ÈËÉú¾ÍÊDz©¡¤(Öйú)×ðÁúAGÆì½¢Ìü

ÈËÉú¾ÍÊDz©¡¤(Öйú)×ðÁúAGÆì½¢Ìü(LianLian Global)¹ÙÍøÊ×Ò³

ShopifyÕë¶ÔÄúµÄ×éÖ¯µÄ SAML Éí·ÝÑéÖ¤

ShopifyÑéÖ¤Shopify SAML
2022/06/02

Õë¶ÔÄúµÄ×éÖ¯µÄ SAML Éí·ÝÑéÖ¤

Shopify Plus

Shopify ×éÖ¯ºǫ́½öÊÊÓÃÓÚ Shopify Plus Ìײ͡£¡£¡£¡£¡£

ÈôÊÇÄúµÄ×é֯ʹÓà SAML ¶ÔÓû§¾ÙÐÐÉí·ÝÑéÖ¤£¬£¬£¬£¬£¬Ôò¿ÉÒÔ½« Shopify ×÷ΪӦÓÃÌí¼Óµ½ÄúµÄÉí·ÝÐÅÏ¢ÌṩÉÌ¡£¡£¡£¡£¡£ÉèÖÃÓ¦Óú󣬣¬£¬£¬£¬¾ßÓÐÓû§ÖÎÀí»á¼ûȨÏÞµÄÓû§¿ÉÒÔÒªÇóÄú×éÖ¯Öеĵ¥¸öÓû§»òËùÓÐÓû§Ê¹ÓÃÄúµÄ SAML Éí·ÝÐÅÏ¢ÌṩÉ̾ÙÐÐÉí·ÝÑéÖ¤¡£¡£¡£¡£¡£

±¾Ò³Ïà¹ØÖ÷Ìâ

  • ÉèÖà SAML Éí·ÝÑé֤֮ǰ

  • Ϊ×éÖ¯ÉèÖà SAML ÑéÖ¤

  • ÒªÇó SAML ÑéÖ¤

  • ɾ³ý SAML ÑéÖ¤

  • Ïà¹ØÁ´½Ó

ÉèÖà SAML Éí·ÝÑé֤֮ǰ

Ìá½»ÒªÑéÖ¤µÄÓòÃû»áÓ°ÏìÔÚ Shopify ÖеǼÄú×éÖ¯µÄÓû§¡£¡£¡£¡£¡£ÔÚ×îÏÈ֮ǰ£¬£¬£¬£¬£¬ÇëÉó²éÒÔÏÂ×¢ÖØÊÂÏî¡£¡£¡£¡£¡£

  • ½¨×°±¸·ÝÕË»§¡£¡£¡£¡£¡£

  • ÉèÖà Shopify ID¡£¡£¡£¡£¡£

Ϊ×éÖ¯ÉèÖà SAML ÑéÖ¤

ÄúÐèÒªÏÈÑéÖ¤ÄúµÄÓòÃû£¬£¬£¬£¬£¬È»ºó²Å»ªÉèÖà SAML ÉèÖᣡ£¡£¡£¡£

Äú²»±Ø±È¼°ÄúµÄÓòÃûͨ¹ýÑéÖ¤¼´¿É×îÏÈÉèÖÃÉèÖᣡ£¡£¡£¡£

×Ô¶¯ÉèÖÃÉèÖÃ

ÏÖÔÚ£¬£¬£¬£¬£¬Éí·ÝЧÀÍÌṩÉÌ Okta¡¢OneLogin ºÍ Azure ÌṩÕâЩÉèÖᣡ£¡£¡£¡£

°ì·¨£º

  1. ÔÚÄúµÄ Shopify ×éÖ¯ºǫ́ÖУ¬£¬£¬£¬£¬Ç°ÍùÓû§ > Çå¾²¡£¡£¡£¡£¡£

  2. ÔÚ SAML ÉèÖò¿·ÖÖУ¬£¬£¬£¬£¬µã»÷ÉèÖÃÉèÖᣡ£¡£¡£¡£

  3. ÔÚÄúµÄÉí·ÝÐÅÏ¢ÌṩÉÌÖУ¬£¬£¬£¬£¬Ìí¼Ó Shopify Plus Ó¦Óᣡ£¡£¡£¡£

  4. ÄúµÄЧÀÍÌṩÉ̽«ÎªÄúÌṩԪÊý¾Ý URL¡£¡£¡£¡£¡£ÔÚÉí·ÝÐÅÏ¢ÌṩÉÌÔªÊý¾Ý URL ×Ö¶ÎÖÐÊäÈë´ËÐÅÏ¢¡£¡£¡£¡£¡£ÊäÈë URL ºó£¬£¬£¬£¬£¬SAML ÉèÖÃÏêϸÐÅÏ¢»á×Ô¶¯Ìî³ä£¬£¬£¬£¬£¬ÏÖÔÚÎÞ·¨ÊÖ¶¯±à¼­¡£¡£¡£¡£¡£

  5. µã»÷Ìí¼Ó¡£¡£¡£¡£¡£

ÊÖ¶¯ÉèÖÃÉèÖÃ

ÈôÊÇÄúʹÓõÄÊÇ Okta¡¢OneLogin ºÍ Azure Ö®ÍâµÄÉí·ÝÐÅÏ¢ÌṩÉÌ£¬£¬£¬£¬£¬Ôò±ØÐèÊÖ¶¯ÊäÈëÉèÖÃÊý¾Ý¡£¡£¡£¡£¡£

Éí·ÝЧÀÍÌṩÉÌ¿ÉÄÜ»áΪijЩֵʹÓòî±ðµÄÃû³Æ¡£¡£¡£¡£¡£ÀýÈ磬£¬£¬£¬£¬Google µÄ SAML ¼¯³ÉʹÓàACS URL Ò»´ÊÀ´ÌåÏÖµ¥µãµÇ¼ URL¡£¡£¡£¡£¡£ÈôÊÇÄúÔÚÊÖ¶¯ÉèÖÃÉèÖÃʱÓöµ½¹ýʧ£¬£¬£¬£¬£¬ÇëÁªÏµÉí·ÝЧÀÍÌṩÉÌ»ñÈ¡×ÊÖú¡£¡£¡£¡£¡£

°ì·¨£º

  1. ÔÚÄúµÄ Shopify ×éÖ¯ºǫ́ÖУ¬£¬£¬£¬£¬Ç°ÍùÓû§ > Çå¾²¡£¡£¡£¡£¡£

  2. ÔÚ SAML ÉèÖò¿·ÖÖУ¬£¬£¬£¬£¬µã»÷ÉèÖÃÉèÖᣡ£¡£¡£¡£

  3. µã»÷ÏÔʾ SAML ÉèÖÃÉèÖᣡ£¡£¡£¡£

  4. ¸´ÖÆÒÔÏÂÖµ£¬£¬£¬£¬£¬²¢½«ÆäÌṩӦÄúµÄÉí·ÝÐÅϢЧÀÍÌṩÉÌ£¬£¬£¬£¬£¬Í¬Ê±ÌṩÉí·ÝÐÅÏ¢ÌṩÉÌ¿ÉÄÜÇëÇóµÄÈκÎÆäËûÐÅÏ¢¡£¡£¡£¡£¡£

    • ¼òµ¥µÇ¼ URL£ºhttps://accounts.shopify.com/saml/consume/organization/{organization ID}¡£¡£¡£¡£¡£Ã¿¸ö×éÖ¯¶¼ÓÐΨһµÄ ID¡£¡£¡£¡£¡£ÇëÔÚ SAML ÉèÖÃÏêϸÐÅÏ¢Öеļòµ¥µÇ¼ URL ÌõÄ¿Öи´ÖÆ´ËÖµ¡£¡£¡£¡£¡£

    • ÊÜÖÚ URI£¨SP ʵÌå ID£©£º https://accounts.shopify.com/saml_sp

    • ÐÕÃû ID ÃûÌ㺠Persistent

    • ÊôÐÔÉùÃ÷£ºfirst_name¡¢last_name¡¢ email

  5. ÄúµÄЧÀÍÌṩÉ̽«ÎªÄúÌṩԪÊý¾Ý URL¡£¡£¡£¡£¡£ÔÚÉí·ÝÐÅÏ¢ÌṩÉÌÔªÊý¾Ý URL ×Ö¶ÎÖÐÊäÈë´ËÐÅÏ¢¡£¡£¡£¡£¡£ÊäÈë URL ºó£¬£¬£¬£¬£¬SAML ÉèÖÃÏêϸÐÅÏ¢»á×Ô¶¯Ìî³ä£¬£¬£¬£¬£¬²¢ÇÒÎÞ·¨ÊÖ¶¯±à¼­¡£¡£¡£¡£¡£

  6. µã»÷Ìí¼Ó¡£¡£¡£¡£¡£

ÒªÇó SAML ÑéÖ¤

Ìí¼ÓÓòÃû²¢ÉèÖÃÉèÖú󣬣¬£¬£¬£¬ÇëÆÚ´ýÑéÖ¤Íê³É¡£¡£¡£¡£¡£µ±ÄúµÄÓòÃû״̬¸ü¸ÄΪÒÑÑéÖ¤ºó£¬£¬£¬£¬£¬Äú±ã¿ÉÒÔ¸ü¸Ä SAML Éí·ÝÑéÖ¤ÉèÖᣡ£¡£¡£¡£

SAML Éí·ÝÑéÖ¤µÄ×¢ÖØÊÂÏî

SAML Éí·ÝÑéÖ¤ÓÐÈý¸öÉèÖ㺱ØÐè¡¢Ìض¨Óû§ºÍ¹Ø±Õ¡£¡£¡£¡£¡£

ÈôÊÇÄúÑ¡ÔñÌض¨Óû§£¬£¬£¬£¬£¬Ôò¿ÉÒÔΪ Shopify ID ÓëÓû§Ò³ÃæÖÐÒÑÉ趨µç×ÓÓʼþÓòÃû¹ØÁªµÄÓû§ÉèÖÃÌض¨µÄµÇ¼ҪÇ󡣡£¡£¡£¡£ÈκÎδÉèΪҪÇó SAML Éí·ÝÑéÖ¤µÄÓû§¶¼¿ÉÒÔÕý³£µÇ¼¡£¡£¡£¡£¡£ÈôÊÇÑ¡Ôñ±ØÐ裬£¬£¬£¬£¬Ôò×éÖ¯ÖÐʹÓÃÒÑÉ趨µç×ÓÓʼþÓòÃûµÄËùÓÐÓû§¶¼±ØÐèʹÓà SAML Éí·ÝÑéÖ¤¾ÙÐеǼ¡£¡£¡£¡£¡£

×¢ÖØ

±ØÐèÉèÖûáÓ°ÏìÄú×éÖ¯Öн« Shopify ID ÓëÒÑÉ趨µç×ÓÓʼþÓòÃû¹ØÁªµÄËùÓÐÓû§£¬£¬£¬£¬£¬°üÀ¨µêÖ÷¡£¡£¡£¡£¡£ÔÚÒªÇóËùÓÐÓû§¶¼Í¨¹ý SAML Éí·ÝÑéÖ¤¾ÙÐеǼ֮ǰ£¬£¬£¬£¬£¬ÇëÏÈÓëÌض¨Óû§²âÊÔÄúµÄÉèÖᣡ£¡£¡£¡£

±ØÐèÉèÖûáÌæ»»Äú×éÖ¯ÖÐÓû§µÄËùÓÐСÎÒ˽¼ÒÇå¾²ÒªÇ󡣡£¡£¡£¡£ÈôÊÇÄúÉÔºó¸ü¸ÄÉèÖ㬣¬£¬£¬£¬ÔòÐèÒªÊÖ¶¯¸ü¸ÄÓû§µÄÉèÖᣡ£¡£¡£¡£

ÀýÈ磬£¬£¬£¬£¬ÄúÒѽ«ÓòÃûÉèÖÃΪÌض¨Óû§£¬£¬£¬£¬£¬²¢ÇÒ½«ÈýλÓû§ÉèÖÃΪÐèÒª SAML Éí·ÝÑéÖ¤¡£¡£¡£¡£¡£È»ºó£¬£¬£¬£¬£¬Äú½«Ç¿ÖƲ½·¥ÉèÖÃΪ±ØÐ裬£¬£¬£¬£¬ÒªÇó Shopify ID ÓëÒÑÉ趨µç×ÓÓʼþÓòÃû¹ØÁªµÄËùÓÐÓû§Ê¹Óà SAML Éí·ÝÑéÖ¤¡£¡£¡£¡£¡£ÉԺ󣬣¬£¬£¬£¬Äú½«Ç¿ÖƲ½·¥ÖØÐÂÉèÖÃΪÌض¨Óû§¡£¡£¡£¡£¡£ÏµÍ³²»ÔÙÇ¿ÖÆÒªÇó֮ǰµÄÈýλÓû§Ê¹Óà SAML Éí·ÝÑéÖ¤µÇ¼£¬£¬£¬£¬£¬ÄúÐèÒªÔÚÆäÓû§ÏêϸÐÅÏ¢Ò³ÃæÖÐÔÙ´ÎÉèÖᣡ£¡£¡£¡£

ÒªÇóÓû§Ê¹Óà SAML Ñé֤ʱ£¬£¬£¬£¬£¬ÏµÍ³¾Í»áɾ³ýÏÖÓÐË«ÖØÑéÖ¤µÄÒªÇ󡣡£¡£¡£¡£

SAML Éí·ÝÑéÖ¤»á»°Ò»Á¬ 6 Ì죬£¬£¬£¬£¬È»ºóÄúµÄÓû§¾ÍÐèÒªÔٴεǼ¡£¡£¡£¡£¡£ÈôÊÇÄú´ÓÉí·ÝÐÅÏ¢ÌṩÉÌµÄ Shopify Ó¦ÓóÌÐòÖÐɾ³ýÓû§£¬£¬£¬£¬£¬ËûÃÇÈÔ¿ÉÔÚ×î¶à 6 Ììʱ¼äÄÚ»á¼û Shopify¡£¡£¡£¡£¡£ÈôÒª×èÖ¹Óû§»á¼û×éÖ¯ºǫ́£¬£¬£¬£¬£¬ÇëÔÚ Shopify ×éÖ¯ºǫ́µÄÓû§Ò³ÃæÉÑþ³ØýÆä×éÖ¯»á¼ûȨÏÞ¡£¡£¡£¡£¡£

ÒªÇó SAML ÑéÖ¤

±¸×¢

Óû§ÎÞ·¨Ê¹Óà SAML Éí·ÝÑéÖ¤µÇ¼ Shopify POS¡£¡£¡£¡£¡£Óû§Ö»ÄÜʹÓð汾 8.72.0 »ò¸ü¸ß°æ±¾µÇ¼ Shopify Ó¦Óᣡ£¡£¡£¡£ÈôÊÇÄúÒªÇó¾É°æ Shopify Ó¦ÓÃµÄ POS Óû§»òÒƶ¯Óû§Ê¹Óà SAML Éí·ÝÑéÖ¤£¬£¬£¬£¬£¬ËûÃǽ«ÎÞ·¨µÇ¼¡£¡£¡£¡£¡£ÈôÊÇÄú×éÖ¯ÖеÄÓû§ÐèÒªµÇ¼ÕâЩӦÓóÌÐò£¬£¬£¬£¬£¬Ôò²»Ó¦½«ÕâЩӦÓóÌÐòÉèÖÃΪÐèÒª SAML Éí·ÝÑéÖ¤¡£¡£¡£¡£¡£

°ì·¨£º

  1. ÔÚÄúµÄ Shopify ×éÖ¯ºǫ́ÖУ¬£¬£¬£¬£¬Ç°ÍùÓû§ > Çå¾²¡£¡£¡£¡£¡£

  2. ÔÚ SAML ÑéÖ¤²¿·Ö£¬£¬£¬£¬£¬µã»÷¸ü¸ÄÉèÖᣡ£¡£¡£¡£

  3. Ñ¡ÔñÑéÖ¤ÉèÖᣡ£¡£¡£¡£

  4. µ¥»÷ÉúÑÄ¡£¡£¡£¡£¡£

ɾ³ý SAML ÑéÖ¤

ÈôÊÇ SAML Éí·ÝÑéÖ¤ÉèÖÃΪ¹Ø±Õ£¬£¬£¬£¬£¬Äú×éÖ¯ÖÐ Shopify ID ÓëÉ趨µç×ÓÓʼþÓòÃû¹ØÁªµÄËùÓÐÓû§¶¼¿ÉÒÔʹÓÃËûÃǵÄÃÜÂëºÍµç×ÓÓʼþµØµãµÇ¼¡£¡£¡£¡£¡£

°ì·¨£º

  1. ÔÚÄúµÄ Shopify ×éÖ¯ºǫ́ÖУ¬£¬£¬£¬£¬Ç°ÍùÓû§ > Çå¾²¡£¡£¡£¡£¡£

  2. ÔÚ SAML ÑéÖ¤²¿·Ö£¬£¬£¬£¬£¬µã»÷¸ü¸ÄÉèÖᣡ£¡£¡£¡£

  3. Ñ¡Ôñ¹Ø±Õ¡£¡£¡£¡£¡£

  4. µ¥»÷ÉúÑÄ¡£¡£¡£¡£¡£

Ïà¹ØÁ´½Ó

  • Óû§

  • Çå¾²

  • Okta£ºÈç×÷Éõ Shopify Plus ÉèÖà SAML 2.0

  • Azure Active Directory µ¥µãµÇ¼ (SSO) Óë Shopify Plus ¼¯³É

ShopifyÉÌ»§¹ÙÍøÔ­ÎÄÏêÇ飺

SAML authentication for your organization

Shopify Plus

The Shopify organization admin is only available to the Shopify Plus plan.

If your organization uses SAML to authenticate users, then you can add Shopify as an app with your identity provider. After your app has been set up, users who have the User management access can require either individual users or all the users in your organization to authenticate their identity using your SAML identity provider.

On this page

Before you set up SAML authentication

Submitting a domain to be verified has implications for the users logging in to your organization on Shopify. Before you begin, review the following considerations.

Set up SAML authentication for your organization

Before you can set up your SAML configuration, you need to verify your domain.

You don't have to wait until your domain is verified to start setting up your configuration.

Setting up configurations automatically

Configurations are currently available for identity service providers Okta, OneLogin, and Azure.

Steps:

  1. In your Shopify organization admin, go to Users > Security.

  2. In the SAML configuration section, click Set up configuration.

  3. In your identity provider, add the Shopify Plus app.

  4. Your service provider will provide you with a metadata URL. Enter this in the Identity provider metadata URL field. After the URL has been entered, the SAML configuration details are populated automatically, and currently can't be edited manually.

  5. Click Add.

Setting up configurations manually

If you use an identity provider other than Okta, OneLogin, and Azure, then you must manually enter configuration data.

Identity service providers might use different names for some values. For example, Google's SAML integration uses the term ACS URL to refer to the Single sign-on URL. If you encounter errors while setting up your configurations manually, then contact the identity service provider for assistance.

Steps:

  1. In your Shopify organization admin, go to Users > Security.

  2. In the SAML configuration section, click Set up configuration.

  3. Click View SAML configuration settings.

  4. Copy the following values and provide them to your identity service provider, along with any additional information the identity provider might request.

  5. Your service provider will provide you with a metadata URL. Enter this in the Identity provider metadata URL field. After the URL has been entered, the SAML configuration details are populated automatically, and can't be edited manually.

  6. Click Add.

Requiring SAML authentication

After you have added your domain and set up your configuration, wait until verification is complete. When the status of your domain changes to Verified, you can change your SAML authentication settings.

Considerations for SAML authentication

There are three settings for SAML authentication: RequiredSpecific users, and Off.

If you select Specific users, then you can set specific login requirements for your users that have Shopify IDs associated with the set email domain from the Users page. Any user who isn't set to require SAML authentication can log in normally. If you select Required, then all users in your organization with the set email domain must use SAML authentication to log in.

Caution

The Required setting affects all users in your organization who have Shopify IDs associated with the set email domain, including the store owner. Before you require all users to use SAML authentication to log in, test your setup with Specific users first.

The Required setting replaces all individual security requirements for users in your organization. If you change your setting at a later date, then you need to manually change the settings for your users.

For example, you have your domain set to Specific users and have three users set to require SAML authentication. You then set enforcement to Required, requiring all users who have Shopify IDs associated with the set email domain to use SAML authentication. Later, you set your enforcement back to Specific users. The three users that were required to log in using SAML authentication are no longer enforced, and must be set up again in their user detail page.

Requiring a user to use SAML authentication removes existing two-factor authentication requirements.

SAML authentication sessions last for six days before your users are required to log in again. If you remove a user from the Shopify application in your identity provider, then they will still be able to access Shopify for up to six days. To prevent users from accessing your organization admin, remove their organization accesses on the Users page in the Shopify organization admin.

Require SAML authentication

Note

Users can't log into Shopify POS using SAML authentication. Users can log into the Shopify app only using version 8.72.0 or later. If you require POS users or mobile users on an older version of the Shopify app to use SAML authentication, then they will be unable to log in. If users in your organization need to log in to these applications, then they should not be set to require SAML authentication.

Steps:

  1. In your Shopify organization admin, go to Users > Security.

  2. In the SAML authentication section, click Change setting.

  3. Choose an authentication setting.

  4. Click Save.

Remove SAML authentication

When SAML authentication is set to Off, then all users in your organization who have Shopify IDs associated with your set email domain can log in using their password and email address.

Steps:

  1. In your Shopify organization admin, go to Users > Security.

  2. In the SAML authentication section, click Change setting.

  3. Select Off.

  4. Click Save.

Related links


ÎÄÕÂÄÚÈÝȪԴ£ºShopifyÉÌ»§¹Ù·½ÍøÕ¾

¸ü¶à
¡¾ÍøÕ¾µØͼ¡¿¡¾sitemap¡¿