enable the Restrict Page Access option. Click on the + icon and add a page extension (eg: /account) as shown in the above image to restrict access to that page.
• Click on Save.

4. Block SSO based on attributes from IDP

• Navigate to the Additional Settings section in the application dashboard.

• Enable the Block SSO based on attributes from the IDP option. Click on the + icon and add an attribute as shown in the above image. If the IDP value matches the blocked attribute value, the user will be blocked from logging into the Shopify store.
• Click on Save.

5. Configuration on Shopify Store Admin Page

• Go to your Shopify store admin page.
• In the left section, click on the Online Store and select Preferences.
• Scroll down to the Spam Protection section and uncheck the second option "Enable Google reCAPTCHA on login, create account and password recovery pages"
• Save your changes.

6. Testing IDP configuration

• Go to your Shopify Store login page.
• Click on the login button you customized earlier.
• You’ll be redirected to the login page of the IDP you configured earlier. Enter your account credentials
• You’ll be successfully log in to your shopify store.

7. Restrict Complete Store to logged-in users

• If you want to restrict Shopify Store to only logged-in users please follow the below steps and If you want to allow SSO only from the /account/login page you can skip this step.

Prerequisite: You should have enabled password protection on your shopify store

• You need to get a storefront_digest cookie for configuring the complete store with OTP Verification. Right-click on your keyboard and click on Inspect option.

• Now navigate to the Application section and then select the Cookie option in the left menu. Select your store and search for Storefront_digest. Copy this Value.

• Paste the storefront_digest cookie value in the store access cookie section as shown below and then click on the Save button.

• Now go to https://< your-store-domain >/password and click on Enter using Password in the top right corner. After that click on the Login widget to initiate the SSO.

---

Free Trial

If you don't find what you are looking for, please contact us at shopifysupport@xecurify.com or call us at +1 978 658 9387 to find an answer to your question about Shopify Single Sign-On (SSO).