EvolutionX can support Okta and Azure Single Sign-on for Storefront users through it's Auth0 integration. Auth0 is an authentication and authorization platform supported using an EvolutionX App store integration. It provides all the tools necessary to build and run a secure identity infrastructure for authentication and central password management.
This doesn't require an Auth0 account to implement as the solution is provided by EvolutionX using Auth0 infrastructure.
To enable the Auht0 Integration in the app store you can request it from our sales team or contact us using the chat in Admin. The app is found in the app store and, once it's enabled for your store, can be installed easily.
Do not enter any information in the form and click save to install the app.
The auth0 Client ID and Auth0 Client secret are automatically generated when the save button is clicked. All the processes required to create and enable the Auth0 application for the store are happening in the background.
The distributor's customer must setup the website connection in their IDP domain. Copy the link of the following instructions and send it to the customer to complete. Request that the customer returns to you their Connection type (Okta or Azure AD), Domain, Client ID, and Client Secret after completing the steps.
On receipt of the customer's Connection type (Okta or Azure AD), Domain, Client ID, and Client Secret, continue with the customer setup below.
To set up the customer connection, go to Customers -> Accounts -> Select Account -> Edit
In the SSO Configuration section click on the Setup Connection button
A pop-up will show where the appropriate fields for each connection type show.
By clicking Setup Connection the connection will be created and activated in Auth0.
A user must be setup on the Customer Account in EvolutionX Admin before it can be used for Sign Sign-on. The user will not be automatically generated.
If you use parent and child accounts, a user can sign in and change accounts based on their account access restrictions. Read more about parent an child accounts here.
Users need to be set as the SSO user type to login using Auth0. To set up the user type, go to Customers -> Users -> Select user -> Edit or using the API.
In the Profile Details section, change the user type to SSO.
SSO User Restrictions
Note that the SSO User Type includes the following features:
User can sign in using Single Sign On with their domain if the customer is setup.
User cannot sign in using a login and password.
User cannot change their email address in the storefront.
User cannot reset their storefront user password.
If the Auth0 app is activated, the login form will only show the email field.
The user will add the email and if the email belongs to an account or a parent account that has configured the SSO connection, they will be redirected to Auth0 to log in using their Okta or Azure credentials. If the user doesn't have a connection associated or the user type is not set to SSO, the password field will show up and they can log in using their password.
Customer Setup steps for Okta
The distributor's customer can follow these steps to setup the store for use with Single Sign on.
Go to your Okta account
Go to Applications in your Organization dashboard
Click to create a new application
Select OIDC - OpenID Connect for Sign-in Method and Web Application for the Application type. Then, click next
Set your App integration name and set the Sign-in redirect URIs. If the store is in EU/UK, the URL is https://estech-eu-prod.eu.auth0.com/login/callback. If the store is in US, the URL is https://estech-us-prod.us.auth0.com/login/callback. These URLs are also shown after the connection setup on the Customer edit page.
Assing users to this application in the Assignments section
Save the configuration
Get the credentials to use in EvoX Customer Connection setup
i) The Domain is located on the top right, by clicking the profile, a dropdown will show. You can see the domain under the user name and email.
ii) The Client ID and the Client Secret are located in the application, in the General tab, in the Client Credentials Section
Add them to the Customer connection and click to setup
Confirm that the callback URL you see in the Customer edit area is the correct one you have set up in the Okta application.
Now, you can use Okta to login to the storefront
Customer Setup steps for MS Azure AD
Go to Azure Active Directory.
On Overview, you can see the Primary domain. That will be used for the Domain field in the EvoX Customer Connection setup.
On the sidebar click on App registrations.
Click New Registration.
Give a name to the new application.
Leave "Accounts in this organizational directory only (Default Directory only - Single tenant)" selected and click the register button.
Then you will see the Application Overview page. There the Application (client) ID is the one that will be used in the Client ID field in the EvoX Customer Connection setup.
See Client credentials. Click on Add a certificate or secret.
Click New client secret.
Add a description and select the expiry date you want and click add.
This will generate a new certificate. Get the Secret ID. That will be used for the Client Secret field in the EvoX Customer Connection setup.
Click on the sidebar Overview.
On Redirect URIs click Add a Redirect URI.
Click Add a platform.
Add Redirect URIs. If the store is in EU/UK, the URL is https://estech-eu-prod.eu.auth0.com/login/callback. If the store is in US, the URL is https://estech-us-prod.us.auth0.com/login/callback. These URLs are also shown after the connection setup on the Customer edit page.
Select Access tokens (used for implicit flows).
Click the configure button.
Azure AD configuration is done.