SAML Single Sign On for Magento 2

- E-Commerce, Magento 2

Today, we are exploring a tool that allows streamlining a customer sign-up procedure and improving security on a Magento 2 store. Meet the SAML Single Sign On extension – a solution for connecting your website to SAML authorization systems with the Single Sign On support. After implementing the Magento 2 module, you will be able to provide your customers with an option to log in to your store with access credentials from third-party sites. Below, we look closer at the functionality and configuration of the Magento 2 SAML integration module.

Download / Buy SAML Single Sign On Magento 2 Extension

Features

  • Option to sign up using credentials from a third-party platform;
  • Support for Single Sign On and Single Log Out services;
  • Attribute mapping between the identity provider and Magento fields;
  • Configuration of customer group mapping;
  • Mapping for address data;
  • Ability to add custom attributes to the mapping;
  • Customizable header and button text on the login form;
  • Configurable workflow;
  • Magento multi-store support.

The SAML extension enables Magento 2 merchants to implement single sign-on (SSO) authentication on their web stores and allow visitors to log in via third-party platforms. SSO provides various benefits to both customers and store owners, making the frontend user experience more convenient and transparent and protecting websites from the data breach.

The SSO login option eliminates the need for customers to remember their login details for each site they want to enter. Logging in via an identity provider also makes an authentication procedure on a Magento 2 store faster, reducing the risk that a user will leave a website without browsing it. Besides, online merchants are released from the necessity to store user passwords in their database, which increases protection against hacker actions.

The Single Sign On module enables merchants who have partners that use SAML (Security Assertion Markup Language) identity providers to integrate their Magento 2 stores with the SSO authentication system. The extension supports all IdP providers, including Okta, OneLogin, Ping Identity, ADFS, Salesforce, SharePoint, and others. By connecting your ecommerce store to your partner’s identity provider, you will make a sign-up procedure fast and simple for customers.

The SAML solution for Magento 2 adds a relevant section to the login page on your storefront, informing visitors about the ability to sign in via an external service. This way, you provide customers with an option to sign up with the credentials they use on another site, decreasing the barriers for entering your store. If a shopper decides to log in via a third-party service, they can do it by clicking one button. Then, an identity provider authenticates a customer and forwards the user data, such as name, email address, and customer group, to Magento. Next, a customer is verified on your website and gets logged in. 

Configuration

The settings of the Single Sign On Magento 2 extension are located under Stores -> Settings -> Configuration -> Services -> SAML SSO for customers. The configuration page includes the following sections: Status, Identity Provider Settings, Options, Attribute Mapping, Group Mapping, Address Mapping, Custom Field Mapping, Custom Messages, and Advanced Settings.

In Status, you can enable/disable the module. Here, you should also enter your license key (use the Order ID you will get after purchasing the extension). The Metadata of this SP field contains a link upon clicking on which you will be able to view the Service Provider metadata.

The following section with settings allows admin to specify an entity ID of a required identity provider, as well as URLs where authentication (SSO) and logout (SLO) requests should be sent. Other fields in the tab let you activate SSO service binding and enter a public x509 certificate and alternative certificates of the IdP to which you connect your store.

In Options, you decide whether to create a new user with the data fetched from an IdP if Magento identifies they don’t exist. Next, you can deactivate sending welcome emails upon the new user registration. Here, you also decide whether to allow the auto-update of user data. It is also possible to specify an ID of a customer group that will be assigned to newly registered users by default. Besides, the Magento 2 SSO module’s settings allow activating the feature that will force your storefront visitors to log in via IdP and enabling/disabling the Single Log Out option.

In the Attribute Mapping section, you can specify values for such fields, like Email, First Name, Last Name, and Group, for the proper attribute mapping between an IdP and Magento.

Then, set the mapping between the IdP and Magento customer groups.

SAML Single Sign On for Magento 2 also allows admin users to configure the mapping between IdP and Magento fields with address data.

In Custom Field Mapping, you can specify the codes of custom attributes used in Magento and set their mapping.

In Custom Messages, you can create a custom title displayed in the header of the customer login form and enter a text for the login link.

As for Advanced Settings, here, you can enable/disable Debug and Strict modes and specify an entity ID of the service provider. Next, select a format for the name identifier and decide whether to use encryption for the NameID.

Then, specify whether AuthnRequest, LogoutRequest, and LogoutResponse messages should be signed by the service provider. Also, decide whether to reject unsigned messages and assertions, as well as unencrypted assertions.

In the same tab, you can choose authentication contexts that will be considered valid. In case encryption is enabled, you should specify a public x.509 certificate of the service provider and its private key. Besides, you can select an applicable algorithm for the signature and digest processes, enable lower case URL encoding, and activate the signing of the SP metadata.

Below, you can see how the customer login form will look after enabling the Single Sign On extension. The module adds the External Customer block to the login page with an option to log in via a third-party IdP. As shown above, the header title and the link text can be customized.

Final Words

The Single Sign On extension for Magento 2 brings online business owners the necessary settings for connecting their websites to SAMP identity providers. By implementing third-party authentication possibilities on your store, you will be able to offer extended login options to your customers and ensure the safety of their personal data. Thus, the Magento 2 module helps to increase trust to an online store and provide a smooth user experience on the storefront. You can buy the SAML SSO extension for Magento 2 for $299.

Download / Buy SAML Single Sign On Magento 2 Extension