A B2B store owner needs to restrict login access to pre-approved retailers only. However, Shopify’s new customer accounts system automatically creates accounts for any email address that attempts to log in, even without prior approval or registration.
Native Solutions:
Shopify Plus users can enable “Restrict access to B2B customers only” in Online Store > Preferences, requiring manual assignment of customers to company records before login
This setting is the closest native option but requires a Plus subscription
Workaround Approaches:
Use apps like Locksmith (access control) + Customer Fields (approval forms) to restrict access based on customer tags
Implement custom Liquid code that checks for approval tags on login and redirects unapproved users to an authorization page
Deploy Single Sign-On (SSO) with an external identity provider to control account creation and authentication entirely
Current Limitation:
Shopify’s new customer accounts system does not natively separate “login” from “registration” or prevent automatic account creation. The discussion remains open with community members sharing tag-based restriction implementations as the primary solution for non-Plus merchants.
Summarized with AI on October 24.
AI used: claude-sonnet-4-5-20250929.
We have a B2B store meant for our existing retailers.
The store offers discount pricing our resellers, but each potential customer must be approved and under contract before they can make a purchase.
The Shopify B2B / ‘New Customer accounts’ login experiences asks them to enter an email address, to which a 6 digit code is sent and they must enter that code to ‘log in’ to the store.
The issue is that even if that email address does not have an existing customer account, Shopify will send the code and allow them to log in with it. It even creates a new customer account in the store for them. And that account, since it never went through a ‘create account’ form or process, has no information other than email address.
We need the login process to verify that they are a customer, not let them in regardless.
Is this a configuration issue that we are missing? How do we require a customer account to exist before it can be logged into?
If you are using the new customer accounts system, anyone can submit their email address to login to an account. However there are a couple of methods in which you can protect your site:
If you are on Shopify Plus and using the native B2B features, you can enable Shopify’s setting for “Restrict access to B2B customers only” which can be found in your Shopify admin > Online store > Preferences. With this setting, you will need to manually assign a customer account to a company record before they are able to actually log in and access the site at all.
If you are not using Shopify Plus’ native B2B features or want something a bit different, one possibility would be to use some apps such as Locksmith and Customer Fields. Locksmith is an access control app which allows you to restrict access to the entire site, or things like certain pages or seeing prices, and you can do this based on the customer account having a specific tag. The advantage of this method is that with the Customer Fields app, you can have potential customers submit their own information using a form on your site, and then gives you the option to approve/deny the request and automatically add the tag to their account, giving them access to the site. Using a tag based lock means that even if a user was to log in directly through the new customer accounts system, they would not actually gain access until they get approved through the form.
We certainly can add code that restricts customers based on a tag or other criteria, but my main concern is these shouldn’t be customers.
We shouldn’t have to add extra code or apps to restrict access, when the simple concept of ‘login’ should. But instead of authenticating a customer, its creating new customers.
Is there no way to simply turn off the automatic creating of customers? To separate ‘login’ from ‘registration’?
While I personally agree, from what I understand of the way the new customer accounts system works, this is not currently possible natively. The closest native option for this would be the Shopify Plus setting for “Restrict access to B2B customers only”.
I have a similar wholesale setup as you where we need to approve customers. I don’t think there is any Shopify feature that does what you want but the way we solved it was by adding a tag to each customer that was approved and then a small amount of coding in the theme that checks a) is the customer logged in and b) do they have the tag. If they don’t have the tag then redirect them to a page that explains they need to be authorised. You need to include this code in the template in such a way that it applies to all pages / collections so that if anyone tries to visit any page it will check that they are authorised. Works well for us.
I have a simple store website and need to protect access to wholesale product collection. This sounds like a possible solution for me as well. Was it hard to implement and could it be customizable to a specific collection.
Apply a tag to the customers that you want to grant access, that way if a random customer registers themselves they won’t have the tag until you explicitly add it.
Add some Liquid code to check the customer’s tags and redirect if they don’t have the access tag. In our case we created a Snippet called redirects.liquid and then included that it the main template so that all pages are restricted but you could selectively include it only in certain pages / collections.
Greetings from the miniOrange team! As per my understanding, you are looking to control access for B2B customers on your Shopify store, ensuring that only pre-approved retailers can log in and preventing automatic creation of new accounts during login.
To help you achieve this, we recommend implementing Single Sign-On (SSO) with an external identity provider. With our SSO setup, you can ensure that:
Only registered B2B companies or approved retailers exist in your user directory.
Accounts are created only when a company is registered and approved (no auto-generated customer records).
You can have a separate registration form/process for companies to request access, so you can collect all the details you need for vetting before approving their login.
Once approved, users can log in directly to your Shopify store using their verified credentials, and you maintain full control over who gets access.
If you also want to make sure that unapproved visitors can’t see pricing or store content, you can pair this with a content restriction layer (something like LockOn) to hide the storefront or limit visibility until the user’s account is authenticated and approved.