Shopify

To configure Single Sign-On (SSO) in a Plus Shopify store using Microsoft Entra ID (Azure AD), you will need to add the Shopify SSO application to your Shopify Store. You generally need to perform configuration steps in both the Microsoft Entra admin center and your Shopify Plus SSO Application admin, such that end users can access the Shopify Storefront using their Microsoft Entra credentials to purchase products on the store.

• miniOrange Shopify Single Sign-On (SSO) Application: Link
• Guide to configure SSO between Shopify Plus and Microsoft Entra ID: Link

Add Shopify Plus SSO application:

• Log in to your Microsoft Entra Azure AD Portal and select Microsoft Entra ID.
• Navigate to Add >> Enterprise Application and click on Create your own Application.
• Enter the name (Shopify Plus SSO enterprise application) of your app, then select the Non-gallery application section and click on the Create button.

Configure Microsoft Entra SSO:

• Click on Setup Single Sign-On and then select the SAML tab.
• Edit the Basic SAML Configuration settings (e.g., set the Name ID format to Persistent and ensure correct attribute mappings for email). Provide the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) that you will get from the Shopify Plus SSO application.
• Copy the App Federation Metadata URL from the SAML Signing Certificate section for later use in Shopify Plus.

Assign users and groups to your SAML application:

• Click on Users and Groups and assign the users/groups to the application.
• After clicking on Add User, select Users and Groups in the Add Assignment screen.
• Assign a role to this user under the Select Role section.

• Log in to your Shopify Plus organization admin and navigate to the Shopify Single Sign-On (SSO) application.
• Select the SAML protocol and from the list of IdPs, select Entra ID (Azure AD).
• Click on the Import IdP Metadata button. Paste the App Federation Metadata URL copied from Microsoft Entra ID into the Identity Provider metadata URL field (Metadata Link field)
• Add the IdP Name and click on Save.

• Create a test user in Microsoft Entra ID and assign them to the Shopify Plus SSO application.
• Click on the Test Connection button. Try to log in using the test user credentials. You will see a successful test window.
• Click on the Fetch Attributes button to fetch the IdP attribute. (Set the Name ID format to correct attribute mappings for email).

• Go to the Connect Store tab and copy the Client ID, Client Secret, Post-Logout Redirect URL, and Discovery Endpoint URL.
• From your Shopify admin, go to Settings > Customer accounts.
• In the Identity provider section, click Manage.
• Click Connect to provider.
• Enter an Identity provider name for your authentication service.
• In the Application info section, fill in the required information such as Discovery endpoint URL, Client ID, Client secret, Additional Scopes, Post-logout redirect URI parameter. Click on Save.
• Click Test Connection to ensure that your identity provider authentication correctly redirects users to the customer account login page. If you're already logged in to your customer account, you may need to log out and log back in to experience the updated login flow.
• After you test your connection, click Activate.
• After activation, an Active badge will appear next to your identity provider’s name in the Identity Provider section of your Customer Accounts settings.

By following these steps, you can successfully configure SSO in Shopify Plus using Microsoft Entra ID, enhancing security and providing a streamlined login experience for your users.