SSO Authentication

The SSO Authentication App allows you enable the ability for customers of the store to login via SAML SSO with either Okta or Microsoft Azure as the Identity Provider (idP).

In this article, we will cover the following topics:

Enable and configure the SSO Authentication App

To get started, log into your store and use the left navigation menu to go to Apps:

sso-apps-menu.png

You will then see the list of all available apps and you can click the Enable button on the SSO Authentication app tile:

sso-app.png

Then click the Enable button at the top of the App page.

sso-enable.png

You will then see a list of the available Identity Providers (idP) and you can enable the desired ones by clicking the toggle switch next to the name.

sso-identity-providers.png

See the individual Identity Provider sections below for detailed information on completing the configuration for that particular provider.

Okta setup and configuration

To use Okta as your Identity Provider for customer logins, first follow the steps in the preceding section to enable the SSO Authentication App and then click the toggle switch next to Okta to enable it.

You will see two fields with pre-populated values that will be needed in the following steps. If the Okta account is managed by your client or another department, you will likely need to send these values to them. You can use the copy links to copy the values of the following fields:

  • Audience URI (SP Entity ID)
  • Single sign-on URL (Assertion Consumer Service URL)

sso-octa-initial-settings.png

The next few steps involve creating and configure the app integration in Okta.

After logging in to your Okta account, navigate to Applications on the left menu and then click the Create App Integration button at the top of the page.

Okta 1.png

For the sign-in method, select SAML 2.0 and then click the Next button.

Okta 2.png

Then you will need to enter the App name and optionally upload a logo for the app. When done, click the Next button.

Okta 3.png

You will now be on the SAML Settings page. This is where you will enter the values that you copied from the SSO Authentication App on the Prodigy store. Paste the Audience URI and Single sign-on URL into the corresponding fields. In the Name ID format field, select EmailAddress from the dropdown list. Then click the Finish button.

Okta 4.png

You will now see the Metadata URL. Click the copy link below the URL.

Okta 5.png

You can now navigate back to the SSO Authentication App page of the Prodigy store and paste the value from the previous step into the IDP Metadata URL field. When done, click the Save Changes button at the top of the page.

ssp-octa-metadata-url.png

Then go back to your Okta account and navigate to Applications -> Assign Users to App to assign people and groups to the application. Those users will then be able to log into the store with their Okta account and user profiles in the store will automatically be created the first time they log in.

Okta 6.png

Microsoft Azure setup and configuration

To use Microsoft Azure as your Identity Provider for customer logins, first follow the steps in the first section to enable the SSO Authentication App and then click the toggle switch next to Microsoft to enable it.

You will see two fields with pre-populated values that will be needed in the following steps. If the Microsoft account is managed by your client or another department, you will likely need to send these values to them. You can use the copy links to copy the values of the following fields:

  • Identifier (Entity ID)
  • Reply URL (Assertion Consumer Service URL)

sso-microsoft-initial-settings.png

The next few steps involve creating and configure the app integration in Microsoft Azure.

Log into your Azure account at: https://portal.azure.com/#home and then under the Azure services heading select Enterprise applications.

 

Azure 1.png

Click the New application button.

Azure 2.png

Then click Create your own application.

Azure 3.png

Enter a name for your app and then select the radio button labeled Integrate any other app you don't find in the gallery (Non-gallery). Then click the Create button.

Azure 4.png

Select Set up single sign on

Azure 5.png

Then select SAML.

Azure 6.png

Click the Edit button in the Basic SAML Configuration section

Azure 7.png

Then click the Add Identifier link and paste in the Identifier value that you saved from the SSO Authentication app in the Prodigy store.

Azure 8.png

Then click the Add reply URL link and paste in the Reply URL value that you saved from the SSO Authentication app in the Prodigy store. Then click the Save button.

Azure 9.png

You will now see the App Federation Metadata Url. Click the copy icon to the right of the value.

Azure 10.png

You can now navigate back to the SSO Authentication App page of the Prodigy store and paste the value from the previous step into the App Federation Metadata Url field. When done, click the Save Changes button at the top of the page.

sso-microsoft-metadata-url.png

Then go back to your Microsoft Azure account and navigate to Users and groups to assign them to the application. Those users will then be able to log into the store with their Azure account and user profiles in the store will automatically be created the first time they log in.

Azure 11.png

Disable Manual Account Creation

After configuring your SSO identity provider(s), you can optionally disable manual account creation. When manual account creation is disabled, there will be no option on the log in page for users to manually create accounts and login will only be allowed for users that are configured in the SSO identity provider system.

To disable manual account creation for the store, click on the Disable Manual Account Creation button on the SSO Authentication app page.

Screen Shot 2024-10-25 at 9.01.05 AM.png

 

Build WordPress stores with modern technology

Sign up to use the Prodigy platform, a powerful alternative to WooCommerce. Prodigy is free at ANY scale.

Create an Account