• Home
• App Integrations
• BigCommerce Auth0 Single Sign-On

Auth0 Single Sign-On (SSO) login for BigCommerce Store can be achieved by integrating miniOrange as Service Provider & Auth0 as SAML IDP (Identity Provider). Users can seamlessly access their BigCommerce Store along with other cloud apps/websites using existing Auth0 credentials. This allows organizations to securely access their BigCommerce Store and easily manage user access without migrating the users from the existing system. One-stop solution for - Centralized Management & Storage of customer data, Store to Store sync, Order status notification, Social login —> for your BigCommerce Store.

With BigCommerce SSO & CIAM features, you can:

• Enable your users to automatically log into BigCommerce.
• Provide extra layer of security on your BigCommerce store with 2-Factor Authentication (OTP over SMS/Email).
• Connect easily with any external identity source like Azure AD, Auth0, AWS Cognito, OKTA, etc.

Verified Technology Partner of BigCommerce

SSO + MFA Support for any BigCommerce Plan (Standard, Plus, Pro, Enterprise)

Follow the step-by-step guide given below for BigCommerce Single Sign-On (SSO)

1. Configure miniOrange as Service Provider (SP) in Auth0

• Log in to your Auth0 SSO Application Dashboard.
• Click on Applications >> Applications.



• Click on Create Application.



• A new window will pop-up. Enter a name for the application and select Regular Web App. Click on the CREATE button.



• Select the Addons tab. Switch the toggle to enable SAML2 WEB APP.



• A Configuration window will open. Enter Application Callback URL.



• Go to miniOrange, select Identity Providers, and choose SAML. Click on "Click Here" to view the metadata.



• Then, click on Show Metadata Details, where you will find the ACS URL. Copy this URL and paste it in place of the Application Callback URL in the SAML configuration.
  For example: ACS URL (For SP-InitiatedSSO): https://xyz.xecurify.com/moas/broker/login/saml/acs/362244
• Single Logout URL
  https://xyz.xecurify.com/moas/broker/login/saml_logout/362244/
• Entity ID or Issuer:
  https://login.xecurify.com/moas



• Scroll down and click on the Save button.
• Go to the Usage tab and click on the Identity Provider Metadata download link. It will download the metadata XML file, which you'll need for setting up the SAML plugin.

2. Configure Auth0 as Identity Provider (IDP) in miniOrange

• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Providers.
• Click on Add Identity Provider button.



• Select SAML from the dropdown, search for SAML Provider, and click on it. Click on Import IDP Metadata.



• Enter Auth0 as IDP name and browse for the file downloaded in step 1. Click on Import.
• If you don't have a metadata file, you can also provide the details manually. You need to configure following endpoints:

  IDP Entity ID	Entity ID of IDP
  Single Login URL	Login Url from IDP
  Single Logout URL	Logout Url from IDP
  X.509 Certificate	The public key certificate of your IDP.




• Few other optional features that can be added to the Identity Provider (IDP) are listed in the table below:

  Domain Mapping	Can be used to redirect specific domain user to specific IDP
  Show IdP to Users	Enable this if you want to show this IDP to all users during Login
  Send Configured Attributes	Enabling this would allow you to add attributes to be sent from IDP




• Click on Save.
• In the External Identity Providers, search for the configured IDP.
• Click the three dots in the Actions menu, and select Attribute Mapping for the Identity Provider (IDP) you configured.



• To map the attributes, click on + next to Attribute Mapping and enter the following attributes.

  email	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  first_name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  last_name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname




• Click on Save.
• Navigate back to the External Identity Providers page.
• Click the three dots in the Actions menu for the configured IDP and select Make Default.

Click on Save.

In the External Identity Providers, search for the configured IDP.

Click the three dots in the Actions menu, and select Attribute Mapping for the Identity Provider (IDP) you configured.

To map the attributes, click on + next to Attribute Mapping and enter the following attributes.

email	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
first_name	http://schemas.auth0.com/nickname
last_name	http://schemas.auth0.com/nickname

Click on Save.

Navigate back to the External Identity Providers page.

Click the three dots in the Actions menu for the configured IDP and select Make Default.

3. Test Auth0 IDP Connection

• Go to Identity Providers tab.
• Click the three dots in the Actions menu for configured IDP and select Test Connection.



• On entering valid IDP credentials, you will see the Test Successful pop-up window as shown in the below screenshot.



• Hence, your configuration of Auth0 as IDP in miniOrange is successfully completed.

4. Create your application in miniOrange

4.1. Create BigCommerce API

4.1. Create BigCommerce API

• Log in to BigCommerce Admin Panel.
• Go to Settings >> API >> Store-level API Accounts.



• Click Create API Account and choose the token type as V2/V3 API Token.
• Add a suitable name for your API account.

  Note: In BigCommerce, the API Path is the base URL that your application or integration uses to connect to your store’s data through BigCommerce APIs. The Store Hash is a unique identifier automatically generated by BigCommerce for each store. It appears in the API Path.

• Copy the highlighted Store Hash from the API Path.



• Enable the Customers option as Modify and Customers Login option as login. Keep rest of the settings as it is.
• Click on Save. Download the API credentials file. It contains the Access token, Client ID and Client Secret.

4.2. Configure BigCommerce in miniOrange

4.2. Configure BigCommerce in miniOrange

• Login into miniOrange Admin Console.
• Go to Apps click on Add Application button.



• In the Choose Application section, open the dropdown list of All Apps and select JWT.



• In the next step, search for BigCommerce application from the list and click on it.



• Enter the following values in the respective fields.



• Enter the Client ID, Client secret and Access token which we have downloaded from step 1 during API creation in BigCommerce Console.

  Display Name [Required]	BigCommerce (According to your choice)
  Redirect-URL [Required]	Storefront URL, e.g. https://{{my-store}}.mybigcommerce.com/login/token/
  Client ID	Copy from the downloaded file in Step 1
  Client Secret	Copy from the downloaded file in Step 1
  Access Token	Copy from the downloaded file in Step 1
  Description	According to your choice

  Note: Your Redirect URL should be: <Storefront URL>/login/token/
  For Example: https://mystore.mybigcommerce.com/login/token/

• To find your Storefront URL: Go to Channels >> Storefronts. Copy the URL listed for your store.



• Now next move to Advanced tab.




Subject	E-Mail Address.
Signature Algorithm	HS-256
Logout URL	https://{{my-store}}.mybigcommerce.com/login.php?action=logout

• Click Next to go to the Login Options tab.




Primary Identity Provider	The identity source against which user will be authenticated
Force Authentication	Enable if you want user to authenticate even if the user has a session
Enable User Mapping	Enable if you are sending the logged-in user from this app in the response

• Go to Policies tab and click on Add Policy button.



• A dialog box will open enter the following details:

  Group Name	Default
  Policy Name	Add policy name according to your Preference
  First Factor	Password




• Click Submit to add a policy.
• To perform Attribute Mapping and add new attributes, navigate to the Attributes tab and click on the + Add Attribute.
• The first three attributes will be hard-coded values

  Attribute Name	Attribute Value
  store_hash	Refer to Step 4 above.
  redirect_to	Endpoint where you wish to redirect the user to after sso. [Homepage or account page e.g. /account.php]
  operation	Customer_login

• If you are using miniOrange as an IDP



• Click on Save.
• Go to Endpoints tab.
• Now, you can access BigCommerce Account using IDP credentials through the Single-sign-on URL as shown in image below.



• If you are using an external IDP, You need to map the following attributes coming in from the IDP by choosing the external IDP option.



• Click Save.
• Switch to Endpoints tab.



• Now, you can access BigCommerce Account using IDP credentials through Single-sign-on URL as shown in image above.

5. Adding Custom Attributes from Auth0 to BigCommerce (Optional)

• Navigate to Auth0 Actions.
• Log in to your Auth0 Dashboard.
• Go to Actions in the sidebar menu. Choose the Triggers.



• Click on Post Login section.



• Then go to Add action and click on create action and give a name.



• Write Custom Action Code.





• Click on Deploy on the top right corner and click on back to Triggers.



• Now in the Add action section, you will see the current action you created.



• Choose the action, then drag it into the main flow between Login and Complete.
• Click Apply at the top-right of the Flow Editor.



• Go to User Management >> Users.



• Select user and go to Metadata tab.



• Then under user_metadata, add custom attribute and click on Save.





miniOrange Attribute Mapping Steps:

• Navigate to the Identity Providers tab on the left-hand menu.
• Select the Configured IDPs sub-tab.
• Find your IdP (e.g., Auth0) and click Configure Attribute Mapping under the Actions column.
• Add a new mapping.
• Click Save to apply the changes.



• To confirm the Identity Provider (IdP) is correctly configured and attributes are being passed:
  • Find your configured Auth0 Identity Provider in the miniOrange dashboard.
  • Click the three-dot Actions menu next to the IdP.
  • Choose the Test Connection option.
  • Enter your valid Auth0 credentials when prompted.
  • A Test Successful pop-up window will confirm the connection and attribute mapping are working correctly.
  
  
  
  • Go to the Apps section in your miniOrange Admin Console.
  • Select the application you have configured for BigCommerce.
  • Navigate to the Attribute settings.
  • Here You need to map the attribute coming in from the idp by choosing the external IDP option.
  • Save the changes.
  
  
  
  • Go to Endpoints tab.
  • Now, You can access BigCommerce Account using IDP credentials through the Single-sign-on URL as shown in the image.
  
  
  
  
  

In the Choose Application section, open the dropdown list of All Apps and select JWT.

In the next step, search for BigCommerce application from the list and click on it.

Enter the following values in the respective fields.

Enter the Client ID, Client secret and Access token which we have downloaded from step 1 during API creation in BigCommerce Console.

Display Name [Required]	BigCommerce (According to your choice)
Redirect-URL [Required]	Storefront URL, e.g. https://{{my-store}}.mybigcommerce.com/login/token/
Client ID	Copy from the downloaded file in Step 1
Client Secret	Copy from the downloaded file in Step 1
Access Token	Copy from the downloaded file in Step 1
Description	According to your choice

Note: Your Redirect URL should be: <Storefront URL>/login/token/
For Example: https://mystore.mybigcommerce.com/login/token/

To find your Storefront URL: Go to Channels >> Storefronts. Copy the URL listed for your store.

Now next move to Advanced tab.

Subject	E-Mail Address.
Signature Algorithm	HS256
Logout URL	Copy the storefront URL as mentioned above and append /login.php?action=logout e.g., https://{{my-store}}.mybigcommerce.com/login.php?action=logout

Click Next to go to the Login Options tab.

Primary Identity Provider	The identity source against which user will be authenticated
Force Authentication	Enable if you want user to authenticate even if the user has a session
Enable User Mapping	Enable if you are sending the logged-in user from this app in the response

Click on the Next button.

To perform Attribute Mapping and add new attributes, navigate to the Attributes tab and click on the + Add Attribute.

The first three attributes will be hard-coded values

Attribute Name	Attribute Type	Attribute Value
store_hash	Custom Attribute Value	Refer to Step 4 above.
redirect_to	Custom Attribute Value	Endpoint where you wish to redirect the user to after sso. [Homepage or account page e.g. /account.php]
operation	Custom Profile Attribute	customer_login
first_name	External Idp Attribute	first_name
last_name	External Idp Attribute	last_name
email	External Idp Attribute	email

Click on Next.

Navigate to Policies tab.

Click on Assign Group button.

On the Assign Group section.

Choose the DEFAULT group.

Click on the Next button.

Assign the policies to the group. Here, you can choose the primary authentication method for users. From the dropdown under First Factor, select Password.

Click on Save.

Go to Endpoints tab.

Now, you can find the SSO URL to authenticate from miniOrange.

SSO URL to authenticate via External IDP

Now, you can access BigCommerce Account using IDP credentials through Single-sign-on URL as shown in image above.

4.3. Syncing Address, Form, and Custom Attribute Fields to BigCommerce (Optional)

5. Adding Custom Attributes from Auth0 to BigCommerce (Optional)

• Navigate to Auth0 Actions.
• Log in to your Auth0 Dashboard.
• Go to Actions in the sidebar menu. Choose the Triggers.



• Click on Post Login section.



• Then go to Add action and click on create action and give a name.



• Write Custom Action Code.





• Click on Deploy on the top right corner and click on back to Triggers.



• Now in the Add action section, you will see the current action you created.



• Choose the action, then drag it into the main flow between Login and Complete.
• Click Apply at the top-right of the Flow Editor.



• Go to User Management >> Users.



• Select user and go to Metadata tab.



• Then under user_metadata, add custom attribute and click on Save.





miniOrange Attribute Mapping Steps:

• Navigate to the Identity Providers tab on the left-hand menu.
• Select the Configured IDPs sub-tab.
• Find your IdP (e.g., Auth0) and click Configure Attribute Mapping under the Actions column.
• Add a new mapping.
• Click Save to apply the changes.



• To confirm the Identity Provider (IdP) is correctly configured and attributes are being passed:
  • Find your configured Auth0 Identity Provider in the miniOrange dashboard.
  • Click the three-dot Actions menu next to the IdP.
  • Choose the Test Connection option.
  • Enter your valid Auth0 credentials when prompted.
  • A Test Successful pop-up window will confirm the connection and attribute mapping are working correctly.
  
  
  
  • Go to the Apps section in your miniOrange Admin Console.
  • Select the application you have configured for BigCommerce.
  • Navigate to the Attribute settings.
  • Here You need to map the attribute coming in from the idp by choosing the external IDP option.
  • Save the changes.
  
  
  
  • Go to Endpoints tab.
  • Now, You can access BigCommerce Account using IDP credentials through the Single-sign-on URL as shown in the image.
  
  
  
  
  

Frequently Asked Questions