Bigcommerce B2B Single-Sign-on SSO

This guide provides step-by-step instructions for configuring Single Sign-On (SSO) between miniOrange and BigCommerce B2B Edition. This integration enables seamless authentication, allowing users to access your BigCommerce B2B store using their miniOrange credentials without requiring separate login credentials.

Solution Overview:

Enables SSO for BigCommerce B2B storefront users.
Automatically provisions customer accounts in BigCommerce.
Synchronizes user attributes between BigCommerce and miniOrange or any external Identity Provider (IdP).
Creates and manages B2B companies and user roles.

Connect with External Source of Users

miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, OpenLDAP, AWS etc), Identity Providers (like Microsoft Entra ID, Okta, AWS), and many more. You can configure your existing directory/user store or add users in miniOrange.

Prerequisites for Bigcommerce SSO

Before beginning this setup, ensure you have:

BigCommerce Store: An active BigCommerce store with B2B Edition enabled.
Administrator Access: Store Owner or Administrator permissions in BigCommerce.
miniOrange Account: Active miniOrange account.

Follow the Step-by-Step Guide given below for Bigcommerce b2b Single-Sign-on (SSO)

Step 1: Create BigCommerce API Credentials

1.1 Access API Account Settings

Log in to the BigCommerce Admin Panel.
Navigate to Settings from the main menu.
Scroll down and select API Accounts.

1.2 Create New API Account

Click on Create API Account.
Select Create V2/V3 API Token from the dropdown menu.
Enter a descriptive name for your API account.

1.3 Configure API Permissions

Locate your Store Hash in the API path field, which appears as:
https://api.bigcommerce.com/stores/{store_hash}/v3/

Bigcommerce SSO: Configure API Permissions

Note: Save this store_hash value - you'll need it later
Configure the following permissions:

Customers: Set to modify
Customers Login: Set to login

Scroll down to bottom, and set B2B Edition scope to modify. Click on Save.

1.4 Client ID & Client Secret

Upon saving, BigCommerce will display your credentials on screen and Download a .txt file containing your credentials. Save the values of Client ID, Client Secret and Access Token.

Bigcommerce SSO: Client ID, Client Secret

Step 2: Configure BigCommerce Application in miniOrange

2.1 Add New Application

Log in to the miniOrange Admin Console.
Go to Apps and click on Add Application button.

In Choose Application, Select JWT as app type.

Bigcommerce SSO: Select JWT App from the All Apps dropdown

In the next step, search for the BigCommerceB2B application from the list and click on it.

2.2 Configure Basic Settings

In the Basic tab, enter the following values:

Field	Value	Description
Display Name	`BigCommerce`	Custom name for this integration
Redirect-URL	`https://{my-store}.mybigcommerce.com/login/token/`	Replace `{my-store}` with your actual store URL
Client ID	`[From Step 1.4]`	Copy from BigCommerce API credentials
Client Secret	`[From Step 1.4]`	Copy from BigCommerce API credentials
Access Token (B2B)	`[From Step 1.4]`	Copy from BigCommerce API credentials
Description	Optional	Brief description of this integration

2.3 Configure Advanced Settings

Navigate to the Advanced tab and configure:

Setting	Value	Description
Signature Algorithm	`HS256`	Required for BigCommerce JWT authentication
Logout-URL	`https://{my-store}.mybigcommerce.com/login.php?action=logout`	Replace `{my-store}` with your store URL

2.3 Configure Required Attribute Mapping

Navigate to the Attribute tab and configure the following mandatory attributes:

Attribute Name	Value/Mapping	Description
`first_name`	Map to user's first name field	User's first name
`last_name`	Map to user's last name field	User's last name
`email`	Map to user's email field	User's email address (unique identifier)
`operation`	`customer_login`	Static value - required for SSO operation
`store_hash`	`[From Step 1.3]`	Your store hash value
`redirect_to`	`/account.php or /`	Post-login redirect endpoint (e.g., `/account.php` for account page, / for homepage)
`companyName`	Map to company field or static value	Company name for B2B account

Attribute Mapping Instructions:

Click Add Attribute Mapping.
Enter the attribute name exactly as shown (case-sensitive).
Select the corresponding user field from your identity provider.
For static values, enter the value in Custom Attribute Value as shown in image.
Click on Save.

2.4 Configure Optional Attributes

Beyond the required attributes, you can configure additional optional attributes to customize user provisioning and company setup.

Available Optional Attributes

Attribute	Description	Accepted Values	Default Value
`role`	User's role within the B2B company	`admin, senior_buyer, junior_buyer`	`junior_buyer`
`phone`	Company contact phone number	Valid phone number string	`1234567890`
`country`	Company's primary business location	Full country name or two-letter country code (e.g., 'United States', 'US', 'Canada', 'CA')	`United States`

How to Add Optional Attributes

In the Attribute tab, click Add Attribute Mapping.
Enter the attribute name exactly as shown above (case-sensitive).
Map it to the corresponding field from your identity provider, or enter a static value.
Click on Save.

Important Notes About Optional Attributes

First User Exception: The first user created for any company will automatically receive the admin role, regardless of the role attribute mapping. This ensures each company has at least one administrator.
Phone Format: Any phone number format is accepted.
Country Names: Use full country names as they appear in BigCommerce (e.g., "United States" not "US" or "USA").
Defaults Applied: If optional attributes are not configured, the system will use the default values listed above. The integration will function normally without them.

Step 3: Configure Access Policy

3.1 Create Access Policy

Navigate to the Policy tab.
Click Add Policy.
Configure Policy by entering the following values:

Field	Value	Description
Group Name	`Default`	User group this policy applies to
Policy Name	Choose descriptive name	E.g., "BigCommerce SSO Policy"
First Factor	`Password or Password-less`	Primary authentication method

Click Submit to save the policy configuration.

Step 4: Test SSO Configuration

4.1 Choose Your Testing Method

The testing method depends on your identity provider setup:

Option A: miniOrange as Identity Provider (IdP)

In the miniOrange admin console, navigate to your BigCommerceB2B application
Copy the SSO URL to authenticate from miniOrange
Open this URL in an incognito/private browser window
Log in with valid miniOrange credentials
After successful verification, user redirected to your Bigcommerce store

Option B: External Identity Provider

In the miniOrange admin console, navigate to your BigCommerceB2B application
Copy the SSO URL to authenticate via External IDP
Open this URL in an incognito/private browser window
Complete authentication with your external IdP
After successful verification, user redirected to your Bigcommerce store

Contents