Hello there!

Need Help? We are right here!

miniOrange Email Support

Thanks for your Enquiry.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:


Single Sign-On (SSO) for BigCommerce Using Okta Credentials

BigCommerce Partner logo

Okta Single Sign-On (SSO) login for BigCommerce Store can be achieved by integrating miniOrange as Service Provider & Okta as SAML IDP (Identity Provider). Users can seamlessly access their BigCommerce Store along with other cloud apps/websites using existing Okta credentials. This allows organizations to securely access their BigCommerce Store and easily manage user access without migrating the users from the existing system. One-stop solution for - Centralized Management & Storage of customer data, Store to Store sync, Order status notification, Social login —> for your BigCommerce Store.

With BigCommerce SSO & CIAM features, you can:

  • Enable your users to automatically log into BigCommerce.
  • Provide extra layer of security on your BigCommerce store with 2-Factor Authentication (OTP over SMS/Email).
  • Connect easily with any external identity source like Azure AD, Okta, AWS Cognito, OKTA, etc.

Verified Technology Partner of BigCommerce

SSO + MFA Support for any BigCommerce Plan (Standard, Plus, Pro, Enterprise)

Get Free Installation Help

miniOrange offers free help through a consultation call with our System Engineers to Install or Setup BigCommerce SSO solution in your environment with 30-day free trial.

For this, you need to just send us an email at idpsupport@xecurify.com to book a slot and we'll help you in no time.

Checkout Pricing

Video Setup Guide

Connect with External Source of Users

miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.


  • Log into miniOrange Admin Console.
  • Click on Customization in the left menu of the dashboard.
  • In Basic Settings, set your company domain in Organization Name textfield.
  • Click Save. Once that is set, the branded login URL would be of the format https://<company_domain>.xecurify.com/moas/login
  • 2FA Two-Factor authentication for BigCommerce : setting up branding

Follow the Step-by-Step Guide given below for BigCommerce Single Sign-On (SSO)

1. Configure miniOrange as Service Provider (SP) in Okta

  • Log in to Okta.
  • Note: Switch to Classic UI from Okta Developer Console, by selecting the Admin from the upper right corner then Developer Console > Classic UI

  • In Okta Developer site, navigate to Applications > Create App Integration or use following URL https://okta-domain-name/admin/apps/add-app
  • Okta Single Sign On SSO okta applications

    Okta Single Sign On SSO add app

  • Select SAML 2.0 & click on Create
  • Okta Single Sign On SSO okta SAML 2.0

  • Write any appropriate App name then click Next.
  • Okta Single Sign On SSO app name

    Okta Single Sign On SSO saml settings

  • For the above SAML configuration you need to get the Entity ID and ACS URL from miniOrange
  • Go to miniOrange Dashboard in the left navigation menu. Click on Add External IdP.
  • okta sso add external IDP
  • Now click on the Click here link to get miniOrange metadata as shown in Screen below.
  • okt sso get miniorange metadata

  • For SP -INITIATED SSO section Select Show Metadata Details.
  • okta sso SP initiated Metadata

  • Enter the values in basic SAML configuration as shown in below screen
  • Single sign on URL ACS URL
    Audience URI (SP Entity ID) Entity ID or Issuer

    For SLO configuration (optional)
    • For SLO configuration in okta go to the Configure SAML page , click Show Advanced Settings.
    • Okta Single Sign On SSO assign people in app

    • Enter the values in Okta based on the table below. All the values mentioned can be picked up from the Metadata section in the miniOrange dashboard. Refer to the the previous step on how to get to that page.
    • Encryption Certificate This is optional
      Enable Single Logout Enable the check box to Allow application to initiate Single Logout
      Single Logout URL Single Logout URL as mentioned in the Metadata Section
      SP Issuer Entity ID or Issuer as mentioned in the Metadata Section
      Signature Certificate X.509 Certificate can be downloaded from the Metadata Section

    • Click Next.

  • Add Attribute Statement & Group Attribute Statement if required & click on Next.
  • Select Okta Configuration type & click on finish.
  • Navigate to Assignment tab from Okta. Click on Assign & select Assign to People. Select the user from the popup & click on Done. You can also assign groups if required.
  • Okta Single Sign On SSO Assignment

    Okta Single Sign On SSO assign people in app

2. Configure Okta as Identity Provider (IDP) in miniOrange

  • Go to miniOrange Admin Console .
  • From the left navigation bar select Identity Provider.
  • Click on Add Identity Provider button.

  • Select SAML. Click on Import IDP metadata.
  • Import IDP metadata

  • Enter Okta as IDP name and and browse for the file downloaded in step 1. Click on Import.
  • If you don't have metadata file, you can also provide the details manually. You need to configure following endpoints:
  • IDP Entity ID Entity ID of IDP
    Single Login URL Login Url from IDP
    Single Logout URL Logout Url from IDP
    X.509 Certificate The public key certificate of your Keycloak server.
  • Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:
  • Domain Mapping Can be used to redirect specific domain user to specific IDP
    Show IdP to Users Enable this if you want to show this IDP to all users during Login
    Send Configured Attributes Enabling this would allow you to add attributes to be sent from IDP
  • Click on Save.
  • You have successfully configured Okta as SAML IDP (Identity Provider) for achieving OKTA Single Sign-On (SSO) Login.
  • Navigate back to View Identity Providers page.
  • Click on select against the configured IDP and select Make Default.
  • BigCommerce - Select Make Default

3. Test Okta IDP Connection

  • Go to Identity Providers tab.
  • Click on Select>>Test Connection option against the Okta Identity Provider you configured.
  • Test Okta IDP Connection for SSO login

  • On entering valid OKTA credentials, you will see a pop-up window, which is shown in the below screen.
  • Test Okta IDP Connection for SSO login

  • You will see Test Successful pop-up window as shown in the below screenshot.
  • Okta IDP connection success

  • Hence your configuration of Okta as IDP in miniOrange is successfully completed.

4. Create your application in miniOrange

4.1. Create BigCommerce API

  • Log in to BigCommerce Admin Panel.
  • Go to the Settings from the menu, scroll down and select API Accounts.
  • BigCommerce Single Sign-On (SSO): API account

  • Click on Create API Account and choose Create V2/V3 API Token option from the menu shown.
  • Add a suitable name for your API account.
  • API Path will be used as the store_hash value when we configure BigCommerce in miniOrange which will require in step2.
  • BigCommerce Single Sign-On (SSO): API Path

  • Enable the Customers option as Modify and Customers Login option as login. Keep rest of the settings as it is.
  • Click on Save.
  • BigCommerce Single Sign-On (SSO): API Configuration

  • Download the API credentials file. It contains the API token, Client ID and Client Secret.
  • BigCommerce Single Sign-On (SSO): API Credential Download

4.2. Configure BigCommerce in miniOrange

  • Login into miniOrange Admin Console.
  • Go to Apps Click on Add Application button.
  • BigCommerce Single Sign-On (SSO) add app

  • In Choose Application Type click on Create App button in JWT application type.
  • BigCommerce Single Sign-On (SSO) choose JWT as app type

  • In the next step, search for BigCommerce application from the list and click on it.
  • BigCommerce Single Sign-On (SSO): Select BigCommerce Application

  • Enter the following values in the respective fields.
    1. Custom Application Name [Required] : BigCommerce (According to your choice)
    2. Description : According to your choice
    3. Redirect-URL [Required] : Storefront URL, e.g. https://{{my-store}}.mybigcommerce.com/login/token/
    4. Logout-URL : https://{{my-store}}.mybigcommerce.com
    5. Force Authentication : Enable if you want user to authenticate even if the user has a session
    6. Primary IDP : The identity source against which user will be authenticated
    7. User Mapping : Enable if you are sending the logged-in user from this app in the response
    BigCommerce Single Sign-On (SSO): add jwt app

    1. Group Name : Default
    2. Policy Name : Add policy name according to your Preference
    3. Login Method : Password
    BigCommerce Single Sign-On (SSO): add jwt app

  • Click on Save.
  • For Attribute Mapping, navigate to Select >> Edit next to your configured application.
  • BigCommerce Single Sign-On (SSO): add jwt app

  • If you are using an external IDP, jump to the below steps to set up external IDP.
  • If you are using miniOrange as an IDP:
    • Enter the Client Id, App Secret and Access Token (which we have downloaded from step 1 during API creation in BigCommerce Console).
    • For Signature Algorithm, select HS-256 from the dropdown menu.
    • Set Subject to E-Mail Address.
    • BigCommerce Single Sign-On (SSO): configure Client ID and Client Secret

    • To map the attributes between the miniOrange IDP and BigCommerce application, click on Attributes + button.
    • The first three attributes will be hard-coded values.
    • Attribute NameAttribute Value
      store_hashYou got in this step.
      redirect_toEndpoint where you wish to redirect the user to after sso. [Homepage or account page e.g. /account.php]

      Attribute Mapping

    • Click on Save.
    • Now, You can access BigCommerce Account Using IDP credentials through the Single-sign-on URL as shown in image above.
  • If you are using an external IDP:
    • Enter the Client Id, App Secret and Access Token (which we have downloaded from step 1 during API creation in BigCommerce Console).
    • For Signature Algorithm, select HS-256 from the dropdown menu.
    • Set Subject to E-Mail Address.
    • BigCommerce Single Sign-On (SSO): configure Client ID and Client Secret

    • You need to map the following attributes coming in from the idp by choosing the external IDP option.
    • Attribute Mapping

    • Click on Save.
    • Now, You can access BigCommerce Account Using IDP credentials through the Single-sign-on URL as shown in image above.
  • Now, You can access BigCommerce Account Using Okta credentials through the Single-sign-on URL as shown in image above.

Frequently Asked Questions

Yes, we support SSO into BigCommerce using Azure AD , Okta and Office 365 credentials.

If the user does not exist in your bigcommerce store, our SSO solution will automatically create the user on bigcommerce and perform a seamless login.

Yes, we support social login providers such as google, facebook, twitter and many more. You can set up your Social login app by following the guide here : https://www.miniorange.com/iam/login-with-external-idp/

Want To Schedule A Demo?

Request a Demo

Our Other Identity & Access Management Products