Contents

OpenID Single Sign-On (SSO) For Shopify Using Azure B2C as Identity Provider

miniOrange Single Sign-On (SSO) login for Shopify [SAML] can be achieved by using our Single Sign On - SSO Login application using Azure B2C credentials. Our application is compatible with all the SAML / OAuth / OpenID compliant Identity Providers. This solution ensures that you are ready to roll out secure access to your Shopify store using miniOrangAzure B2C within minutes. Here we will go through a step-by-step guide to configure SAML Single Sign-On (SSO) login between Shopify store and miniOrangAzure B2C by considering Azure B2C as IdP (Identity Provider) and Shopify as SP (Service Provider).

Pre-requisite : Single Sign On - SSO Login Application

To configure SSO into Shopify with Azure B2C as IDP, you will need to install the miniOrange Shopify Single Sign On - SSO Login Application on your store:

miniorange Shopify SSO - login with miniorange shopify

Shopify Single Sign-On (SSO)

By miniOrange

miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify store (both plus and Non plus stores).

Get this application

Step by Step guide for Configuring Azure B2C as IDP for SSO into Shopify

1. Get Callback URL from Shopify SSO App

Go to your Shopify store and navigate to the App section and click on Single Sign On - SSO login application.

Shopify Azure B2C SSO Login - Add SSO Application

Click on the Add identity Provider button to add your IDP.

Shopify Azure B2C SSO Login - Add Identity Provider

Select OpenId Connect 1.0 protocol.

Shopify Azure B2C SSO Login - Select SAML Protocol

Now choose Azure B2C from the list of IDPs.

Shopify Azure B2C SSO Login - Select Okta from IDP List

Copy the Callback URL and kepp it handy as it will be used in furthur step.

Shopify Azure B2C SSO Login - Click on Get Metadata

2. Setup Azure B2C as an OpenID Provider

Sign in to the Azure portal.
Go to Home and in the Azure services, select Azure B2C.

Azure AD B2C Shopify (SSO) - Select Azure AD B2C

Please make sure you are in the Azure AD B2C directory with an active subscription and if not, you can switch to the correct directory.

Azure AD B2C Shopify (SSO) - Login Applications

For the Azure B2C tenant, copy the Domain name under Essentials on the home page and save it. We will require it later.

Azure AD B2C Shopify (SSO) - Generate Key

Now, click on App Registrations and then click on the New Registration option to create a new Azure B2C application.

Azure AD B2C Shopify (SSO) - Create New Application

Configure the following options to create a new application.

Enter a name for your application under the Name text field.
In supported account types, select 3rd option ‘Accounts in any identity provider or organizational directory (for authenticating users with user flows)’.
Paste the Callback URL from Step 1 in the Redirect URI section and select the platform as Web. Click on the Register button to create your application.

Azure AD B2C Shopify (SSO) - Paste Callback URL

After successful application creation, you will be redirected to the newly created application’s overview page. If not, you can go to the app registrations and search the name of your application and you will find your application in the list.

Azure AD B2C Shopify (SSO) - Select Your Applications

Copy your Application ID (Client ID) and keep it handy.

Azure AD B2C Shopify (SSO) - Application ID (Client ID)

Click on Certificates and Secrets and then click on New client secret to generate a client secret. Enter a description and click on the Add button.

Copy the secret value from the certificates & secrets page and store it as a Client secret in your Shopify Single Sign-On (SSO) Login application.

Azure AD B2C Shopify (SSO) - Client Secret

2.1 Add Users in your B2C application

Navigate the home page, go to the Users tab in the left corner.

Click on Create new user option on the user's page.

Azure AD B2C Shopify (SSO) - External User Option

Select Email as the Sign-in method and provide the email address. Provide appropriate Display name and set your Password. Click on Review + create and then click on Create to save the user details to perform test configuration.

Azure AD B2C Shopify (SSO) - fill required fields

2.2 How to Create and Add Policy

Go to the User Flows tab and then click on New User Flow.

Azure AD B2C Shopify (SSO) - New User Flow

Select a User flow type Sign up and Sign in then click on Create button.

Azure AD B2C Shopify (SSO) - Select User Flow type

Fill in all the information e.g. Name, Identity providers, etc. then click on Create button.

Copy the policy name value. This will be required while configuring authorize and token endpoints.

2.3 Add user claims to your application

Go to user flows under policies in the left corner. Select the configured policy.

Azure AD B2C Shopify (SSO) - Configured Policy

Select Application claims in settings.

Azure AD B2C Shopify (SSO) - Application Claims

Select the desired attributes to be displayed on the test configuration and save it.

Azure AD B2C Shopify (SSO) - Select Attributes

Go to Application → Select the application and go to the API Permissions tab.

Azure AD B2C Shopify (SSO) - Api Permissions

Click on the Add permission button, and then Microsoft Graph API -> Delegated Permissions select openid, Profile scope, and click on the Add Permissions button.

Azure AD B2C Shopify (SSO) - Select Scopes

Click on the Grant Consent for Demo button.
Go to the Manifest tab and find groupMembershipClaims change its value to "All" and click on the save button.

Azure AD B2C Single Sign-on (SSO) - Group Membership Claims

2.4 Endpoints

Go to Application Registrations -> Endpoints.
In token and authorization endpoints URl, replace <policy-name> with your configured policy name.

You have successfully configured Azure AD B2C as an OpenID Provider for achieving user authentication with Azure AD B2C Single Sign-On (SSO) login into your Shopify Store.

3. Configure Azure B2C as IDP in Shopify

Navigate back to the miniOrange Single Sign On-SSO application and click on Add identity Provider button.

Azure AD B2C Shopify (SSO) - Go to SSO application

Select OpenId Connect 1.0 protocol.

Azure AD B2C Shopify (SSO) - Select SAML Protocol

From the list of IDPs, select Azure B2C.

Azure AD B2C Shopify (SSO) - Choose Okta IDP

Fill out the following fields by referring the below table.

IDP Display Name	Choose the appropriate Name
Authorize Endpoint	From Step 2.4
Token Endpoint	From Step 2.4
Client ID	From Step 2
Client secret	From Step 2
Scope	openid

Click on Save.

You have completed Shopify side configuration.

4. Test Connection

After saving the IDP configuration, you will be redirected to Test Connection step.
Please perform Test Connection before mapping or fetching attributes, test connection ensures that your IDP configuration is correct.
Click on the Test Connection button.

Azure AD B2C Shopify (SSO) - test Connection

On entering valid Azure B2C account credentials you will see a pop-up window which is shown in the below screen.

Azure AD B2C Shopify (SSO) - SSO Sucess Test Connection

Click on the Fetch Attributes button to fetch IDP attribute.

Azure AD B2C Shopify (SSO) - Fetch Attributes

5. Attribute Mapping (Optional)

Click on the + Attribute Mapping button to map attributes between Shopify and Azure B2C .

Azure AD B2C Shopify (SSO) - Add Attribute

Map the attributes by refering the table below:

Azure AD B2C Shopify (SSO) - Map Attributes

Attribute Name in Shopify	Choose the attribute from the list of predefined attributes
Attribute Type	IDP Attribute
Attribute Value	Select the attribute value you have fetched from your IDP

Click on Save.

Azure AD B2C Shopify (SSO) - Save Attribute Mapping

Navigate to the application home page. Go to More actions against the IDP you have configured and click on Make Default button to make the IDP default.

Azure AD B2C Shopify (SSO) - Make application Default

6. Testing Single Sign-On (SSO) for your Shopify Store

Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
Click on the login button you customized earlier.

Azure AD B2C Shopify (SSO) - click on login button

You’ll be redirected to the login page of the IDP you configured in previous step. Log in with your IDP account credentials.
You’ll be successfully logged in to your Shopify store.

Hence you have successfully configured Shopify Single Sign-On (SSO) using miniOrange as IDP and Shopify as SP using miniOrange Single Sign-On (SSO) login application. This solution ensures that you are ready to roll out secure access to your Shopify store using miniOrange login credentials within minutes.

I have followed the steps to set IdP but where can I check SSO?

Follow the steps outlined here. to configure SSO in Shopify with your preferred IDP.

I installed the Shopify SSO application. I clicked on the “SETUP IDP” option but nothing opened up.

Redirection to any other site might be blocked in the browser. Please follow the steps given here to resolve the issue.

When I try to perform SSO, I get redirected to the “Incorrect App Configuration” page and then after subsequent attempts, I get redirected to https://store.xecurify.com/moas/login page.

You might be trying to perform SSO in the different tab of the same browser where you have opened our Single Sign-On – SSO Application or accessed the configuration portal of our application. In this case, SSO will be restricted due to security reasons.
Try to perform Single Sign On in a new incognito/private window or in a different browser in order to make SSO work.