Skip to main content
All CollectionsAdvanced HelpAdmin Users
Okta and Azure Single Sign-on on Storefronts by EvolutionX
Okta and Azure Single Sign-on on Storefronts by EvolutionX

Okta and Azure, and any Auth0, Okta and Azure are supported for

Written by Byron Beleris
Updated over a week ago

EvolutionX can support Okta and Azure Single Sign-on for Storefront users through it's Auth0 integration. Auth0 is an authentication and authorization platform supported using an EvolutionX App store integration. It provides all the tools necessary to build and run a secure identity infrastructure for authentication and central password management.

This doesn't require an Auth0 account to implement as the solution is provided by EvolutionX using Auth0 infrastructure.


To enable the Auht0 Integration in the app store you can request it from our sales team or contact us using the chat in Admin. The app is found in the app store and, once it's enabled for your store, can be installed easily.

Do not enter any information in the form and click save to install the app.

The auth0 Client ID and Auth0 Client secret are automatically generated when the save button is clicked. All the processes required to create and enable the Auth0 application for the store are happening in the background.

Customer Setup

The distributor's customer must setup the website connection in their IDP domain. Copy the link of the following instructions and send it to the customer to complete. Request that the customer returns to you their Connection type (Okta or Azure AD), Domain, Client ID, and Client Secret after completing the steps.

On receipt of the customer's Connection type (Okta or Azure AD), Domain, Client ID, and Client Secret, continue with the customer setup below.

Setup Customers

To set up the customer connection, go to Customers -> Accounts -> Select Account -> Edit

In the SSO Configuration section click on the Setup Connection button

A pop-up will show where the appropriate fields for each connection type show.

By clicking Setup Connection the connection will be created and activated in Auth0.

Setup users

A user must be setup on the Customer Account in EvolutionX Admin before it can be used for Sign Sign-on. The user will not be automatically generated.

If you use parent and child accounts, a user can sign in and change accounts based on their account access restrictions. Read more about parent an child accounts here.

Users need to be set as the SSO user type to login using Auth0. To set up the user type, go to Customers -> Users -> Select user -> Edit or using the API.

In the Profile Details section, change the user type to SSO.

SSO User Restrictions

Note that the SSO User Type includes the following features:

  • User can sign in using Single Sign On with their domain if the customer is setup.

  • User cannot sign in using a login and password.

  • User cannot change their email address in the storefront.

  • User cannot reset their storefront user password.

Storefront login

If the Auth0 app is activated, the login form will only show the email field.

The user will add the email and if the email belongs to an account or a parent account that has configured the SSO connection, they will be redirected to Auth0 to log in using their Okta or Azure credentials. If the user doesn't have a connection associated or the user type is not set to SSO, the password field will show up and they can log in using their password.

Customer Setup steps for Okta

The distributor's customer can follow these steps to setup the store for use with Single Sign on.

  1. Go to your Okta account

  2. Go to Applications in your Organization dashboard

  3. Click to create a new application

  4. Select OIDC - OpenID Connect for Sign-in Method and Web Application for the Application type. Then, click next


  5. Set your App integration name and set the Sign-in redirect URIs. If the store is in EU/UK, the URL is If the store is in US, the URL is These URLs are also shown after the connection setup on the Customer edit page.


  6. Assing users to this application in the Assignments section

  7. Save the configuration

  8. Get the credentials to use in EvoX Customer Connection setup
    i) The Domain is located on the top right, by clicking the profile, a dropdown will show. You can see the domain under the user name and email.
    ii) The Client ID and the Client Secret are located in the application, in the General tab, in the Client Credentials Section

  9. Add them to the Customer connection and click to setup

  10. Confirm that the callback URL you see in the Customer edit area is the correct one you have set up in the Okta application.

  11. Now, you can use Okta to login to the storefront

Customer Setup steps for MS Azure AD

  1. Go to Azure Active Directory.

  2. On Overview, you can see the Primary domain. That will be used for the Domain field in the EvoX Customer Connection setup.

  3. On the sidebar click on App registrations.

  4. Click New Registration.

  5. Give a name to the new application.

  6. Leave "Accounts in this organizational directory only (Default Directory only - Single tenant)" selected and click the register button.

  7. Then you will see the Application Overview page. There the Application (client) ID is the one that will be used in the Client ID field in the EvoX Customer Connection setup.

  8. See Client credentials. Click on Add a certificate or secret.

  9. Click New client secret.

  10. Add a description and select the expiry date you want and click add.

  11. This will generate a new certificate. Get the Secret ID. That will be used for the Client Secret field in the EvoX Customer Connection setup.

  12. Click on the sidebar Overview.

  13. On Redirect URIs click Add a Redirect URI.

  14. Click Add a platform.

  15. Select Web.

  16. Add Redirect URIs. If the store is in EU/UK, the URL is If the store is in US, the URL is These URLs are also shown after the connection setup on the Customer edit page.

  17. Select Access tokens (used for implicit flows).

  18. Click the configure button.

  19. Azure AD configuration is done.

Did this answer your question?