Pre-requisite : Single Sign On - SSO Login Application

To configure SSO into Shopify with Azure B2C as IDP, you will need to install the miniOrange Shopify Single Sign On - SSO Login Application on your store:

Step by Step guide for Single Sign-On in Shopify Store Using Azure B2C

1.  Setup Azure B2C as OAuth Provider

• Sign in to Azure portal.
• Go to Home and in the Azure services, select Azure B2C.

• Please make sure you are in the Azure AD B2C directory with an active subscription and if not, you can switch to the correct directory.

• Now, click on App registrations and then click on the New registration option to create a new Azure B2C application.

• Configure the following options to create a new application.
• Enter a name for your application under the Name text field.
• In supported account types, select 3rd option ‘Accounts in any identity provider or organizational directory (for authenticating users with user flows)’.
• Go to your Shopify store, click on the Apps tab and select the Single Sign On - SSO Login application.
• Click on the Setup IDP button in the top left in the navigation bar.

• From the left navigation bar select Configure SSO and click on Add Identity provider button.

• You can find the OAuth callback URL in the OAuth 2.0 section.

• Click on the Register button to create your application.

• After successful application creation, you will be redirected to the newly created application’s overview page. If not, you can go to the app registrations and search the name of your application and you will find your application in the list.

• Copy your Application ID and save it under your Client ID textbox in your Shopify Single Sign-On (SSO) Login application.

• For the Azure B2C tenant, copy the domain name under Essentials in the home page and save it. We will require it later.

• Then click on Certificates and secrets and then click on New client secret to generate a client secret. Enter a description and click on the Add button.

• Copy the secret value from certificates & secrets page and store it as a Client secret in your Shopify Single Sign-On (SSO) Login application.

1.1  Add Users in your B2C application

• In home page, go to the Users tab in the left corner.

• Click on New user in the users page.

• Select Create Azure AD B2C user. Then, click on Email from sign in method and set your password and click create to save the user details to perform test configuration.

1.2  How to create & add Policy

• Go to User Flows tab and then click on New user flow.

• Select a User flow type Sign up and Sign in then click on Create button.

• Fill all the information e.g. Name, Identity providers, etc. then click on Create button.

• Copy the policy name value. This will be required while configuring authorize and token endpoints.

1.3  Add user claims to your application

• Go to user flows under policies in the left corner. Select the configured policy.

• Select Application claims in settings.

• Select the desired attributes to be displayed on the test configuration and save it.


• Go to Application → Select the application and go to the API Permissions tab.

• Click on the Add permission button, and then Microsoft Graph API -> Delegated Permissions and select openid, Profile scope and click on the Add Permissions button.

• Click on the Grant consent for Demo button.
• Go to Manifest tab and find groupMembershipClaims and changes it’s value to "All" and click on the save button.

1.4  Endpoints

• Go to Application registrations -> Endpoints.
  
  
• In token and authorization endpoints URl, replace <policy-name> with your configured policy name.
You have successfully configured Azure AD B2C as OAuth Provider for achieving user authentication with Azure AD B2C Single Sign-On (SSO) login into your Shopify Store.

2.  Configure Azure B2C as OAuth 2.0 Provider in Shopify.

• Again, go to your Shopify store, click on the Apps tab and select the Single Sign On - SSO Login application.

• Click on the Setup IDP button in the top left in the navigation bar.

• From the left navigation bar select Configure SSO and click on Add Identity provider button.

• Select OAuth 2.0 and refer below table to fill in the required details like Client ID, Client Secret, Endpoints, and Scope.


• Enter the following values.
  

  App Name	Azure B2C
  App Display Name	Choose appropriate Name
  OAuth Authorize Endpoint	From step 1.4
  OAuth Access Token Endpoint	From step 1.4
  Client ID	From step 1
  Client secret	From step 1
  Scope	openid

You have successfully completed Shopiy side congiration.

3.   Testing SSO for your Shopify Store

• Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
• Click on the login button you customized earlier.

• You’ll be redirected to the login page of the IDP you configured in previous step. Log in with your IDP account credentials.
• You’ll be successfully logged in to your Shopify store.

In this Guide, you have successfully configured Azure AD B2C Single Sign-On (SSO) by configuring Azure AD B2C as OAuth Provider and Shopify as OAuth Client using our Shopify Single Sign-On - SSO Login App. This solution ensures that you are ready to roll out secure access to your Shopify Store using Azure AD B2C login credentials within minutes.