Step by Step guide for Single Sign-On in Shopify Store Using AWS Cognito as Userstore

1.  Configurations for AWS Cognito

A] Steps to Configure User Pool

• Sign in to AWS Amazon.
• Now enter “Cognito” in search textbox & select Cognito from dropdown.



• Go to “Manage your user pools”.


• Click on “Create a user pool”.



• Add pool name and select “Review Defaults”.



• Click on Edit icon as shown in the below image.



• Now, Enable the Email Address and Phone Number option and click on Next step button.




• Click on “Add app client” & then click on Add an app client.



• Enter App client name & Disable Generate Client Secret option. Enable the Username Password based authentication option,then Click on “Create app client”.




• Click on Return to Pool Details to come back to your configuration.



• Click on Create Pool button to save your settings and create a user pool.



• In the navigation bar present on the left side, click on the App Client Settings option under the App Integration menu.



• Go to the Cognito dashboard and select “Cognito User Pool”, add callback URL which you have copied from Pre-requisite.
• Add application home page URL has to Sign out URL.
• Also, select Authorization code grant as “Allowed OAuth Flows” & select email, OpenID, Profile as “Allowed OAuth Scopes”.
• After selecting all details click on Save changes button.



• Go to “App client” and click on “Show details” to get a client ID. (Keep client ID handy as you will need it later.)



• Go to domain name and enter a domain name for your app. After adding domain name you can check its availability by clicking on “Check availability” button. After entering valid domain name click ”Save changes” button.



• Complete domain name: The complete domain name that you need to enter in miniOrange dashboard is {your domain name}.auth.{region name}.amazoncognito.com
• Add Users / Groups to Cognito App : Go to Users and groups and then click on Users. After this click on Create user.



• Fill all required informations and click on Create user.



• Click on Groups and then click on Create group.


• Fill all required informations and click on Create group.




B] Steps to Configure Identity Pool.

• Go to Federated Identities and click on Create new Identity pool button.



• Enter Identity pool name and enable Unauthenticated identities and Authentication flow settings, then click on Create pool button.



• Click on Allow button and You will get the Identity Pool Id.

2.  Configure Shopify as SP (Service Provider)

• Now go to your Shopify store and click on Setup IDP button in the top left in navigation bar.
  
  
• From the left navigation bar select User Store and Click on Add User Store button.



• Select AWS Cognito.



• Enter the following values.

AWS Cognito Identifier	Provider Name
AWS Cognito Region	Get Cognito region from user pool(eg.us-east-2)
User Pool ID	From step A
Client ID	From step A
Identity Pool ID	From step B

• Now you can click on Save.
• Hence your configuration of AWS Cognito as Userstore in Shopify is sucesssfully completed.

Choose your preferred Identity Provider and start setting up SSO for Shopify right away

Additional Resources

• Shopify Two Factor Authentication
• Single Sign-On (SSO) for Shopify Store
• Shopify Single Sign-On (SSO) using Azure B2C
• Shopify Single Sign-On (SSO) using Okta
• About Shopify

If you are looking for anything which you cannot find, please drop us an email on shopifysupport@xecurify.com