Single Sign-On (SSO) For Shopify Using AWS Cognito as Identity Provider

Single Sign-On (SSO) For Shopify Using AWS Cognito as Identity Provider


Single Sign-on(SSO) with AWS Cognito as Identity Provider for Shopify as Service Provider, miniOrange provides a ready to use solution for Shopify Store. This solution ensures that you are ready to roll out secure access to Shopify Store using AWS Cognito within minutes.

Download And Installation

  • Log in to the Shopify App Store.
  • Search for Single Sign-On SSO Login.
  • On the app listing page, click Add app.
  • In your Shopify admin, to authorize the use of the app, click Install app.

Step up guide for Configuring Okta as IDP for SSO into Shopify


Step 1: Configuring miniOrange as Service Provider (SP) in AWS Cognito

  • Sign in to AWS Amazon
  • Now enter Cognito in search textbox & select Cognito from dropdown.

    OAuth/OpenID/OIDC Single Sign-On (SSO) with AWS cognito as IDP and Shopify as SP

  • Go to Manage your user pools.

    Manage your users pools for Single Sign-On (SSO), with AWS cognito as IDP and Shopify as SP

  • Click on Create a user pool.

     AWS cognito SSO Login Create a user pool for Shopify SP

  • Add pool name and select Review Defaults.

    AWS cognito SSO Login Review Defaults for Shopify SP

  • Click on Add app client & then click on Add an app client.

    AWS cognito SSO Login Add app client for Shopify SP

  • Enter App client name & then Click on Create app client.

    AWS cognito SSO Login Create app client for Shopify SP

  • Click on Return to pool details. After this click on Create Pool.
  • Now go to your Shopify store and click on Setup IDP button in the top left in navigation bar.

    Single Sign-On (SSO)for Shopify (Plus and Non Plus), Configure IDP for enabling Single Sign-On (SSO)
    • From the left navigation bar select Identity Provider.

      azure ad saml Apps
    • Copy the callback URL.

      azure ad saml Apps
    • Now go to the Cognito dashboard and select “Cognito User Pool”, add callback URL here.
    • Add application home page URL has to Sign out URL.
    • Also, select Authorization code grant as “Allowed OAuth Flows” & select OpenID as “Allowed OAuth Scopes”.
    • After selecting all details click on Save changes button.

      OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Save changes
  • Go to App client and click on Show details to get a client ID and client secret. (Keep client ID and client secret handy as you will need it later.)

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login App client
  • Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on Check availability button. After entering valid domain name click Save changes button.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login domain name
  • Complete domain name: The complete domain name that you need to enter in miniOrange dashboard is
    {your domain name}.auth.{region name}.amazoncognito.com
  • Add Users / Groups to Cognito App : Go to Users and groups and then click on Users. After this click on Create user.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Add Users / Groups
  • Fill all required informations and click on Create user.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create user
  • Click on Groups and then click on Create group.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Groups
  • Fill all required informations and click on Create group.

    OAuth/OpenID/OIDC Single Sign On (SSO), AWS cognito SSO Login Create group

Step 2: Configure AWS Cognito as IDP in miniOrange

  • Now go to your Shopify store and click on Setup IDP button in the top left in navigation bar.

    Single Sign-On (SSO)for Shopify (Plus and Non Plus), Configure IDP for enabling Single Sign-On (SSO)
  • From the left navigation bar click on the Add Identity Provider button. Select Oauth

    azure ad saml Apps

    azure ad saml Apps

  • Enter the following values
    OAuth Access Token Endpoint https://{cognito-app-domain}/oauth2/token
    OAuth Get User Info Endpoint (optional) https://{cognito-app-domain}/oauth2/userInfo
    Client ID From step 1
    Client secret From step 1
    Scope openid
  • Now you can click on Save.


Choose your preferred Identity Provider and start setting up SSO for Shopify right away

Additional Resources

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com