---
title: Customer authentication
description: Shopify Dev Docs
api_name: customer-authentication
source_url:
  html: https://shopify.dev/docs/api/customer-authentication/index
  md: https://shopify.dev/docs/api/customer-authentication/index.md
---

# Customer authentication

***

## How it works

You can connect your own identity provider to Shopify customer accounts using OpenID Connect. Instead of signing in with Shopify's default login, customers authenticate through your identity provider and are redirected back to your store with an active session.

Your identity provider handles authentication and returns an ID token to Shopify. Shopify uses the `email` and `sub` claims from this token to identify the customer and create or resume their session. You can also pass additional claims to populate customer data automatically through [claim import](https://shopify.dev/docs/api/customer-authentication/claim-import).

**Note:**

If you're currently using [Multipass](https://shopify.dev/docs/api/customer-authentication/multipass) or the Storefront API token flow with classic customer accounts, Shopify recommends migrating to a third-party identity provider. These legacy methods don't support claim import or new customer accounts.

***

## Third-party identity providers (IDPs)

To connect your identity provider, configure it through the [Shopify admin](https://help.shopify.com/en/manual/customers/customer-accounts/new-customer-accounts/identity-provider/connect). Your provider must be [OpenID Connect compliant](https://openid.net/specs/openid-connect-core-1_0.html) and support the authorization code flow.

If you're migrating from Multipass, use the following table to find the equivalent claims for the fields you currently use.

| ID token claims | Shopify |
| - | - |
| [`address`](https://shopify.dev/docs/api/customer-authentication/claim-import#address) (for one address) | [`Customer.addressesV2`](https://shopify.dev/docs/api/admin-graphql/latest/objects/customer#field-Customer.fields.addressesV2) |
| [`family_name`](https://shopify.dev/docs/api/customer-authentication/claim-import#name) | [`Customer.lastName`](https://shopify.dev/docs/api/admin-graphql/latest/objects/customer#field-Customer.fields.lastName) |
| [`given_name`](https://shopify.dev/docs/api/customer-authentication/claim-import#name) | [`Customer.firstName`](https://shopify.dev/docs/api/admin-graphql/latest/objects/customer#field-Customer.fields.firstName) |
| [`phone_number`](https://shopify.dev/docs/api/customer-authentication/claim-import#phone-number) | [`Customer.defaultPhoneNumber`](https://shopify.dev/docs/api/admin-graphql/latest/objects/customer#field-Customer.fields.defaultPhoneNumber) |
| [`urn:shopify:customer:tags`](https://shopify.dev/docs/api/customer-authentication/claim-import#tags) | [`Customer.tags`](https://shopify.dev/docs/api/admin-graphql/latest/objects/customer#field-Customer.fields.tags) |
| [`urn:shopify:customer:addresses`](https://shopify.dev/docs/api/customer-authentication/claim-import#addresses) | [`Customer.addressesV2`](https://shopify.dev/docs/api/admin-graphql/latest/objects/customer#field-Customer.fields.addressesV2) |

[ID token claim import\
\
](https://shopify.dev/docs/api/customer-authentication/claim-import)

[Map ID token claims to customer fields so profiles populate on sign in through your custom third-party identity providers](https://shopify.dev/docs/api/customer-authentication/claim-import)

### Provider guides

For provider-specific instructions on configuring custom claims for customer data enrichment, see the following guides:

[Auth0\
\
](https://shopify.dev/docs/api/customer-authentication/provider-guides/auth0)

[Configure Auth0 Actions to add custom Shopify claims to ID tokens](https://shopify.dev/docs/api/customer-authentication/provider-guides/auth0)

[Okta\
\
](https://shopify.dev/docs/api/customer-authentication/provider-guides/okta)

[Configure Okta custom claims with app-level or authorization server settings](https://shopify.dev/docs/api/customer-authentication/provider-guides/okta)

[Microsoft Entra ID\
\
](https://shopify.dev/docs/api/customer-authentication/provider-guides/microsoft-entra-id)

[Configure Microsoft Entra ID with optional claims and Claims Mapping Policies](https://shopify.dev/docs/api/customer-authentication/provider-guides/microsoft-entra-id)

[Amazon Cognito\
\
](https://shopify.dev/docs/api/customer-authentication/provider-guides/amazon-cognito)

[Configure Amazon Cognito with Pre Token Generation Lambda triggers for custom claims](https://shopify.dev/docs/api/customer-authentication/provider-guides/amazon-cognito)

***

## Legacy authentication with Multipass

You run an online community where members sign in to access exclusive content. Those members can also purchase products from your Shopify store. Without Multipass, they would need to log in twice: once on your site and again on Shopify.

Multipass login is for store owners who have a separate website and a Shopify store. It redirects users from the website to the Shopify store and seamlessly logs them in with the same email address they used to sign up for the original website. If no account with that email address exists yet, one is created. There is no need to synchronize any customer databases.

[Implement Multipass login\
\
](https://shopify.dev/docs/api/customer-authentication/multipass)

[Log in external-site users with a signed token and legacy Customer accounts.](https://shopify.dev/docs/api/customer-authentication/multipass)

***