To configure SAML Single Sign-On (SSO) in a Plus Shopify store using Salesforce as Identity Provider, you will need to add the Shopify SSO application to your Shopify Store. miniOrange allows Salesforce to act as an IDP (Identity Provider), which allows users to Single Sign-On (SSO) into Shopify using Salesforce Credentials. You should perform steps in both the Salesforce admin portal and your Shopify SSO Application admin. This includes configuring SAML settings, setting up user attribute mappings, and testing the SSO connection before going live.
Prerequisites:- miniOrange Shopify Single Sign-On (SSO) Application: Link
- Guide to configure SSO between Shopify and Salesforce: Link
- Log in to Salesforce Portal and switch to Lightning mode
- Navigate to Setup > Identity > Identity Provider
- Click "Enable Identity Provider"
- Select or create a certificate for SAML configuration
- Save your changes to enable Salesforce as an IDP
- In Salesforce Setup, navigate to Identity Provider settings
- Ensure SAML is enabled in the configuration
- Select the default certificate and save the settings
- Download the identity provider certificate from Salesforce
- Download the identity provider metadata XML file for Shopify configuration
- Open the Shopify Plus SSO app and click "Add Identity Provider"
- Select the SAML protocol and choose Salesforce from the IDP list
- Enter the Salesforce metadata URL (or upload a metadata XML file) into the Identity provider metadata URL field in Shopify
- Add IDP name and save the configuration
- In Salesforce Setup, navigate to Platform Tools > Apps > App Manager
- Click the "New Connected App" button
- Provide required details: Connected App Name, API Name, and Contact Email
- Under Web App Settings, check the "Enable SAML" checkbox
- Click Save to create the connected app
- Get the Entity ID and ACS URL from your Shopify Plus SSO app metadata section
- In the Connected App, configure SAML settings with the Entity ID and ACS URL from Shopify
- Upload the identity provider certificate downloaded from Salesforce
- Configure SAML Identity Type and SAML Identity Location settings
- Set Request Signing Certificate and Request Signature Method as needed
- Configure the Assertion Decryption Certificate if assertions are encrypted
- Save all SAML configuration changes
- In Salesforce Setup, navigate to Users > Profiles
- Select the desired user profile that should have SSO access
- Under the Connected App Access section, check the box next to your newly created connected app
- Save the profile settings to grant SSO privileges
- In the Shopify Plus SSO app, click the "Test Connection" button
- Log in using your Salesforce administrator credentials to verify the integration
- Confirm successful authentication and fetch user attributes
- Test with individual users before enabling SSO for all users
- Navigate to your Shopify store and test the complete SSO login flow using Salesforce credentials
- Go to the Connect Store tab and copy the Client ID, Client Secret, Post-Logout Redirect URL, and Discovery Endpoint URL
- From your Shopify admin, go to Settings > Customer accounts
- In the Identity provider section, click Manage
- Click Connect to provider
- Enter an Identity provider name for your authentication service
- In the Application info section, fill in the required information such as the Discovery endpoint URL, Client ID, Client secret, Additional Scopes, and Post-logout redirect URI parameter
- Click on Save
- Click Test Connection to ensure that your identity provider authentication correctly redirects users to the customer account login page. If you're already logged in to your customer account, you may need to log out and log back in to experience the updated login flow
- After you test your connection, click Activate
- After activation, an Active badge will appear next to your identity provider's name in the Identity Provider section of your Customer Accounts settings
By following these steps, you can successfully configure SSO in a Shopify Plus store using Salesforce, enhancing security and providing a streamlined login experience for your users.