Customer authentication

Shopify Plus

Connecting your own identity provider is available only to stores on the Shopify Plus plan.

Anchor to How it worksHow it works

You can connect your own identity provider to Shopify customer accounts using OpenID Connect. Instead of signing in with Shopify's default login, customers authenticate through your identity provider and are redirected back to your store with an active session.

Your identity provider handles authentication and returns an ID token to Shopify. Shopify uses the email and sub claims from this token to identify the customer and create or resume their session. You can also pass additional claims to populate customer data automatically through claim import.

Note

If you're currently using Multipass or the Storefront API token flow with classic customer accounts, Shopify recommends migrating to a third-party identity provider. These legacy methods don't support claim import or new customer accounts.

Anchor to Third-party identity providers (IDPs)Third-party identity providers (IDPs)

To connect your identity provider, configure it through the Shopify admin. Your provider must be OpenID Connect compliant and support the authorization code flow.

If you're migrating from Multipass, use the following table to find the equivalent claims for the fields you currently use.

ID token claims	Shopify
`address` (for one address)	`Customer.addressesV2`
`family_name`	`Customer.lastName`
`given_name`	`Customer.firstName`
`phone_number`	`Customer.defaultPhoneNumber`
`urn:shopify:customer:tags`	`Customer.tags`
`urn:shopify:customer:addresses`	`Customer.addressesV2`

ID token claim import

Map ID token claims to customer fields so profiles populate on sign in through your custom third-party identity providers

Anchor to Provider guidesProvider guides

For provider-specific instructions on configuring custom claims for customer data enrichment, see the following guides:

Auth0

Configure Auth0 Actions to add custom Shopify claims to ID tokens

Okta

Configure Okta custom claims with app-level or authorization server settings

Microsoft Entra ID

Configure Microsoft Entra ID with optional claims and Claims Mapping Policies

Amazon Cognito

Configure Amazon Cognito with Pre Token Generation Lambda triggers for custom claims

Anchor to Legacy authentication with MultipassLegacy authentication with Multipass

You run an online community where members sign in to access exclusive content. Those members can also purchase products from your Shopify store. Without Multipass, they would need to log in twice: once on your site and again on Shopify.

Multipass login is for store owners who have a separate website and a Shopify store. It redirects users from the website to the Shopify store and seamlessly logs them in with the same email address they used to sign up for the original website. If no account with that email address exists yet, one is created. There is no need to synchronize any customer databases.

Implement Multipass login

Was this page helpful?