Massive Oversight - Account registration/approval form feature missing on B2B login screen

Shopify Plus has confirmed this issue. No workaround we’ve tried resolves the issue.

Need: Activate the “Restrict access to B2B customers only” feature on the B2B so only approved “resellers” can access the site and on the login screen have a login field for existing “approved” resellers and have a “request to be a reseller” link for someone to fill/submit an application to be a reseller (form submitted for manual approval).

The Issue:

If you activate the “Restrict access to B2B customers only” the site redirects to a Shopify hosted login screen with only an e-mail field. This field is only valid for existing/approved customers.

Once the “Restrict access to B2B customers only” feature is off, the store automatically creates new customers for anyone who fills in the e-mail field on the login page.

Work Around’s Don’t Work:

If you go with the “suggested” work around by Shopify support, your store can be accessed by anyone who submits their e-mail in the login field and receives the 6-digit code. While in testing, we already had to unwarranted customers make purchases on our B2B only website.

The Shopify team is HOPING that by turning off the "“Restrict access to B2B customers only” feature and customizing your theme code to hide products or collections, or using an App like Locksmith or BSS: B2B Lock & Hide price, that you can make a custom “home” page that has a link to the login screen and a link to a “new customer registration” form AND that people will follow the rules and not just enter their e-mail in the login screen (which automatically lets them in by creating a new customer account for them).

We created a customized landing page created using the B2B Lock & Hide price App (amazing App) but in the first day of activating this method, we had two unapproved customers enter the B2B Wholesale store and make wholesale purchases because they decided to click on the “login” link instead of register to be new “resellers” and wait for approval.

Now we’re facing a 5/1 deadline with no way to 100% prevent unregistered accounts from entering our B2B only site.

If we activate the “Restrict access to B2B customers only” feature to keep our B2B site actually safe from anyone creating an account then we’d have to host a “Reseller Approval Application” on our B2C site and manually create new profiles over on the B2B site. A tedious task when you have 10-20 new applications a day.

Would love feedback if anyone has completely solved this while Shopify “works” on a fix.

Hey @jakexo !

Our recommendation for accomplishing this is close to what you’ve already tried with the B2B Lock & Hide app, with one adjustment: set your locks to be based specifically on a customer account having a certain tag rather than on just being logged in. I’m not personally familiar with B2B Lock & Hide, but I know this is something that can be accomplished in Locksmith and I expect Lock & Hide to have the same feature.

Using this method means that even if a customer just logged into the site by entering their email, they wont actually gain access since their account will not have the required tag.

I am not sure if the form/approval system you are using has a way to automatically apply a tag when you approve an account, but a couple of potential options for this would be using the Helium Customer Fields account approval and auto tag features, using Shopify Flow to automatically apply the tag with a certain trigger, or to manually add the tag when approving a customer.

Brett!

You’re a rock star! I’ve been deep into several searches on this topic for the past month and one of your earlier replies to a similar post mentioned Locksmith which sent me down a path of circumventing the “Restrict B2B Access” setting and setting up a custom page.

Fast forward, the company already had Helium installed and ready to go. We locked down (Restrict Access feature in Online Store > Preferences) the site and realized there was no way to promote the Helium form. We took this feature off, I tried Locksmith but did not like it as much as BSS’s “B2B Hide & Lock” App, setup a great landing page with login and registration form, thought we were all set and then woke up the next morning to two orders from unauthorized customers on our B2B only store. We found the failure. When the built in “Restrict B2B access” feature is off, anyone can create an account and login. More about this real issue of this flaw below.

I got on with to a “Ask The Experts” conference call with Shopify team this morning and they suggest nearly the same solution, a little different but splitting hairs, BUT there’s still one core problem - lack of forced customer account creation approval for new or potential reseller accounts.

In all these scenarios there still has to be a login screen for existing “actual” Reseller customers somewhere. When you do find this screen, you enter your e-mail, you get sent a 6-digit code and then can return to the B2B store, enter the code and login. If you are an existing customer, associated to a Company, associated to a Catalog, you’re set.

If you are not an existing customer, the e-mail field to 6-digit code to entering the site automatically creates a new Customer profile, oops. While you can set your site to not show any content to a “customer” not associated with a Company or Catalog, you now have a user in your system you did not approve and can see no details about approving beyond an e-mail address. You can wake up on any given day to X amount of new “customers” in your store and have no clue who they are. On our first day there were two instances of this by lunch. I had to cut this off.

We created a new landing with a HUGE notice about “existing” resellers login in here AND reseller applicants FILL OUT THE FORM BELOW (a Helium Form). Guess what these two did… (hint: skipped the form and just tried to login in and got in). The caveat - once that “Restrict B2B access” setting is turned off, anyone can create a customer account, Shopify does it for them!

Sure, you can go in each morning, delete these accounts and move on. But two things happen:

1. These folks now are confused, think they logged in correctly, can’t shop and then reach out to customer support. This causes new customer support tickets which take time to address and explain “they did things wrong.”
2. Real resellers “miss the instructions” - login and then our reseller team does not recognize the e-mail and just deletes the “self-created” account because they did not go through the Approval Form process.

Shopify is just HOPING people are smart enough to:
• Completely customize the B2B store with several apps and multiple theme pages (Default and B2B)
• Have potential resellers follow instructions

Not having a “register for a new account” option on the “Restrict B2B Access” activated login screen was a huge oversight that they are now working on but have a very rough “Q2/Q3” timeline on.

Hey @jakexo !

I totally agree that this is a bit hacky and definitely more of a workaround than a true solution. I know our team has put some thought into potential ways our app may be able to help with this, but with the current state of Shopify’s “new customer accounts” system and what they allow, we haven’t come up with any better solutions.

Although it sounds like it’s a bit out still, I am at least glad to hear that Shopify is aware of this and working on providing a better option. In the meantime the only further recommendation I can think of for your situation would be to maybe set up an automation in Shopify Flow to automatically delete accounts that are created without approval, maybe based on them not having a certain tag or some other attribute. This doesn’t necessarily solve the customer experience side of it, but there’s only so much you can do if they don’t read and follow the prominent instructions, and this might at least help cut down on some of the administrative burden.