--- title: Single sign-on description: >- Redirect customers from your site into your Shopify store already signed in through your third-party identity provider. source_url: html: 'https://shopify.dev/docs/api/customer-authentication/single-sign-on' md: 'https://shopify.dev/docs/api/customer-authentication/single-sign-on.md' --- # Single sign-on **Shopify Plus:** Single sign-on through a third-party identity provider is available only to stores on the [Shopify Plus](https://www.shopify.com/plus) plan. Single sign-on (SSO) lets a customer who is already signed in on your site continue into your Shopify store (storefront, cart, checkout, or customer account pages) without re-entering credentials. Shopify delegates authentication to the [third-party identity provider](https://shopify.dev/docs/api/customer-authentication#third-party-identity-providers-idps) you've connected to your store, and the customer is signed in silently when their identity-provider session is still active. This is the recommended replacement for [Multipass](https://shopify.dev/docs/api/customer-authentication/multipass) for stores that have a third-party identity provider configured. *** ## Requirements * Your store must be on a [Shopify Plus](https://www.shopify.com/plus) plan. * A [third-party identity provider](https://shopify.dev/docs/api/customer-authentication#third-party-identity-providers-idps) is configured for your store. *** ## Trigger the flow Redirect the customer to the `/customer_authentication/login` endpoint on your storefront with two query parameters: https://{shop}.myshopify.com/customer\_authentication/login?login\_hint=customer\@example.com\&return\_to=/cart | Parameter | Required | Description | | - | - | - | | `login_hint` | Yes | The customer's email address. Passed through to your identity provider as the OpenID Connect [`login_hint`](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) parameter. | | `return_to` | Yes | A relative path on the same shop to redirect the customer to after authentication. Examples: `/`, `/products/{handle}`, `/cart`, `/cart/{variant_id}:{quantity}`, `/checkout`. | *** ## How it works When the customer arrives at `/customer_authentication/login`, Shopify starts an OpenID Connect authorization request against your identity provider with `prompt=none` and the `login_hint` you supplied. How Shopify directs customers depends on whether there is an active session with the identity provider: * If the customer has an active session with your identity provider, the provider returns an ID token without prompting them. Shopify creates or resumes the customer's session and redirects them to `return_to`. * If the customer doesn't have an active session, your identity provider responds with an error. Shopify falls back to your provider's sign-in page so the customer can authenticate, then continues to `return_to`. The `prompt=none` and `login_hint` semantics are part of the [OpenID Connect specification](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). Your identity provider must support them for the silent path to work. *** ## Example Redirect the customer to the cart with a specific variant pre-loaded: /customer\_authentication/login?login\_hint=customer\@example.com\&return\_to=/cart/44321456:1 *** ## Related [Third-party identity providers\ \ ](https://shopify.dev/docs/api/customer-authentication#third-party-identity-providers-idps) [Connect your own OpenID Connect identity provider to Shopify customer accounts](https://shopify.dev/docs/api/customer-authentication#third-party-identity-providers-idps) ***