Identity Provider

Okta Integration

Enable your Okta users to sign in to your Shopify store using their corporate credentials with SAML 2.0 or OIDC.

12 min setup
SAML 2.0 & OIDC

Prerequisites

  • Okta admin access (Application Administrator or higher)
  • SecurePie Professional or Enterprise plan
  • Your SecurePie Organization ID

Setup Instructions

1

Access Okta Admin Console

Log in to your Okta Admin Console to create a new SAML application.

  1. 1.Navigate to your Okta admin URL (e.g., yourcompany-admin.okta.com)
  2. 2.Sign in with your admin credentials
  3. 3.Go to Applications → Applications
2

Create SAML Application

Create a new SAML 2.0 application for SecurePie.

  1. 1.Click "Create App Integration"
  2. 2.Select "SAML 2.0" as the sign-in method
  3. 3.Click "Next"
  4. 4.Enter "SecurePie SSO" as the App name
  5. 5.Optionally upload the SecurePie logo
  6. 6.Click "Next"
3

Configure SAML Settings

Enter the SecurePie SAML configuration in Okta.

  1. 1.Enter the Single sign-on URL (ACS URL)
  2. 2.Enter the Audience URI (Entity ID)
  3. 3.Set Name ID format to "EmailAddress"
  4. 4.Set Application username to "Email"
Configuration
// SAML Settings
{
  "Single sign-on URL": "https://securepie.com/saml/acs/your-org-id",
  "Audience URI (SP Entity ID)": "https://securepie.com/saml/your-org-id",
  "Default RelayState": "", // Leave empty
  "Name ID format": "EmailAddress",
  "Application username": "Email"
}
4

Configure Attribute Statements

Map Okta user attributes to SAML assertions.

  1. 1.Scroll down to "Attribute Statements"
  2. 2.Add the required attribute mappings
  3. 3.Click "Next" when done
Configuration
// Attribute Statements
Name            →    Value
─────────────────────────────────────────
email           →    user.email
firstName       →    user.firstName
lastName        →    user.lastName

// Group Attribute Statements (Optional)
Name            →    Filter
─────────────────────────────────────────
groups          →    Matches regex: .*
5

Complete App Creation

Finish the application setup and download metadata.

  1. 1.Select "I'm an Okta customer adding an internal app"
  2. 2.Click "Finish"
  3. 3.On the "Sign On" tab, find "SAML Signing Certificates"
  4. 4.Click "Actions" → "View IdP metadata"
  5. 5.Save the metadata XML file
6

Assign Users and Groups

Assign users or groups to the SecurePie application.

  1. 1.Go to the "Assignments" tab
  2. 2.Click "Assign" → "Assign to People" or "Assign to Groups"
  3. 3.Select the users or groups who should have access
  4. 4.Click "Save and Go Back"
7

Configure SecurePie

Upload the Okta metadata to SecurePie to complete the integration.

  1. 1.Log in to your SecurePie dashboard
  2. 2.Go to Settings → Identity Providers
  3. 3.Click "Add Provider" → "Okta"
  4. 4.Upload the IdP metadata XML file
  5. 5.Click "Save" and test the connection

Advanced: SCIM Provisioning

Enable automatic user provisioning and deprovisioning with SCIM 2.0. When users are added or removed in Okta, changes sync automatically to SecurePie and Shopify.

Supported Operations

  • • Create users
  • • Update user attributes
  • • Deactivate users
  • • Sync groups

SCIM Endpoint

https://api.securepie.com/scim/v2/your-org-id

Common Issues

Invalid SAML Response signature

Ensure you're using the correct certificate. In Okta, go to Sign On → SAML Signing Certificates and verify the active certificate matches what's configured in SecurePie.

User not assigned to app

The user must be assigned to the SecurePie application in Okta. Check Assignments tab and ensure the user or their group is listed.

Attributes not mapping correctly

Verify the attribute statement names match exactly what SecurePie expects. Names are case-sensitive (email, firstName, lastName).

Need Help?

Our support team can help you configure Okta, including advanced features like SCIM provisioning and Okta Workflows.

Contact SupportBack to Docs