1. Starshipit
  2. Settings, billing & security
  3. Security & updates

Single sign-on (SSO)

Updated
Plan Starter Professional Enterprise
  Grey Cross.svg Grey Cross.svg Blue tick.svg

Overview

  • Single sign-on (SSO) allows you to integrate your existing identity providers (IDPs) with Starshipit.
  • SSO provides a seamless and secure login experience for your users while maintaining full control over access and security policies.
  • This also means that your existing IDP system can provide MFA for your logins.
  • Learn more about user management with Starshipit.

Table of contents

Why SSO?

Enterprise organisations often have centralised user identity stores and mature processes for managing user access. With our new SSO feature, you can leverage your existing systems, such as Azure Entra ID (formerly Azure AD), Okta, and others, to manage access to our platform. Some of the benefits of using SSO are:

  • Full control over user access and security policies, including MFA requirements, password complexity, and access token lifespan.
  • Streamlined user onboarding and offboarding processes.
  • Enhanced security through centralised management of login events, password resets, and MFA.
  • Simplified access management without reliance on third-party support.

Prerequisites

  • You must have users already set up in Starshipit as your identity provider will map to existing accounts.
  • The Starshipit account email must be the same as the email address in your identitify provider.

Set up

To set up Single Sign-On (SSO) with Starshipit, please follow the guides below for submitting your Identity Provider (IDP) and configuring Starshipit as an application.

Okta

  1. In the Okta dashboard, navigate to Applications.
  2. Click Add App.
  3. Select OIDC - OpenID Connect for the Sign-in method.
  4. Select Web Application for the Application type.
  5. Under Sign-in redirect URIs, enter the callback URL provided by Starshipit.
    https://auth.starshipit.com/oidc/{your_tenant_name}/callback
    Example: https://auth.starshipit.com/oidc/mystore/callback
  6. Ensure the scopes openid, profile and email are included.
  7. Copy the following values from Okta and send it securely to Starshipit:
    1. Client ID
    2. Client Secret
    3. Okta OIDC Issuer URI
  8. Okta provides default claims. If customisation is required, configure these under Mappings.
  9. Assign users or groups to the application.

Auth0

  1. In the Auth0 dashboard, navigate to Applications > Create Application.
  2. Select Regular Web Applications.
  3. Under the Settings tab, locate the Allowed Callbacks URLs field.
  4. Enter the callback URL in the following format:
    https://auth.starshipit.com/oidc/{your_tenant_name}/callback
    Example: https://auth.starshipit.com/oidc/mystore/callback
  5.  Ensure the scopes openid, profile and email are included.
  6. Copy the following values from Auth0 and send it securely to Starshipit:
    1. Client ID
    2. Client Secret
    3. Issuer URI
  7. (Optional) To map additional claims, go to Rules or Actions and create a rule to modify tokens.
  8. Save your settings.

Entra ID (Azure Active Directory)

  1. In Azure, navigate to Azure Active Directory > App registrations > New registration.
  2. Under Redirect URIs, enter the callback URL in the following format:
    https://auth.starshipit.com/oidc/{your_tenant_name}/callback
    Example: https://auth.starshipit.com/oidc/mystore/callback
  3. Choose Web as the platform.
  4. Ensure the scopes openid, profile and email are included.
  5. Copy the following values from Entra ID and send it securely to Starshipit:
    1. Client ID
    2. Client Secret
      To create the application secret:
      1. Go to Certificates & secrets > Select New client secret.
      2. In the Description field, enter a description/label.
      3. Under the Expires drop-down field, select a duration.
      4. Click Add to create the client secret.
    3. Issuer URI
  6. (Optional) If you need to customise your claims, configure these under Token configuration.
  7. Assign users or groups and configure API permissions as required.

Other (Older Identitify Providers that use SAML and LDAP are not supported)

  1. In your Identity Provider (IdP) dashboard, navigate to where you can create/manage applications.
  2. Create a new application and select OIDC or OpenID Connect as the protocol.
  3. In the application configuration, locate the Redirect or Callback URL field.
  4. Enter the callback URL in the following format:
    https://auth.starshipit.com/oidc/{your_tenant_name}/callback
    Example: https://auth.starshipit.com/oidc/mystore/callback
  5.  Ensure the scopes openid, profile and email are included.
  6. Copy the following values from Okta and send it securely to Starshipit:
    1. Client ID
    2. Client Secret
    3. Issuer URI/Authority
  7. (Optional) Map additional claims as needed.
  8. Save your settings.

Once the Starshipit team has enabled SSO for your organisation, you can start using your new SSO auth by logging in via your dedicated login URL e.g. https://auth.starshipit.com/oidc/{your_tenant_name}.

Alternatively, you can use the Continue with SSO button on the Starshipit login page and enter {your_tenant_name} in the box when prompted for your SSO domain.

Note

The embedded Shopify app has strict cookie and external authentication provider restrictions. As such, customers wanting to sign in using SSO must use Starshipit in a separate browser tab.

Articles in this section

Want to deliver great shipping experiences?

Start a 30-day free trial or book a demo with one of our shipping experts

Was this article helpful?
0 out of 1 found this helpful

We're sorry you didn't find this helpful - please help improve this article!

We're always looking for ways to get it right.Please help others by submitting your feedback here