• Home
• CASB
• Shopify
• Setup Shopify Non-Plus Admin SSO

Setup Shopify Non-Plus Admin SSO with Microsoft Entra ID (Azure AD) as IDP

In this guide, you'll learn how to set up SSO into your Shopify Non-Plus admin using Microsoft Entra ID (Azure AD) Credentials. Get deep visibility, dynamic access restrictions, active threat detection, and granular access control on your Shopify store. Our Shopify CASB Solution allows you to secure your Shopify Admin by configuring IP Restrictions, Device Restrictions, and Country Restrictions features.

Step 1: Sign up with miniOrange CASB Dashboard

• Click here to log into your miniOrange account.
  

  (Don’t have an account? No worries, click here to create a new account)

Step 2: Choose Shopify App for Configuration

• After logging in, you should be taken to the miniOrange dashboard page. Locate the "Shopify" tab and click on Add App button.



• Select the Add Authentication Source option from the drop-down menu.



• Mention an Authentication name for the authentication source, and click on Generate Metadata.



• After clicking on Generate Metadata, you will get the metadata details, as shown in the image below. Use this data to configure the SAML application in your Microsoft Entra ID (IDP).

Step 3: Setup Microsoft Entra ID (Azure AD) as IDP

• Now Log in to Microsoft Entra ID (Azure AD) Portal
• Select Microsoft Entra ID.



• Select Enterprise Application.



• Click on New Application.



• Click on Create your own Application under Browse Azure AD Gallery.



• Enter the name for your app, then select Non-gallery application section and click on Create button.



• Click on Setup Single Sign-On.



• Select the SAML tab.



• After clicking on Edit, Enter the Entity ID, ACS URL, and the Single Logout URL from miniOrange Dashboard Service Provider Metadata.



• By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.



• Copy the App Federation Metadata Url or Download the Federation Metadata XML file to get the Endpoints required for configuring your Service Provider.



• Assign users and groups to your SAML application.
• Now, Enter the details like the IDP Entity ID, SAML Login URL, SAML Logout URL, and X509 Certificate which you will find in Microsoft Entra ID (Azure AD) IDP metadata. Once done, Choose the Binding Type for SSO Request as required. You will find this information in the Microsoft Entra ID metadata. However, if you are not sure, please select the HTTP-Redirect Binding as the default configuration.



• Click the Save & Next button once you have filled out all the details.
• You have now successfully configured SAML Authentication with miniOrange CASB.

Step 4: configure Shopify Non-Plus App

• Now, You are redirected to Basic Settings section.
• Fill in the following details to configure the Shopify Non-Plus Application:



• Enter the name of your organization.
• Enter the domain of your organization on Shopify. (Ex: example.com)
• Enter the Group Attribute Key for the SSO app, which you have configured in the IDP under the SAML attributes section.
• Select whether you want to enable CASB or not as per your requirements.
• Enable Multistaff if you want to enable Multistaff login.
• Click on Save & Next to save your changes.

Step 5: Setup Policies

• Now, You are currently on the Manage Policy section.
• Since we only need admin dashboard access, we can proceed without configuring policies. click on the "skip" button for skip the policy setup.



• If you're interested in implementing policies like IP restrictions, time restrictions, and more, you can find detailed instructions in this guide.

Step 6: Setup Groups

• In the Users & Groups section, Click on Add New Group button.



• Enter the Group Name as a NameID/ObjectID (for eg. Add Microsoft Entra ID (Azure AD) user Email or user objectID which need to be mapped to shopify staff user) and Group Description. Select the Group Policy from the drop-down menu and Click on Save button.



• Further, you can add as many users as you want. Now, Click on Save & Next once done.



• After successfully configuring all screens, you will be redirected to the edit screen.

Step 7: Edit Screen

• Basic Settings section You can change any configurations if required in the Authentication.
• Suppose you want to configure different authentication sources. In that case, you can simply click on the Authentication Source in the Navigation Bar, where you will be able to add, view & edit authentication sources.



• Group section You can add and configure groups on this screen and view all configured groups. Now, Click on Add New Group.



• You will get a pop-up for adding a new group and you can configure it using the above mentioned steps.
• User Configuration section If you need to configure shopify users for SSO and Multi-stuff.




Step 8: Shopify End Users Flow

• Click Here to follow the setup guide for Shopify End Users Flow with CASB Extension.



Not able to configure or test Shopify Non-Plus Admin SSO using Microsoft Entra ID (Azure AD)?
For this, you need to Contact us or email us at proxysupport@xecurify.com and we'll help you setting it up in no time.




External References

• What is a CASB?
• Group-based access to Gmail using the Google Workspace CASB
• Secure Shopify Admin Login
• Cloud Access Security Broker (CASB) Solutions


miniOrange CASB offers a wide variety of security features with flexible scalability, all available at the most affordable price to all types of businesses. Start by signing up now!