SAML Single Sign-On (SSO) For Shopify Using ADFS as Identity Provider
ADFS Single Sign-On (SSO) for Shopify store, miniOrange provides a ready-to-use solution. This solution ensures that you are ready to roll out secure access to the Shopify store using ADFS within minutes.
Pre-requisite: Single Sign-On - SSO Application
To configure Shopify SSO with ADFS as IDP, you will need to install the miniOrange Single Sign On - SSO Login Application on your Shopify store:
miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify store(both plus and Non-plus Stores).
Step by Step guide for Configuring ADFS as IDP for SSO into Shopify
1. Configuring miniOrange as Service Provider (SP) in ADFS
- On ADFS, search for the ADFS Management application.
- After opening the ADFS Management, select Relying Party Trust and then click on Add Relying Party Trust.
- Select Claims Aware from the Relying Party Trust Wizard and click on the Start button.
Select Data Source
- In Select Data Source, select the data source for adding a relying party trust.
- Now go to your Shopify store and navigate to the App section and click on Single Sign On - SSO login application.
- Click on the Setup IDP button in the left navigation bar.
- Click on Configure SSO >> Add Identity Provider.
- Select SAML protocol. Now click on the Click here link to get miniOrange metadata as shown in the Screen below.
- Under SP - INITIATED SSO section, do the following:
- Copy the Metadata URL as shown in the below image.
- Select Import data about the relying party published online or on the local network option and add the metadata URL in the Federation metadata address.
- Click on Next.
Note: In the next step enter the desired Display Name and click Next.
Specify
Display Name
Choose Access Control Policy
- Select Permit everyone as an Access Control Policy & click on Next.
Ready to Add Trust
- In Ready to Add Trust, click on Next and then Close.
Edit Claim Issuance Policy
- In the list of Relying Party Trust, select the application you created and click on Edit Claim Issuance Policy.
- In the Issuance Transform Rule tab, click on Add Rule >> OK button.
Choose Rule Type
- Select Send LDAP Attributes as Claims and click on Next.
Configure Claim Rule
- Enter the following details & click on Finish.
| Claim rule name: | Attributes |
| Attribute Store: | Active Directory |
| LDAP Attribute: | E-Mail-Addresses |
| Outgoing Claim Type: | Name ID |
2. Configure ADFS as Identity Provider (IDP) in miniOrange
- Now go to your Shopify store and click on the Setup IDP button in the top left in the
navigation
bar.
- From the left navigation bar select Configure SSO.
- Select SAML. Click on Import IDP metadata.
- Choose the appropriate IDP name. Browse for the file downloaded in Step 1.
- Click on Import.
- As shown in the below screen the IDP Entity ID, SAML SSO Login URL, and x.509 Certificate will be
filled from the file imported.
- Click on Save.
3. Test Connection
- Go to Configure SSO tab.
- Click on the Select >> Test Connection option against the Identity Provider you configured.
- On entering valid ADFS credentials you will see a pop-up window as shown in the below screen.
Choose your preferred Identity Provider and start setting up SSO for Shopify right away
Additional Resources
- Shopify Single Sign-On (SSO) Solution
- Shopify Two-Factor Authentication
- Shopify Single Sign-On (SSO) using Azure B2C
- Shopify Single Sign-On (SSO) using Okta
- Shopify Secure Admin Login
If you are looking for anything which you cannot find, please drop us an email on shopifysupport@xecurify.com
Need Help? We are right here!
