Authentication Providers and Single Sign-On (SSO)
StoreConnect supports a number of login methods for store users. By default a username+password login is provided, to provide alternative login options you will need to create an Authentication Provider.
Supported Authentication Options:
Configuring Authentication Providers
Authentication Providers can be created from the store’s Authentication Providers related list.
StoreConnect (Username + Password)
If no active Authentication Providers exist for a store, then a username/password login will be available by default.
If you wish to allow multiple login options and still provide username/password login, you will need to create a StoreConnect Authentication Provider for the store. Other than Provider and Active, all fields can be left blank.
| StoreConnect Field | Local Provider Value |
|---|---|
| Provider | StoreConnect |
| Authorised Domains | |
| Client Id | |
| Client Secret | |
| Provider URL | |
| Reset Password URL |
Azure ActiveDirectory
| StoreConnect Field | Local Provider Value |
|---|---|
| Provider | Azure |
| Authorised Domains | |
| Client Id | Azure Client ID |
| Client Secret | |
| Provider URL | Azure Base URL |
| Reset Password URL |
The Base URL here is the URL of your Azure login page, it may be similar to: https://<your account>.b2clogin.com/<your account>.onmicrosoft.com/B2C_1A_signup_signin. To test if your URL is correct you should be able to add /discovery/keys to the end of the URL and visit it in a browser, if the URL is correct you should see something similar to this:
{
"keys": [
{"kid":"EU323HFCv3ZRmOgTOGLXcFsjlnq0RzRhzKsSGFXLDyk3","use":"sig","kty":"RSA","e":"AQAB","n":"DJjEXl+VZ9m8fn9gUv/an+4llIwXKYcYaNpR3CgZ83lr+Su+OCG9QcsFWKXbylo3xqyiYTmOmGHGMlq4enzm7T4JmM7EDizBrLfiLbw1x6hXkPLrEAS4Pre4W8p6sI+11TVFawPKIGShzcjBz9RQ6QbZWZA6iuxw40iHNg5/DHZjC1nEEJQ506jyeePpJNpP8gTUBx8TwzJdnMItcMMSOcV0dH5hPpbEJkl0mTLvwUhaAXQjXa-TcqqvsJq58C3zxBU0rOLJFeZ9oDtC965f9VC58b3duFyiPg4JhYySPhZ4R+9nLPq4xceZGj1pDRMd6I2w704MjFXLgmQXzKqsiIfI"}
]
}
Callback URL
In your ActiveDirectory configuration you will need to add the callback URL to the list of permitted URLs: https://your-store-domain/logins/auth/azure/callback.
Reset Password URL
Due to security limitations, StoreConnect is not able to initiate a password reset for an ActiveDirectory account. To support password reset, the ‘reset password’ flow on the store will redirect the user to the Reset Password URL if it is present. If left blank, the store will not show a ‘reset password’ link.
| StoreConnect Field | Local Provider Value |
|---|---|
| Provider | |
| Authorised Domains | |
| Client Id | Google OAuth Client ID |
| Client Secret | Google OAuth Client Secret |
| Provider URL | |
| Reset Password URL |
To generate your credentials, follow these instructions from Google: Oauth Access
Reset Password URL
Due to security limitations, StoreConnect is not able to initiate a password reset for an Google account. To support password reset, the ‘reset password’ flow on the store will redirect the user to the Reset Password URL if it is present. If left blank, the store will not show a ‘reset password’ link. For Google, you may use: https://support.google.com/mail/answer/41078 as the password reset URL, to direct users to Google’s own support page.
What Details are Saved on a New Contact
When a new website account is created using an SSO provider service, these values are saved on the new Contact record:
| SSO Provider | Salesforce Contact Record |
| First Name | First Name |
| Last Name | Last Name |
| Username | |
| Phone | Phone |
Experience Cloud
To allow login from Experience Cloud requires more configuration in Salesforce than other Authentication Providers, please follow the dedicated Experience Cloud Login guide.
Back to Documentation