Shopify

To configure Single Sign-On (SSO) in a Shopify Plus using Auth0 as your Identity Provider (IdP), you will need to configure both the Shopify Plus (the Service Provider or SP) and Auth0. You should perform steps in both the Keycloak admin console and your Shopify SSO Application admin.

Enable end users to log in to your Shopify store using their existing Auth0 credentials, removing the need to create and manage separate store-specific accounts. Transform your Shopify store into a secure swag store by allowing only employees to access it through their Auth0 credentials, ensuring restricted access and enhanced control.

• miniOrange Shopify Single Sign-On (SSO) Application: Link
• Guide to configure SSO between Shopify and Auth0: Link

• Access Shopify Plus SSO Admin.
• Navigate to the Shopify Single Sign-On (SSO) application.
• Set up SAML Configuration: Select the SAML protocol and from the list of IdPs, select Auth0.
• View SAML Configuration Settings: Click on the Get Metadata button and Single sign-on URL (ACS URL), Audience URI (SP Entity ID), Attribute Statements, and Name ID format.

• Log in to your: Auth0 dashboard

• Go to Applications and click "Create Application".
• Give your application a name (e.g., "Shopify Plus").
• Select "Regular Web Application".
• Click "Create".

• Go to the "Addons" tab.
• Enable the "SAML2 Web App" toggle.

• Enter the Application Callback URL using the Shopify Plus ACS URL you copied.
• Enter the Audience using the Shopify Plus SP Entity ID you copied.
• Configure any necessary attribute mappings to send the required first_name, last_name, and email attributes, as Shopify Plus requires these for SAML assertions.

• Go to the "Usage" tab of the SAML2 Web App addon.
• You can download the Identity Provider Metadata XML file.
• Alternatively, you can use the Identity Provider Login URL as the metadata URL in Shopify Plus.

• Return to Shopify Plus Admin: Go back to the Shopify Plus SSO application.
• Provide Auth0 Metadata:If you have the metadata URL, paste it into the "Identity provider metadata URL" field.
• If you downloaded the XML file, upload it to the Files section in your Shopify admin to generate a publicly accessible URL, which you can then use as the metadata URL.

• Test with a Single User: Before broad enforcement, test the integration with one user by setting their SAML authentication to "Required".
• Verify SSO Flow: Click on the Test Connection button. Confirm that the user can successfully log in using their Auth0 credentials. You will see a successful test window.
• Click on the Fetch Attributes button to fetch the IdP attribute. (Set the Name ID format to correct attribute mappings for email.)
• Enforce for all Users (if necessary): Once you're confident with the integration, set the SAML authentication to "Required" for the relevant domain to enforce it for all users within that domain.

• Go to the Connect Store tab and copy the Client ID, Client Secret, Post-Logout Redirect URL, and Discovery Endpoint URL.
• From your Shopify admin, go to Settings > Customer accounts.
• In the Identity provider section, click Manage.
• Click Connect to provider.
• Enter an Identity provider name for your authentication service.
• In the Application info section, fill in the required information such as the Discovery endpoint URL, Client ID, Client secret, Additional Scopes, and Post-logout redirect URI parameter.
• Click on Save.
• Click Test Connection to ensure that your identity provider authentication correctly redirects users to the customer account login page. If you're already logged in to your customer account, you may need to log out and log back in to experience the updated login flow.
• After you test your connection, click Activate.
• After activation, an Active badge will appear next to your identity provider’s name in the Identity Provider section of your Customer Accounts settings.

By following these steps, you can successfully configure SSO in Shopify Plus Store using Auth0, enhancing security and providing a streamlined login experience for your users.