Single Sign-On (SSO) for BigCommerce Using Okta Credentials

Okta Single Sign-On (SSO) login for BigCommerce Store can be achieved by integrating miniOrange as Service Provider & Okta as SAML IDP (Identity Provider). Users can seamlessly access their BigCommerce Store along with other cloud apps/websites using existing Okta credentials. This allows organizations to securely access their BigCommerce Store and easily manage user access without migrating the users from the existing system. One-stop solution for - Centralized Management & Storage of customer data, Store to Store sync, Order status notification, Social login —> for your BigCommerce Store.

With BigCommerce SSO & CIAM features, you can:

Enable your users to automatically log into BigCommerce.
Provide extra layer of security on your BigCommerce store with 2-Factor Authentication (OTP over SMS/Email).
Connect easily with any external identity source like Azure AD, Okta, AWS Cognito, OKTA, etc.

Verified Technology Partner of BigCommerce

SSO + MFA Support for any BigCommerce Plan (Standard, Plus, Pro, Enterprise)

Get Free Installation Help

miniOrange offers free help through a consultation call with our System Engineers to Install or Setup BigCommerce SSO solution in your environment with 30-day free trial.

For this, you need to just send us an email at idpsupport@xecurify.com to book a slot and we'll help you in no time.

Video Setup Guide

Connect with External Source of Users

miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.

Prerequisites

Log into miniOrange Admin Console.
Click on Customization in the left menu of the dashboard.
In Basic Settings, set your company domain in Organization Name textfield.
Click Save. Once that is set, the branded login URL would be of the format https://<company_domain>.xecurify.com/moas/login

2FA Two-Factor authentication for BigCommerce : setting up branding

Follow the Step-by-Step Guide given below for BigCommerce Single Sign-On (SSO)

1. Configure miniOrange as Service Provider (SP) in Okta

Note: Switch to Classic UI from Okta Developer Console, by selecting the Admin from the upper right corner then Developer Console > Classic UI

In Okta Developer site, navigate to Applications > Create App Integration or use following URL https://okta-domain-name/admin/apps/add-app

Okta Single Sign On SSO okta applications

Select SAML 2.0 & click on Create

Write any appropriate App name then click Next.

For the above SAML configuration you need to get the Entity ID and ACS URL from miniOrange
Go to miniOrange Dashboard in the left navigation menu. Click on Add External IdP.

Now click on the Click here link to get miniOrange metadata as shown in Screen below.

For SP -INITIATED SSO section Select Show Metadata Details.

Enter the values in basic SAML configuration as shown in below screen

Single sign on URL	ACS URL
Audience URI (SP Entity ID)	Entity ID or Issuer

For SLO configuration (optional)

For SLO configuration in okta go to the Configure SAML page , click Show Advanced Settings.

Okta Single Sign On SSO assign people in app

Enter the values in Okta based on the table below. All the values mentioned can be picked up from the Metadata section in the miniOrange dashboard. Refer to the the previous step on how to get to that page.

Encryption Certificate	This is optional
Enable Single Logout	Enable the check box to Allow application to initiate Single Logout
Single Logout URL	Single Logout URL as mentioned in the Metadata Section
SP Issuer	Entity ID or Issuer as mentioned in the Metadata Section
Signature Certificate	X.509 Certificate can be downloaded from the Metadata Section

Click Next.

Add Attribute Statement & Group Attribute Statement if required & click on Next.
Select Okta Configuration type & click on finish.
Navigate to Assignment tab from Okta. Click on Assign & select Assign to People. Select the user from the popup & click on Done. You can also assign groups if required.

2. Configure Okta as Identity Provider (IDP) in miniOrange

Go to miniOrange Admin Console .
From the left navigation bar select Identity Provider.
Click on Add Identity Provider button.

Select SAML. Click on Import IDP metadata.

Enter Okta as IDP name and and browse for the file downloaded in step 1. Click on Import.
If you don't have metadata file, you can also provide the details manually. You need to configure following endpoints:

IDP Entity ID	Entity ID of IDP
Single Login URL	Login Url from IDP
Single Logout URL	Logout Url from IDP
X.509 Certificate	The public key certificate of your Keycloak server.

Few other optional features that can be added to the Identity Provider(IDP) are listed in the table below:

Domain Mapping	Can be used to redirect specific domain user to specific IDP
Show IdP to Users	Enable this if you want to show this IDP to all users during Login
Send Configured Attributes	Enabling this would allow you to add attributes to be sent from IDP

Click on Save.
You have successfully configured Okta as SAML IDP (Identity Provider) for achieving OKTA Single Sign-On (SSO) Login.
Navigate back to View Identity Providers page.
Click on select against the configured IDP and select Make Default.

3. Test Okta IDP Connection

Go to Identity Providers tab.
Click on Select>>Test Connection option against the Okta Identity Provider you configured.

On entering valid OKTA credentials, you will see a pop-up window, which is shown in the below screen.

You will see Test Successful pop-up window as shown in the below screenshot.

Hence your configuration of Okta as IDP in miniOrange is successfully completed.

4. Create your application in miniOrange

4.1. Create BigCommerce API

Log in to BigCommerce Admin Panel.
Go to the Settings from the menu, scroll down and select API Accounts.

BigCommerce Single Sign-On (SSO): API account

Click on Create API Account and choose Create V2/V3 API Token option from the menu shown.
Add a suitable name for your API account.
API Path will be used as the store_hash value when we configure BigCommerce in miniOrange which will require in step2.

BigCommerce Single Sign-On (SSO): API Path

Enable the Customers option as Modify and Customers Login option as login. Keep rest of the settings as it is.
Click on Save.

BigCommerce Single Sign-On (SSO): API Configuration

Download the API credentials file. It contains the API token, Client ID and Client Secret.

BigCommerce Single Sign-On (SSO): API Credential Download

4.2. Configure BigCommerce in miniOrange

Login into miniOrange Admin Console.
Go to Apps Click on Add Application button.

BigCommerce Single Sign-On (SSO) add app

In Choose Application Type click on Create App button in JWT application type.

BigCommerce Single Sign-On (SSO) choose JWT as app type

In the next step, search for BigCommerce application from the list and click on it.

BigCommerce Single Sign-On (SSO): Select BigCommerce Application

Enter the following values in the respective fields.

Custom Application Name [Required] : BigCommerce (According to your choice)
Description : According to your choice
Redirect-URL [Required] : Storefront URL, e.g. https://{{my-store}}.mybigcommerce.com/login/token/
Logout-URL : https://{{my-store}}.mybigcommerce.com
Force Authentication : Enable if you want user to authenticate even if the user has a session
Primary IDP : The identity source against which user will be authenticated
User Mapping : Enable if you are sending the logged-in user from this app in the response

BigCommerce Single Sign-On (SSO): add jwt app

Group Name : Default
Policy Name : Add policy name according to your Preference
Login Method : Password

Click on Save.
For Attribute Mapping, navigate to Select >> Edit next to your configured application.

If you are using an external IDP, jump to the below steps to set up external IDP.

If you are using miniOrange as an IDP:

Enter the Client Id, App Secret and Access Token (which we have downloaded from step 1 during API creation in BigCommerce Console).
For Signature Algorithm, select HS-256 from the dropdown menu.
Set Subject to E-Mail Address.

BigCommerce Single Sign-On (SSO): configure Client ID and Client Secret

To map the attributes between the miniOrange IDP and BigCommerce application, click on Attributes + button.
The first three attributes will be hard-coded values.

Attribute Name	Attribute Value
store_hash	You got in this step.
redirect_to	Endpoint where you wish to redirect the user to after sso. [Homepage or account page e.g. /account.php]
operation	customer_login

Click on Save.
Now, You can access BigCommerce Account Using IDP credentials through the Single-sign-on URL as shown in image above.

If you are using an external IDP:
- Enter the Client Id, App Secret and Access Token (which we have downloaded from step 1 during API creation in BigCommerce Console).
- For Signature Algorithm, select HS-256 from the dropdown menu.
- Set Subject to E-Mail Address.
- You need to map the following attributes coming in from the idp by choosing the external IDP option.
- Click on Save.
- Now, You can access BigCommerce Account Using IDP credentials through the Single-sign-on URL as shown in image above.
Now, You can access BigCommerce Account Using Okta credentials through the Single-sign-on URL as shown in image above.

Contents