Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

SSO Login Using BigCommerce Store as IDP


Login to BigCommerce Store or any other cloud apps using SSO Login with BigCommerce existing credentials. This means your BigCommerce account can be used as an Identity Provider (IdP) for your existing stores or any other external applications. This eliminated the need to log in separately for each app or store.
A One in all solution for - Centralized Management & Storage of customer data, Store to Store sync, Order status notification, Social login —> for your BigCommerce Store.

Verified Technology Partner of BigCommerce

SSO + MFA Support for any BigCommerce Plan (Standard, Plus, Pro, Enterprise)


Connect with External Source of Users


miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.



Prerequisites

Please make sure your organisation branding is already set under Customization >> Login and Registration Branding in the left menu of the dashboard.


Create API account

  • Log in to BigCommerce Admin Panel.
  • Go to the Settings from the menu, scroll down and select API Accounts.
  • BigCommerce as an IDP: API account

  • Click on Create API Account and choose Create V2/V3 API Token option from the menu shown.
  • Add a suitable name for your API account.
  • API Path will be used as the store_hash value when we configure BigCommerce in miniOrange which will require in step2.
  • BigCommerce as an IDP: API Path

  • Enable the Customers option as Modify and Customers Login option as login. Keep rest of the settings as it is.
  • Click on Save.
  • BigCommerce as an IDP: API Configuration

  • Download the API credentials file. It contains the API token, Client ID and Client Secret.
  • BigCommerce as an IDP: API Credential Download


Follow the Step-by-Step Guide given below to setup SSO login using BigCommerce IDP

1. Setup BigCommerce as an IDP in miniOrange

  • Login with your miniOrange account.
  • Click on Setup under Add Identity Source from the dashboard.
  • BigCommerce IDP - Add Identity PRovider

  • Select Add Directory under Add External Directories.
  • BigCommerce IDP - Switch to API tab to configure BigCommerce

  • Switch to the API tab and select BigCommerce as API Type from the dropdown.
  • BigCommerce IDP - Switch to API tab to configure BigCommerce

  • Fill in the following values in the respective fields:

    API Identifier Any custom name e.g. BigCommerceIDP
    Store Hash Store hash value found in Create API Account step
    Client ID Client ID value found in Create API Account step
    Access Token Access token found in Create API Account Step
    Enable for End USer Login Enable this option only if you want users to log in to miniOrange dashboard using their BigCommerce credentials. This can be helpful in changing 2fa configurations, etc.
    Migrate User's Password in miniOrange Enable this option if you want to migrate user credentials from BigCommerce to miniOrange gradually
    Send Configured Attributes Enable this if you want to send any attributes from BigCommerce as SSO response to any third party application
    Domain Mapping Enable this option If you want users with a specific email domain to be able to authenticate against BigCommerce
  • Click on the Save button.
  • Navigate back to View Identity Providers page.
  • Click on select against the configured IDP and select Make Default.
  • BigCommerce - Select Make Default


2. Test Configuration

  • Next step is to test if the configurations work. On the External Directories page, click on select against the BigCommerce configuration and select Test Authorization API.
  • Test authorization api for BigCommerce SSO login

  • It will open a pop-up where you can enter credentials for any BigCommerce account. Upon successful validation, you will see a success message.
  • If you see any error message, double-check the Client ID, Store Hash and Access token values. If it still doesn’t work, contact us at idpsupport@xecurify.com.

3. Configure Your application in miniOrange


Note:

If you have already configured your application in miniOrange you can skip the following steps.




  • In Choose Application Type click on JWT tab.
  • Click on JWT app

  • In the next step, search for BigCommerce application from the list and click on it.
  • BigCommerce as an IDP: Select BigCommerce Application

  • Enter the following values in the respective fields.
    1. Custom Application Name [Required] : BigCommerce (According to your choice)
    2. Description : According to your choice
    3. Redirect-URL [Required] : Storefront URL, e.g. https://{{my-store}}.mybigcommerce.com/login/token/
    4. Logout-URL : https://{{my-store}}.mybigcommerce.com
    5. Force Authentication : Enable if you want user to authenticate even if the user has a session
    6. Primary IDP : The identity source against which user will be authenticated
    7. User Mapping : Enable if you are sending the logged-in user from this app in the response
    BigCommerce as an IDP: add jwt app

    1. Group Name : Default
    2. Policy Name : Add policy name according to your Preference
    3. Login Method : Password
    BigCommerce as an IDP: add jwt app

  • Click on Save.
  • For Attribute Mapping, navigate to Select >> Edit next to your configured applicaition.
  • BigCommerce as an IDP: add jwt app

  • For miniOrange as an IDP:
    • Enter the Client Id, App Secret and Access Token (which we have downloaded from step 1 during API creation in BigCommerce Console).
    • For Signature Algorithm, select HS-256 from the dropdown menu.
    • Set Subject to E-Mail Address.
    • BigCommerce as an IDP: configure Client ID and Client Secret

    • To map the attributes between the miniOrange IDP and BigCommerce application, click on Attributes + button.
    • The first three attributes will be hard-coded values.
    • Attribute NameAttribute Value
      store_hashYou got in this step.
      redirect_toEndpoint where you wish to redirect the user to after sso. [Homepage or account page e.g. /account.php]
      operationcustomer_login

      Attribute Mapping

    • Click on Save.
    • Now, You can access BigCommerce Account Using IDP credentials through the Single-sign-on URL as shown in image above.
  • In Choose Application Type click on SAML tab.
  • Click on Create SAML App

  • Search for your Application. In case you do not find your app, search for Custom SAML App.
  • Search for your SAML App

    Configure SAML Application

  • Get the ACS URL and SP Entity ID from your application.
  • Enter the following values OR click on Import SP Metadata:
  • Service Provider Name Choose appropriate name according to your choice
    SP Entity ID or Issuer Your Application Entity ID
    ACS URL X.509 Certificate (optional) Your Application Assertion Consumer Service URL
    NameID format  Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Response Signed Unchecked
    Assertion Signed Checked
    Encrypted Assertion Unchecked
    Group policy Default
    Login Method
  • Click on Save to configure your application.
  • Now to get the IDP metadata of the app configured, Go to apps >> your_app >> select >> metadata tab.
  • Go to the metadata section

  • Click on the Show Metadata details in the Information required to Authenticate via External IDPs section. Download the metadata XML file by clicking on Download Metadata button or copy the Metadata URL link.
  • Downlaod metadata - URL

  • You need to Upload this metadata in your application.
  • In Choose Application Type click on OAUTH/OIDC tab.
  •  Add OAuth openIDConnect app

  • You can add any OAuth Client app here to enable miniOrange as OAuth Server. Few popular OAuth client apps for single sign-on are Salesforce, WordPress, Joomla, Atlassian, etc.
  • Select your OAuth openIDConnect app

    Configure OAth AddopenIDConnect app

  • Enter following Values:
  • Client Name Add appropriate Name
    Redirect URL Get the Redirect-URL from your OAuth Client
    Description Add if required
    Group Name Default
    Policy Name
    Login Method
  • Click on Save
  • Now to provide the required data to OAuth client go to the app configured i.e apps >> your_app >> select >> edit.
  • Edit OAuth editOpenidConnect app

    OAuth openidConnect app endpoints

    Note: Choose the Authorization Endpoint according to the identity source you configure.

  • When you want to use you want to use miniOrange as OAuth identity server use this endpoint: https://{mycompany.domainname.com}/moas/idp/openidsso
  • If you are configuring any Identity Provider in Identity Providers Menu and not using miniOrange as IDP use this endpoint: https://{mycompany.domainname.com}/broker/login/oauth{customerid}
  • In Choose Application Type click on JWT tab.
  • Click n External JWT app

  • Select JWT App.
  • SelectJWT app

  • Configure the name for your application and configure Redirect-URL which tells where to send JWT response. Redirect-URL should be an endpoint on your application where you want to achieve SSO.
  • Configure JWT App

    In case you are setting up SSO with Mobile Applications where you can't create an endpoint for Redirect or Callback URL, use below URL.

    https://login.xecurify.com/moas/jwt/mobile

  • Click Save
  • To get the SSO link for your application, Go to Apps >> your_app >> select >> Edit.
  • Get SSO Link

  • Then, copy the Single Sign On Url and verify SSO setup by browsing that url.
  •  SSO URL

  • On successful authentication, you will be redirected to configured Redirect or Callback URL with JWT token
  • You will need to download a certificate from App > Manage Apps, and click Certificate link against your configured application. This certificate will be used for signature validation of JWT response.
  • Download certificate to proceed with SSO


Additional Resources


If you are looking for anything which you cannot find, please drop us an email on idpsupport@xecurify.com.



Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products