How to use SSO like Microsoft Entra for customer login to store

How to use SSO like Microsoft Entra for customer login to store

davekeql
Tourist
7 0 6

Is it possible to use a 3rd party service for Single Sign On to Shopify stores?  

 

Like OAuth or SAML for both classic customer accounts and new customer accounts.

 

I'm not referring to authenticating an app, or users of an organization to Shopify Admin.  I mean for customer account login on the storefront.

 

Context:

 

We have several web and mobile app properties that require users to create an account.  We also have multiple Shopify storefronts, including one B2B (which only uses the new customer accounts system).

 

We want users to be able to use one SSO for all properties, ideally Microsoft Entra ID (formerly known as Azure Active Directory).  

 

It is possible to use Entra for Shopify Admin login.  And I'm aware of Multipass, but that's one way authentication -- we can log users into Shopify, but logging into Shopify wouldn't also log users into our other services.  And Multipass doesn't work with B2B.

 

I'm aware of the miniOrange app, but it uses Multipass and is not the direction we want to go.

 

We'd consider going headless if that made this possible, but unless I misunderstand, headless authentication still requires that Shopify be the identity provider?

 

I read this article:  https://www.shopify.com/partners/blog/introducing-customer-account-api-for-headless-stores

 

And reviewed the customer api:  https://shopify.dev/docs/api/customer

 

But I don't think that would allow using a service like Entra as SSO Provider?

 

Anyone have experience / thoughts / guidance?

Replies 2 (2)

ondrejvelisek
Shopify Partner
1 0 0

hi, 

Im struggling the same. And I came to conclusion that Shopify does not support anything like this. Multipass is not just absurdly expensive but the provided API does not suport Headless Storefronts well.  Which is (from my point of view) weird that such a common feature is not supported by such a big SW as Shopify. 

Anyway. I want to add two other (yet not ideal) solutions I've found.

1/ Somebody have suggested generating users after external IdP login with random passwords and storing those passwords in IdP database. And then log in with them later.
https://community.shopify.com/c/graphql-basics-and/how-can-i-integrate-identity-provider-into-custom... 

2/ There is much cheaper app than mini Orange called "Signonify"
https://apps.shopify.com/signonify 
If I understand it correctly it implements the solution from 1/
Ive tested it and it works. But again. Not for Headless storefronts.

Hope it helps. And I hope somebody will find solution for Headless too.

miniOrange_inc
New Member
12 0 0

Your use case can be achieved using our Single Sign-On Application. Using our application you can allow users and staff members to SSO into, Storefront, e-commerce web applications, Shopify admin, and new customer accounts or B2B accounts using their Microsoft Entra ID credentials. We also provide SSO on both Plus and Non-Plus stores.

 

If you're considering going ahead with a Headless store we do provide the solution on that front as well.

 

I hope this answers your question.