• Home
• App Integrations
• BigCommerce Okta Single Sign-On

Okta Single Sign-On (SSO) login for BigCommerce Store can be achieved by integrating miniOrange as Service Provider & Okta as SAML IDP (Identity Provider). Users can seamlessly access their BigCommerce Store along with other cloud apps/websites using existing Okta credentials. This allows organizations to securely access their BigCommerce Store and easily manage user access without migrating the users from the existing system. One-stop solution for - Centralized Management & Storage of customer data, Store to Store sync, Order status notification, Social login —> for your BigCommerce Store.

With BigCommerce SSO & CIAM features, you can:

• Enable your users to automatically log into BigCommerce.
• Provide extra layer of security on your BigCommerce store with 2-Factor Authentication (OTP over SMS/Email).
• Connect easily with any external identity source like Microsoft Entra ID, NetSuite, Dynamics 365, Google, Salesforce, AWS Cognito, etc.

Verified Technology Partner of BigCommerce

SSO + MFA Support for any BigCommerce Plan (Standard, Plus, Pro, Enterprise)

Follow the Step-by-Step Guide given below for BigCommerce Single Sign-On (SSO)

1. Configure miniOrange as Service Provider (SP) in Okta

• Log in to Okta.

Note: Switch to the Classic UI from the Okta Developer Console by selecting Admin in the upper-right corner, then navigating to Developer Console > Classic UI.



• In the Okta Developer site, navigate to Applications > Create App Integration, or use the following URL: https://okta-domain-name/admin/apps/add-app
• For example: https://trial-4533335-admin.okta.com/admin/apps/active



• Select SAML 2.0 & click on Next.



• In the General Settings section, enter the appropriate App Name and then click Next.



• Within the Configure SAML section, enter the SSO URL and Audience URL obtained from miniOrange.



• To get the above URLs from miniOrange, go to the miniOrange Dashboard and click Identity Providers from the left navigation menu.
• Click on Add Identity Provider button.



• In Choose Identity Provider, select SAML from the dropdown.



• In the search bar, search for Okta and then click on it.



• Now click on the Click here link to get miniOrange metadata as shown in screen below.



• For SP-INITIATED SSO section, select Show Metadata Details.





• Enter the values in basic SAML configuration as shown in below screen

  Single sign-on URL	ACS URL
  Audience URI (SP Entity ID)	Entity ID or Issuer





For SLO configuration (optional)

• For SLO configuration in Okta go to the Configure SAML page , click Show Advanced Settings.
• Enter the values in Okta based on the table below.
• All the values mentioned can be picked up from the Metadata section in the miniOrange dashboard.
• Refer to the the previous step on how to get to that page.

  Encryption Certificate	This is Optional
  Enable Single Logout	Enable the check box to Allow application to initiate Single Logout
  SP Issuer	Entity ID or Issuer as mentioned in the Metadata Section
  Single Logout URL	Single Logout URL as mentioned in the Metadata Section
  Signature Certificate	X.509 Certificate can be downloaded from the Metadata Section




• Now scroll down to the Attribute Statements section.



• Add Attribute Statement & Group Attribute Statement if required & click on Next.



• Click on Finish.



• Navigate to the Assignment tab from the application.



• Click on Assign & select Assign to People.



• Select the user from the popup & click on Done. You can also assign groups if required.



• Click on the Save and Go Back.



• Click on the Done button.





• Click on the Sign On tab of the application.



• Scroll down to the SAML Signing Certificates section.



• Under the Actions column, click View IdP Metadata.
• A new tab will open—copy the metadata URL. You will need this URL in the next step when configuring Okta as the Identity Provider in miniOrange.

2. Configure Okta as Identity Provider (IDP) in miniOrange

• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Providers.
• Click on Add Identity Provider button.



• In the search bar, search for Okta and then click on it.



• Click on Import IDP metadata.



• Enter a name for the Identity Provider (IdP). Then, import the Okta metadata by either uploading the file or entering the metadata URL.



• Click on Import.
• If you don't have metadata file, you can also provide the details manually. You need to configure following endpoints

  IDP Entity ID	Entity ID of IDP
  Single Login URL	Login Url from IDP
  Single Logout URL	Logout Url from IDP
  X.509 Certificate	The public key certificate of your Okta application.

• Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:

  Domain Mapping	Can be used to redirect specific domain user to specific IDP
  Show IdP to Users	Enable this if you want to show this IDP to all users during Login
  Send Configured Attributes	Enabling this would allow you to add attributes to be sent from IDP

• Click on Save button.
• You have successfully configured Okta as SAML IDP (Identity Provider) for achieving Okta Single Sign-On (SSO) Login.



• In the External Identity Providers, search for the configured IDP.
• Click the three dots in the Actions menu, and select Attribute Mapping for the Identity Provider (IDP) you configured.



• To map the attributes, click on + next to Attribute Mapping.



• Click on Save.
• Navigate back to the External Identity Providers page.
• Click the three dots in the Actions menu for the configured IDP and select Make Default.

3. Test Okta IDP Connection

• Go to Identity Providers tab.
• Click the three dots in the Actions menu for configured IDP and select Test Connection.



• On entering valid IDP credentials, you will see the Test Successful pop-up window as shown in the below screenshot.

4. Create your application in miniOrange

4.1. Create BigCommerce API

• Log in to BigCommerce Admin Panel.
• Go to Settings >> API >> Store-level API Accounts.



• Click Create API Account and choose the token type as V2/V3 API Token.
• Add a suitable name for your API account.

  Note: In BigCommerce, the API Path is the base URL that your application or integration uses to connect to your store’s data through BigCommerce APIs. The Store Hash is a unique identifier automatically generated by BigCommerce for each store. It appears in the API Path.

• Copy the highlighted Store Hash from the API Path.



• Enable the Customers option as Modify and Customers Login option as login. Keep rest of the settings as it is.
• Click on Save. Download the API credentials file. It contains the Access token, Client ID and Client Secret.

4.2. Configure BigCommerce in miniOrange

• Login into miniOrange Admin Console.
• Go to Apps click on Add Application button.



• In the Choose Application section, open the dropdown list of All Apps and select JWT.



• In the next step, search for BigCommerce application from the list and click on it.



• Enter the following values in the respective fields.



• Enter the Client ID, Client secret and Access token which we have downloaded from step 4.1 during API creation in BigCommerce Console.

  Display Name [Required]	BigCommerce (According to your choice)
  Redirect-URL [Required]	Storefront URL, e.g. https://{{my-store}}.mybigcommerce.com/login/token/
  Client ID	Copy from the downloaded file in Step 4.1
  Client Secret	Copy from the downloaded file in Step 4.1
  Access Token	Copy from the downloaded file in Step 4.1
  Description	According to your choice

  Note: Your Redirect URL should be: <Storefront URL>/login/token/
  For Example: https://mystore.mybigcommerce.com/login/token/

• To find your Storefront URL: Go to Channels >> Storefronts. Copy the URL listed for your store.



• Now next move to Advanced tab.




Subject	E-Mail Address.
Signature Algorithm	HS256
Logout URL	Copy the storefront URL as mentioned above and append /login.php?action=logout e.g., https://{{my-store}}.mybigcommerce.com/login.php?action=logout

• Click Next to go to the Login Options tab.




Primary Identity Provider	The identity source against which user will be authenticated
Force Authentication	Enable if you want user to authenticate even if the user has a session
Enable User Mapping	Enable if you are sending the logged-in user from this app in the response

• Click on the Next button.
• To perform Attribute Mapping and add new attributes, navigate to the Attributes tab and click on the + Add Attribute.
• The first three attributes will be hard-coded values

  Attribute Name	Attribute Type	Attribute Value
  store_hash	Custom Attribute Value	Refer to Step 4 above.
  redirect_to	Custom Attribute Value	Endpoint where you wish to redirect the user to after sso. [Homepage or account page e.g. /account.php]
  operation	Custom Profile Attribute	customer_login
  first_name	External Idp Attribute	first_name
  last_name	External Idp Attribute	last_name
  email	External Idp Attribute	email




• Click on Next.
• Navigate to Policies tab.
• Click on Assign Group button.



• On the Assign Group section.
• Choose the DEFAULT group.
• Click on the Next button.



• Assign the policies to the group. Here, you can choose the primary authentication method for users. From the dropdown under First Factor, select Password.



• Click on Save.
• Go to Endpoints tab.
• Now, you can find the SSO URL to authenticate from miniOrange.



• SSO URL to authenticate via External IDP



• Now, you can access BigCommerce account using your Okta credentials via the Single Sign-On (SSO) URL, as shown in the image below.

5. Syncing Address, Form, and Custom Attribute Fields to BigCommerce (Optional)

Frequently Asked Questions