Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:


Setup Shopify Non-Plus Admin SSO with Microsoft Entra ID (Azure AD) as IDP

In this guide, you'll learn how to set up SSO into your Shopify Non-Plus admin using Microsoft Entra ID (Azure AD) Credentials. Get deep visibility, dynamic access restrictions, active threat detection, and granular access control on your Shopify store. Our Shopify CASB Solution allows you to secure your Shopify Admin by configuring IP Restrictions, Device Restrictions, and Country Restrictions features.

Step 1: Sign up with miniOrange CASB Dashboard

  • Click here to log into your miniOrange account.

    (Don’t have an account? No worries, click here to create a new account)

  • Login into miniOrange shopify non plus apps CASB

Step 2: Choose Shopify App for Configuration

  • After logging in, you should be taken to the miniOrange dashboard page. Locate the "Shopify" tab and click on Add App button.
  • shopify non plus CASB authentication method dashboard

  • Select the Add Authentication Source option from the drop-down menu.
  • shopify non plus CASB Add authentication

  • Mention an Authentication name for the authentication source, and click on Generate Metadata.
  • CASB Authentication Generate Metadata

  • After clicking on Generate Metadata, you will get the metadata details, as shown in the image below. Use this data to configure the SAML application in your Microsoft Entra ID (IDP).
  • shopify non plus CASB Generate Metadata SAML Flow

Step 3: Setup Microsoft Entra ID (Azure AD) as IDP

  • Now Log in to Microsoft Entra ID (Azure AD) Portal
  • Select Microsoft Entra ID.
  • Configuring Azure AD as IDP click on Microsoft Entra ID

  • Select Enterprise Application.
  • Microsoft Entra ID as IDP : Enterprise Applications

  • Click on New Application.
  • Microsoft Entra ID (Azure AD) : Adding New Application

  • Click on Create your own Application under Browse Azure AD Gallery.
  • Microsoft Entra ID SAML IDP : Create application

  • Enter the name for your app, then select Non-gallery application section and click on Create button.
  • Microsoft Entra ID IDP : Non-gallery application

  • Click on Setup Single Sign-On.
  • Microsoft Entra ID Identity Provider : Setup SSO

  • Select the SAML tab.
  • Azure AD as IDP : Select SAML

  • After clicking on Edit, Enter the Entity ID, ACS URL, and the Single Logout URL from miniOrange Dashboard Service Provider Metadata.
  • Azure AD as IDP : SAML configuration

  • By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.
  • Azure AD as IDP : SAML attributes

  • Copy the App Federation Metadata Url or Download the Federation Metadata XML file to get the Endpoints required for configuring your Service Provider.
  • Microsoft Entra ID SSO : Federation metadata file

  • Assign users and groups to your SAML application.
  • Now, Enter the details like the IDP Entity ID, SAML Login URL, SAML Logout URL, and X509 Certificate which you will find in Microsoft Entra ID (Azure AD) IDP metadata. Once done, Choose the Binding Type for SSO Request as required. You will find this information in the Microsoft Entra ID metadata. However, if you are not sure, please select the HTTP-Redirect Binding as the default configuration.
  • shopify non plus CASB Access Restriction SP metadata IDP Details

  • Click the Save & Next button once you have filled out all the details.
  • You have now successfully configured SAML Authentication with miniOrange CASB.

Step 4: configure Shopify Non-Plus App

  • Now, You are redirected to Basic Settings section.
  • Fill in the following details to configure the Shopify Non-Plus Application:
  • shopify non plus CASB Basic Settings Details

    • Enter the name of your organization.
    • Enter the domain of your organization on Shopify. (Ex: example.com)
    • Enter the Group Attribute Key for the SSO app, which you have configured in the IDP under the SAML attributes section.
    • Select whether you want to enable CASB or not as per your requirements.
    • Enable Multistaff if you want to enable Multistaff login.
    • Click on Save & Next to save your changes.

    Step 5: Setup Policies

    • Now, You are currently on the Manage Policy section.
    • Since we only need admin dashboard access, we can proceed without configuring policies. click on the "skip" button for skip the policy setup.
    • shopify non plus CASB policies

    • If you're interested in implementing policies like IP restrictions, time restrictions, and more, you can find detailed instructions in this guide.

    Step 6: Setup Groups

    • In the Users & Groups section, Click on Add New Group button.
    • shopify non plus CASB Groups submit app restriction group

    • Enter the Group Name as a NameID/ObjectID (for eg. Add Microsoft Entra ID (Azure AD) user Email or user objectID which need to be mapped to shopify staff user) and Group Description. Select the Group Policy from the drop-down menu and Click on Save button.
    • shopify non plus CASB Groups submit app restriction group

    • Further, you can add as many users as you want. Now, Click on Save & Next once done.
    • shopify non plus CASB Groups submit app restriction group

    • After successfully configuring all screens, you will be redirected to the edit screen.

    Step 7: Edit Screen

    • Basic Settings section You can change any configurations if required in the Authentication.
    • Suppose you want to configure different authentication sources. In that case, you can simply click on the Authentication Source in the Navigation Bar, where you will be able to add, view & edit authentication sources.
    • shopify non plus CASB Basic Settings change any configuration

    • Group section You can add and configure groups on this screen and view all configured groups. Now, Click on Add New Group.
    • shopify non plus CASB Group Settings all configured groups

    • You will get a pop-up for adding a new group and you can configure it using the above mentioned steps.
    • User Configuration section If you need to configure shopify users for SSO and Multi-stuff.
    • shopify non plus New Policy for restrictions

    Step 8: Shopify End Users Flow

    • Click Here to follow the setup guide for Shopify End Users Flow with CASB Extension.

    Not able to configure or test Shopify Non-Plus Admin SSO using Microsoft Entra ID (Azure AD)?
    For this, you need to Contact us or email us at proxysupport@xecurify.com and we'll help you setting it up in no time.

    External References

    miniOrange CASB offers a wide variety of security features with flexible scalability, all available at the most affordable price to all types of businesses. Start by signing up now!

Request a Free Demo!


 Thank you for your response. We will get back to you soon.

Please enter your enterprise email-id.

miniOrange CASB solutions making it affordable for organizations