SSO into the Shopify Store using Custom SAML IDP | Shopify SAML SSO

Overview

Shopify Single Sign-On (SSO) Login application enables login into a Shopify store using multiple Identity Providers (IDPs) through the SAML protocol. It supports advanced Single Sign-On (SSO) features like user profile attribute mapping, role mapping, and more. To learn about other features provided in our Shopify Single Sign-On application, click here.

Pre-requisites : Download And Installation

• To configure SSO into Shopify with a Custom SAML IDP, you will need to install the Shopify Single Sign-On (SSO) Login Application on your Shopify store.

Configuration Steps

Step 1: Get Service Provider (SP) metadata from the Shopify SSO application

• Go to your Shopify store & navigate to the App section and click on Single Sign On - SSO login application.

• Click on the Add Identity Provider button to add your IDP.

• Select SAML protocol.

• From the list of identity providers (IDPs), select Custom IDP.

• Click on the Get Metadata button to retrieve the Service Provider (Shopify) metadata.

• For SP-Initiated SSO
• For IDP-Initiated SSO

• Navigate to SP Initiated Metadata section and copy down the ACS URL and Entity ID or Issuer.

• Navigate to IDP Initiated Metadata section and copy down the ACS URL and Entity ID or Issuer.

You have successfully obtained the Service Provider Metadata from Shopify.

Step 2: Setup SAML application as Identity Provider (IDP)

• Access the developer's console of your chosen SAML IDP.
• Create a new application.
• Select the SAML Protocol for this newly created application.
• Paste the individual metadata details such as IDP Entity ID, ACS URL, X.509 Certificate of the Shopify SSO application from Step 1.
• Save the configurations.
• Obtain the following data from your IDP such as IDP Entity ID, SAML Login URL, Logout URL, SAML X.509 Certificate.
• Create a user in your IDP to be used for SSO into Shopify.

You have completed the IDP side configurations.

Step 3: Configure Custom SAML App as IDP in Shopify

• Navigate back to the Shopify Single Sign On-SSO application and fill in the required fields like by refering the below table.

IDP Display Name	Provide appropriate display name
IDP Entity ID	Entity ID from your SAML IDP application
SAML SSO Login URL	IDP SAML Lohin URL
X.509 Certificate	SAML X.509 Certificate from your IDP
SAML SSO Logout URL	IDP SAML Logout URL

• Click on Next.

You have now completed the configuration for Custom SAML IDP into your Shopify SSO Application.

Step 4: Test Connection

• After saving the IDP configuration, you will be redirected to the Test Connection step. Perform a test connection before mapping or fetching attributes, a test connection ensures that your IDP configuration is correct.
• Click on the Test Connection button.

• On entering valid IDP credentials you will see a pop-up window which is shown in screen below.

• Click on the Fetch Attributes to fetch the IDP attribute.

Step 5: Attribute Mapping

• Click on the + Attribute Mapping button to map attributes between Shopify and your IDP.

• Map the attributes by referring the table below:

Attribute Name in Shopify	Choose the attribute from the list of predefined attributes
Attribute Type	IDP Attribute
Attribute Value	Select the attribute value you have fetched from your IDP

• Click on Save.
• Navigate to the application home page. Click More actions against the configured IDP, and click on Make Default to set your IDP as default.

Step 6: Testing SSO for your Shopify Store

• Go to your Shopify Store login page. (https://<your-shopify-storedomain>/account/login)
• Click on the login button you customized earlier.

• You’ll be redirected to the login page of the IDP you configured in the previous step. Log in with your IDP account credentials.
• You’ll be successfully logged in to your Shopify store.

Step 7: Restrict SSO based on the IDP Attributes

• You can control access to your Shopify Store by setting rules that allow or deny entry based on specific user attributes. For instance, you can restrict access to certain store sections for users with a particular tag or domain.
• Navigate to Apps section and then select the miniOrange Single Sign On – SSO application.

• Navigate to the Store Access Restrictions section in the Advanced Settings.

• Enable the Based on IDP User Profile Attributes feature. Click on + Add Attribute to add an attribute as shown in the below image.

• If the attribute name from IDP matches the blocked attribute value, the user will be redirected to the blocked page after they SSO into the Shopify store.

• Click on Save.
• Example: If the blocked attribute name is “domain” and its value is “@gmail.com”, then all customers with a @gmail domain will be redirected to the blocked page after they perform SSO to the Shopify store.

Step 8: Store Access Exclusively for Logged-In Users

• "Protect Complete Store with SSO" grants exclusive access to your Shopify store, ensuring that only logged-in users can access it. Any non-logged-in user attempting to access any page of your Shopify store will be redirected to the password page.
• Note: For the following steps, ensure that you have enabled password protection on your Shopify store.
• To configure your complete store with OTP Verification, you need to obtain a storefront_digest cookie.
• Go to your Shopify store. Right-click on the page and select the "Inspect" option.

• Now, navigate to the Application section and select the Cookies option from the left menu. Choose your store and search for storefront_digest. Copy the value associated with this cookie.

• Navigate to Apps section and then select the miniOrange Single Sign On – SSO application.

• Go to Advanced Settings and then Store Access Settings. Under the Complete Store Protection section, paste the storefront_digest cookie value in the Store Token field, as shown in the image below.

• Click on Save.
• Now, go to https://<your-store-domain>/password and click on Enter using Password in the top right corner.

• After that, click on the SSO Login widget to initiate the Single Sign-On process. For example; Let us name our widget "Login with SSO" as shown in the below image.

Hence you have successfully configured Shopify Single Sign-On (SSO) using your Custom IDP and Shopify as Service Provider. using miniOrange Single Sign-On (SSO) login application. This solution ensures that you are ready to roll out secure access to your Shopify store using SAML IDP login credentials within minutes.

Additional Resources

• Shopify Security Solutions
• Shopify Single Sign-On (SSO)
• Shopify Content Restriction
• Shopify Order and SMS Notifications
• Two Factor Authentication (2FA) for Shopify

Get in Touch

Please reach out to us at shopifysupport@xecurify.com, and our team will assist you with setting up the Shopify Inventory Sync application. Our team will help you to select the best suitable solution/plan as per your requirement.