- Overview
- Create Azure AD Application
- Create User Account
- Configure Application SSO
- Configure Storefront Settings
Overview
In this article, you will be guided through the process of creating an Azure AD application and configuring Single Sign-On (SSO) for your storefront. By setting up SSO, your customers can seamlessly access your storefront using their Azure AD credentials.
Create Azure AD Application
- Sign in to the Azure portal.
- Select All services, then Identity from the left menu, and then select Microsoft Entra ID under Identity management.
-
On the Microsoft Entra ID pane, under Manage, select Enterprise applications.
- On the Enterprise applications pane, select All applications and then select + New application.
- Select Create your own application, specify Non-Gallery, then name your app and select Create.
Create a User Account
- On the Microsoft Entra ID pane, under Manage, select Users.
- Select New user at the top of the pane, then select Create new user.
- In the User name field, enter the username of the user account. For example,
newuser@yourdomain.com
. - In the Name field, enter the name of the user of the account.
- Select Create.
After the user account is created, assign it to the application that was added from the gallery.
-
-
Edit the application, under Getting Started, select Assign users and groups. Alternatively, in the left menu, under Manage, select Users and groups.
-
On the Users and groups pane, on the menu, select +Add user/group.
-
On the Add Assignment pane, under Users and groups, select None Selected.
-
In the Users and groups pane, select the test user account and then click Select.
-
Select Assign.
-
Configure Application SSO
-
Sign in to the Azure portal using one of the roles listed in the prerequisites and select All services.
-
Select Identity, and then select Microsoft Entra ID.
-
On the Microsoft Entra ID pane, under Manage, select Enterprise applications.
- Select the application.
-
On the application overview pane, under Manage, select Single sign-on, then select SAML.
-
In the Basic SAML Configuration box, select Edit.
-
Specify the Identifier (Entity ID). Example:
https://www.yourdomain.com
. -
Specify the Reply URL (Assertion Consumer Service URL):
https://www.yourdomain.com/store/SingleSignon/SAML2/login.aspx
- Select Save
Our system expects a form POST to the following end point, /store/singlesignon/saml2/login.aspx. The form's body must include a SAMLResponse field, containing a securely signed, encrypted, and base64-encoded assertion. The assertion is required to have the following attributes: CustomerEmail, CustomerFirstName, CustomerLastName, and CustomerUserName.
-
On the Single sign-on page, select Edit in the Attributes & Claims box.
- You will need create an attribute for each of the required attributes (email, firstname, lastname, and username.) The specific name of the claim is not important, as long as it is appropriately mapped to each of the required attributes. Your storefront settings can align the claim name provided here with the corresponding attribute name expected by the storefront.
For your storefront, you will need to download the base64 encoded certificate under the SAML Certificate section. The following options from the edit screen should be selected, Sign SAML response and assertion and signing algorithm SHA-256.
Note: You will need to contact support to have this certificate uploaded to your store's files.
Configure Storefront Settings
Navigate to Tools > Apps & Addons > SSO for Customers (SAML2).
- Enter the path of the public certificate that has been uploaded to your storefront. Note: You will need to contact support to have this file uploaded and the path may already be set.
- Copy the Login and Logout URL from your applications SSO set up page and paste them into their respective fields.
- Toggle SAML Response is not UrlEncoded to true.
- Map the claim name specified in the Azure Portal to the matching storefront attribute.
By following these steps, you'll successfully configure Single Sign-On with Azure AD for your storefront, providing a seamless and secure authentication experience for your customers.