Overview
SecurePie SSO enables Single Sign-On for your Shopify store, allowing customers to log in using their existing social or enterprise accounts. This guide covers installation, configuration, and best practices.
1 App Navigation
After installing SecurePie SSO, you'll find these sections in the app:
SSO Providers
Users
AI Insights
Pricing
Settings
- SSO Providers – Configure and manage identity providers (SAML/OAuth)
- Users – View customers who have logged in via SSO
- AI Insights – Analytics and recommendations
- Pricing – Manage your subscription plan
- Settings – General app settings and preferences
2 Adding an SSO Provider
Click "Add Provider" to start the setup wizard. The process follows these steps:
1. Choose Provider Type
→
2. Provider Details
→
3. Configuration
→
4. Test & Activate
Step 1: Select Authentication Protocol
| Protocol | Use Case |
|---|
| SAML 2.0 | Enterprise SSO with SAML protocol (Microsoft Entra ID, Okta, Salesforce, OneLogin) |
| OAuth 2.0 | Social login and OAuth providers (Google, Microsoft, Facebook, Auth0, Custom) |
Step 2: Choose Your Provider
Popular OAuth Providers (Pre-configured)
- Google – Google Workspace / Gmail accounts
- Facebook – Facebook Login
- Microsoft – Microsoft Account (personal & work)
- Auth0 – Auth0 by Okta
Other Options
- Custom OAuth – Any OAuth 2.0 / OIDC Provider (configure manually)
Step 3: Provider Details
Enter the Display Name – this is the name shown on the login button (e.g., "Sign in with Acme Corp").
Step 4: Configuration
For Custom OAuth / OIDC Providers:
⚠️ Important: First, add the Redirect URI below to your OAuth application settings (Google Cloud Console, Microsoft Azure, etc.)
Redirect URI (copy this to your OAuth app):
https://sso.securepie.com/api/auth/oidc/custom_oauth/callback
Client ID *
Your Custom OAuth application Client ID
Client Secret *
Your Custom OAuth application Client Secret
Issuer URL / Domain *
The OIDC issuer URL (must support /.well-known/openid-configuration)
Example: https://auth.example.com
Click "Show Advanced Settings" for additional configuration options if needed.
For SAML 2.0 Providers:
Entity ID / Issuer *
Your Identity Provider's Entity ID
SSO URL *
SAML Single Sign-On URL from your IdP
Certificate *
X.509 Certificate from your Identity Provider
Step 5: Test & Activate
Test the configuration before going live. Once verified, activate the provider.
3 Enable Theme App Extension
⚠️ Important: You must enable the Theme App Extension to display SSO login buttons on your store!
Follow these steps to enable the SSO buttons on your storefront:
- Go to Shopify Admin → Online Store → Themes
- Click Customize on your active theme
- In the theme editor, click App embeds (bottom-left panel)
- Find SecurePie SSO in the list
- Toggle it ON to enable
- Click Save
Tip: After enabling, the SSO buttons will automatically appear on your login (/account/login) and registration (/account/register) pages.
4 Managing SSO Providers
In the SSO Providers tab, you can view and manage all configured providers:
| Column | Description |
|---|
| Provider | Name and type (SAML/OIDC) |
| Status | Active or Inactive |
| Logins | Number of successful authentications |
| Last Used | Date of last login |
| Actions | Disable, Edit, Delete |
Quick Tips:
- Click on a provider row to edit its configuration
- Disable a provider to temporarily stop logins without deleting it
- Test your configuration before enabling in production
5 Security Features
| Feature | Description |
|---|
| OAuth 2.0 / SAML 2.0 | Industry-standard secure authentication protocols |
| Token Encryption | All tokens encrypted at rest |
| No Password Storage | Credentials handled by identity providers |
| Session Management | Configurable session timeouts |
| Audit Logs | Track all login events in Users tab |
6 Customer Experience
How It Works for Customers
- Customer visits your store's login page
- Clicks "Sign in with [Provider]" button
- Authenticates with their existing account
- Automatically redirected back to your store, logged in
- Account created/linked automatically
Account Linking
- If email matches existing customer, accounts are linked
- Customers can link multiple providers to one account
7 Testing
Recommended Test Flow:
- Configure at least one SSO provider
- Enable the Theme App Extension (Step 3)
- Open your store in an incognito/private window
- Navigate to
/account/login
- Verify SSO buttons are displayed
- Click a login button and complete authentication
- Check the Users tab in SecurePie to verify the login was recorded
- Verify account creation in Shopify Admin → Customers
8 Troubleshooting
| Issue | Solution |
|---|
| SSO buttons not showing | Enable Theme App Extension (Step 3), clear browser cache |
| Login fails | Verify provider configuration, check browser console for errors |
| "Redirect URI mismatch" error | Add the exact Redirect URI from Step 4 to your OAuth app settings |
| Customer not created | Check Shopify customer permissions for the app |
| SAML errors | Verify certificate hasn't expired, check Entity ID matches |
| OIDC discovery failed | Ensure Issuer URL supports /.well-known/openid-configuration |
9 Data & Privacy
- SecurePie only accesses: Email, Name, Profile Picture
- No passwords are stored
- GDPR compliant
- Data processed securely
Need Help?
Our support team is here to assist you with setup and configuration.
Email: support@securepie.com
In-App Chat: Click "Compose your reply" in the app
Response Time: Within 24 hours