Search Results :

×

Contents

Single Sign-On in Shopify Store Using Active Directory as Identity Provider

Active Directory Single Sign On (SSO) for your Shopify store miniOrange provides a ready to use solution for your Shopify store. This solution ensures that you are ready to roll out secure access to your Shopify Store using Active Directory within minutes.

Pre-requisite : Single Sign On - SSO Login Application

To configure SSO into Shopify with Active Directory, you will need to install the miniOrange Shopify Single Sign On - SSO Login Application on your store

Shopify Active Directory (AD/LDAP) Integration

Shopify Single Sign-On (SSO)

By miniOrange

miniOrange Provides Secure Single Sign-On (SSO) access to your Shopify Stores(both plus and Non plus Stores).

Get this application

Step by Step guide for Single Sign-On in Shopify Store Using LDAP Active Directory

1. Setup Active Directory in Shopify

Go to your Shopify store, click on the Apps tab and select the Single Sign On - SSO Login application.

shopify app section - single sign on application

Click on the Setup IDP button in the top left in the navigation bar.

Single Sign-On (SSO)for Shopify (Plus and Non Plus), Configure IDP for enabling Single Sign-On (SSO)

From the left navigation bar select User Stores menu option and click on Add User Store button.

Shopify Active Directory (AD/LDAP) Integration - choose userstore

Navigate to AD/LDAP tab and choose either of the following two options:

STORE LDAP CONFIGURATION IN MINIORANGE: Choose this option if you want to keep your configuration in miniOrange. If active directory is behind a firewall, you will need to open the firewall to allow incoming requests to your AD.
STORE LDAP CONFIGURATION ON PREMISE: Choose this option if you want to keep your configuration in your premise and only allow access to AD inside premises. You will have to download and install miniOrange gateway in your premise.

Now, fill in the required details like .

Directory Type:	Active Directory.
LDAP Server URL:	Select an appropriate prefiller followed by your AD server URL or IP address
Bind Account DN:	UserPrincipalName/distinguishedName of the account eligible for binding operation.
Bind Account Password:	Password for the account used for binding
Search Bases:	Provide distinguished name of the Search Base object Eg:cn=User,dc=domain,dc=com
Search Filter:	Search filters enable you to define search criteria and provide a more efficient and effective searches. Eg: "(&(objectClass=*)(cn=?))"

Select Active Directory from the Directory Drop Down. On basis of your selection all the attributes related to active directory are automatically mapped in the configuration.

Shopify Active Directory (AD/LDAP) Integration active directory/ldap attributes

Go to AD FS-> Domain-> respective Users -> Properties-> Attribute Editor. Now copy the value of distinguishedName and paste it against Bind Account DN.

Shopify Active Directory (AD/LDAP) enter Bind Account DN

Enter the valid password for the user from above step.
Search Base is a user search location. It means where to search for a user.

Shopify Active Directory (AD/LDAP) Integration search base

If you want to add extra conditions on user search you can add it in Search Filter. Select a suitable Search Filter from the Drop-Down. To use custom Search Filter select "Custom Search Filter" option and provide the search filter in the input field that shows up.

Shopify Active Directory (AD/LDAP) Integration search filter

Click on Save. After this, it will show you the list of User stores. Click on Test Configuration to check whether you have enter valid details. For that, it will ask for username and password.

Shopify Active Directory (AD/LDAP) Integration test ldap connection

On Successful connection with LDAP Server, a success message is shown.

Shopify Active Directory (AD/LDAP) Integration ldap connection successful

Click on Test Attribute Mapping.

Shopify Active Directory (AD/LDAP) Integration test ldap

Enter a valid Username. Then, click on Test. Mapped Attributes corresponding to the user are fetched.

Shopify Active Directory (AD/LDAP) Integration test mapped AD/LDAP attributes

2. Testing SSO for your Shopify Store

Go to your Shopify Store login page.(https://<your-shopify-storedomain>/account/login)
Click on the login button you customized earlier.

Shopify Active Directory (AD/LDAP) Integration login button

You’ll be redirected to the login page of the Active Directory you configured in previous step. Log in with your Active Directory account credentials.
You’ll be successfully logged in to your Shopify store.

You have successfully configured Active Directory for your Shopify Store.

Troubleshooting

invalid_request

This may be because your primary domain would be different from your Shopify domain. To check your primary domain and make SSO work, follow the steps given here.

shopify_plan_expired

This issue arises when either the trial period of your Development plan is expired. Or if your plan is not auto-renewed from the Shopify end. Contact us at shopifysupport@xecurify.com to resolve the plan upgrade issue and get smooth functioning of the SSO – Single Sign On Application.

invalid_attributes_received

As email is a required entity in Shopify for account creation as well as login operation, Single Sign On is not successful in this case. To resolve this error, please follow given here.

encountered_an_error

When I am performing SSO, I am getting ‘Please verify if Shopify App is installed’ error. To resolve this error, please follow given here.

If your error or query is not listed here, click here to see others.

Frequently Asked Questions (FAQs)

I have followed the steps to set IdP but where can I check SSO?

Follow the steps outlined here to configure SSO in Shopify with your preferred IDP.

I installed the Shopify SSO application. I clicked on the “SETUP IDP” option but nothing opened up.

Redirection to any other site might be blocked in the browser. Please follow the steps given here to resolve the issue.

When I try to perform SSO, I get redirected to the “Incorrect App Configuration” page and then after subsequent attempts, I get redirected to https://store.xecurify.com/moas/login page.

You might be trying to perform SSO in the different tab of the same browser where you have opened our Single Sign-On – SSO Application or accessed the configuration portal of our application. In this case, SSO will be restricted due to security reasons.
Try to perform Single Sign On in a new incognito/private window or in a different browser in order to make SSO work.

After performing SSO, I want my customers to redirect to the collections or discount offer page.

Follow the steps outlined here to redirect your customer to collections/cart or any other page.

How do I enable the SSO application’s auto redirect to IDP feature on my Shopify store?

You must upgrade to the SSO application’s Enterprise plan to enable the Auto-Redirect to the IDP feature. Follow the steps outlined here to enable this feature.