Single sign-on
Single sign-on through a third-party identity provider is available only to stores on the Shopify Plus plan.
Single sign-on through a third-party identity provider is available only to stores on the Shopify Plus plan.
Single sign-on (SSO) lets a customer who is already signed in on your site continue into your Shopify store (storefront, cart, checkout, or customer account pages) without re-entering credentials. Shopify delegates authentication to the third-party identity provider you've connected to your store, and the customer is signed in silently when their identity-provider session is still active.
This is the recommended replacement for Multipass for stores that have a third-party identity provider configured.
Anchor to RequirementsRequirements
- Your store must be on a Shopify Plus plan.
- A third-party identity provider is configured for your store.
Anchor to Trigger the flowTrigger the flow
Redirect the customer to the /customer_authentication/login endpoint on your storefront with two query parameters:
| Parameter | Required | Description |
|---|---|---|
login_hint | Yes | The customer's email address. Passed through to your identity provider as the OpenID Connect login_hint parameter. |
return_to | Yes | A relative path on the same shop to redirect the customer to after authentication. Examples: /, /products/{handle}, /cart, /cart/{variant_id}:{quantity}, /checkout. |
Anchor to How it worksHow it works
When the customer arrives at /customer_authentication/login, Shopify starts an OpenID Connect authorization request against your identity provider with prompt=none and the login_hint you supplied.
How Shopify directs customers depends on whether there is an active session with the identity provider:
- If the customer has an active session with your identity provider, the provider returns an ID token without prompting them. Shopify creates or resumes the customer's session and redirects them to
return_to. - If the customer doesn't have an active session, your identity provider responds with an error. Shopify falls back to your provider's sign-in page so the customer can authenticate, then continues to
return_to.
The prompt=none and login_hint semantics are part of the OpenID Connect specification. Your identity provider must support them for the silent path to work.
Anchor to ExampleExample
Redirect the customer to the cart with a specific variant pre-loaded:
