Administration Login (SSO) with Microsoft, Google, Okta and many more

by HEPTACOM GmbH

Rating: 3.8

Downloads: 254

Central management of your workforce identity for multiple Shopware stores, with fast access via SSO. Login via Microsoft Entra ID, Google Identity, Atlassian Jira and many more!

Free

Compatible with:

6.1.3 - 6.6.8.2

Includes:

All updates

During the subscription all released updates are included for free

Description

Highlights

Fast SSO logins
Central workforce management for multiple shops at once
User management allows for restricted access e. g. using Azure AD groups
U2F and FIDO2
Login via Atlassian Jira, cidaas, Google Identity, Keycloak, Microsoft Entra ID, Okta, OneLogin, SAML 2 and much more

About the Extension

Administration Login with Microsoft Entra ID, Okta and Keycloak

Central user administration for agencies and companies with several shop systems.

Whoever is in charge of many Shopware projects knows the problems that result from Shopware's decentralized user administration.

For each employee, accesses must be maintained and passwords managed in each shop. To counteract this effort, often only one account is created for several users.

advantages:

✓ Fast access via SSO

✓ Central user administration for several shopware shops

✓ Microsoft Entra ID groups enable differentiated rights management

✓ U2F and FIDO2 over Azure and Atlassian

✓ Automatic role assignment based upon identity provider information

So our plugin saves you a lot of time in managing user accounts, increases security and convenience, gives you the ability for quick onboarding of new project participants and allows you to enforce corporate policies for password security.

This plugin is part of the HEPTACOM solutions for medium and large enterprise and is published under the APACHE LICENSE, VERSION 2.0.

You can actively participate in the further development of the software under GITHUB.

With our plugin you can use your existing Microsoft 365, Okta or Keycloak account to login to the shopware administration.

The user administration is managed centrally via Microsoft Entra ID (e.g. part of Microsoft 365), Okta or Keycloak.

The login to Shopware is mapped by the proven and secure OAuth2 procedure.

Details

Available: English, German
Latest update: 11 November 2024
Publication date: 24 June 2020
Version: 7.0.0
Category: Administration

Resources

Reviews (2)

Average rating

3.8

Based on 2 reviews

3.0 Functionality

4.0 Usability

4.0 Documentation

0.0 Support

Leave a review!

If you downloaded this extension you can write a review in the Shopware Account.

Write a review

Sort by

Alles top!

5.0

by Martin Haselbek

30 September 2022 13:06

5.0 Functionality

5.0 Usability

5.0 Documentation

0.0 Support

Login nicht möglich mit Azure AD

2.5

by Daniel Schmidt

10 January 2023 14:32

Trotz Schritt für Schritt Anleitung, aktueller Shopware Version (6.4.18.0) und Azure AD P1 Lizenz, kann ich mich nicht mit Azure AD Accounts anmelden. Nach dem "erfolgreichen" Login am Azure AD kommt ein Timeout.

1.0 Functionality

3.0 Usability

3.0 Documentation

0.0 Support

by HEPTACOM GmbH 19 July 2023 16:25

Hallo Daniel, bitte prüfe, ob die PHP Extension gmp oder bcmath installiert und aktiviert ist. Andernfalls erfolgen die Berechnungen zur Überprüfung der Signaturen direkt in PHP, was sehr lange dauern kann.

About the Extension Partner

HEPTACOM GmbH

See all extensions

Partner Status

Shopware
Platinum Partner
Shopware
Extension Partner

Details

Ø-Rating: 3.8

Average rating of 3.8 out of 5 stars
Partner since: 2016
Extensions: 6
Certifications: Certifications

Support

Based in: Germany
Speaks: German, English

Shopware 6 certified

Installation & Setup

Step 1: Installation in the plugin manager Log in to the Shopware 6 administration interface. Install the plugin package under "Extensions". Activate the plugin to start with the further setup.

Step 2: Select the SSO method under "Settings > System" you will now find the new item OAuth login. Click on the button "Create" to create a new SSO login. Now select which of the two supported SSO login methods you want to choose - Microsoft Azure, Google Identity, Keycloak, Okta, OneLogin, Atlassian Jira, OpenID Connect.

Step 3: There is a help button at the top of the screen. There you can find detailed instructions on how to set up the chosen provider. Usually, you need a redirect/return address. This can be found on the current Shopware Administration page.

Step 4: To complete the setup in Shopware, you still need to copy some information from the freshly created registration application at the identity provider. Often you need a client id/app id, a passphrase and a company key/tenant id.

Step 5: Once saved, the configured login provider can be used to log in and as an alternative to confirm passwords.

Following is our summary on different configurations.

Setup for SSO login with Microsoft Entra ID:

1.) Use the "Name" field to determine the text of the SSO login button on the administration area login page. Choose something unique here, such as "Login with Microsoft".

2.) Now copy the generated return URL to your clipboard.

3.) Translated with www.DeepL.com/Translator (free version) Now log into the administration of Microsoft Azure. Click under "All services", "App registrations" on the item "New registration".

4.) Now enter a unique name under "Name", e.g. "Shop administration login".

5.) Under "Supported account types", define who should be authorized. If you want all your employees to have access, select the top item here - "Only accounts in this organization directory (single client)".

6.) Now paste the return URL cached from Shopware into the "Redirect URL" field.

7.) Copy the "Client ID" in Azure and paste it in the "Application Key" field in Shopware 6.

8.) Also copy the "Tenant ID" and paste it in Shopware 6 in the "Directory ID" field.

9.) Now switch to the "Certificates & Secrets" item on the left. Now create a new key at "Secret Client Keys" and name it uniquely - e.g. "Shopware 6 Administration Login". Set the validity period for the authorization (1 year / 2 years / or without expiration date "never"). Copy the key value and paste it in Shopware in the "Application secret" field.

10.) Go to "API permission". Use the search bar to specify that the application should receive the "openid" permission.

11.) Finally, all you need to do now is enable SSO access in Shopware. Switch back to the plugin configuration in Shopware 6 and flip the switch for your created access (Active) and save all your settings.

Done: Your account is created and the defined user group can now use the SSO login via Microsoft Azure.

Setup for SSO login with Google Identity:

1.) Use the "Name" field to determine the text of the SSO login button on the administration area login page. Choose something unique here, such as "Login with Google". Now copy the generated return URL to your clipboard.

2.) Now log into the Google API Console.

3.) First create a project by clicking on "Select project" in the upper left corner and then on "New project" in the new window.

4.) Now enter a unique name under "Project name", e.g. "Shop administration login".

5.) Select your workspace under "Organization" and under "Location" - this is usually already correctly preconfigured.

6.) After you have created your project, click on "APIs and Services" in the "DeepL Access" section. If the item is not visible here, you will find it after clicking on "View all products".

7.) Under "OAuth Consent Screen" now select "Internal" as "User Type" and then click on "Create".

8.) Now enter an "Application Name", as well as a "User Support Email". These will be displayed to users when they log in for the first time via Google.

8.1.) Also, enter your email address under "Developer contact information".

9.) Save the changes by clicking the "Save and continue" button.

10.) Now you should specify areas that the application should have access to.

11.) Click on "Add or remove areas" and add the "openid" area here. Save the new area by clicking on "Update" at the end of the selection page.

12.) Now save all changes with the button "Save and continue".

13.) Now switch to the "Credentials" section and click on "Create credentials" at the top and then on "OAuth client ID".

14.) Select "Web application" as the "Application type" and add the Shopware 6 return URL from step 1 under "Authorized forwarding URIs".

14.1.) Then click on "Create".

15.) Copy the "Client ID" and paste it into the "Client ID" field in Shopware 6.

16.) Copy the "Client Key" and paste it into the "Client Key" field in Shopware 6.

17.) Finally, all you need to do now is enable SSO access in Shopware. Switch back to the plugin configuration in Shopware 6 and flip the switch for your created access (Active) and save all your settings.

Done: Your account is created and the defined user group can now use the SSO login via Google.

Setup for SSO login with Keycloak:

1.) Use the "Name" field to determine the text of the SSO login button on the administration area login page. Choose something unique here, like "Login with Keycloak". Now copy the generated return URL to your clipboard.

2.) Now log into the administration of Keycloak. Click on the button "Create" under "Clients".

3.) Now enter a unique name under "Client ID", e.g. "shop-admin-login". Under "Client Protocol" select "openid-connect".

3.1.) Then click on "Save".

4.) You will now be redirected to the detail settings in Keycloak.

5.) Select "confidential" under "Access Type".

6.) Under "Valid Redirect URIs" add the "Return URL" from Shopware 6.

7.) Switch off the option "Backchannel Logout Session Required".

8.) Save the settings by clicking the "Save" button at the bottom of the page.

9.) Now go to "Installation" on the left. Select the "Format Option" "Keycloak OIDC JSON". Copy the content of the text field and paste it into the Shopware 6 field "Keycloak OIDC JSON".

10.) Finally, all you need to do now is enable SSO access in Shopware. Switch back to the plugin configuration in Shopware 6 and flip the switch for your created access (Active) and save all your settings.

Done: Your account is created and the defined user group can now use the SSO login via Keycloak.

Setup for SSO login with Okta:

1.) Use the "Name" field to determine the text of the SSO login button on the admin login page. Choose something unique here, such as "Login with Okta". Now copy the generated return URL to your clipboard.

2.) Now log in to Okta's administration.

3.) Under "Applicarions", "Applications" click on the item "Create Integration".

4.) Select "OIDC - OpenID Connect" as the "Sign-in method" and "Web Application" as the "Application type".

5.) Now enter a unique name for the "App integration name", e.g. "Shop administration login".

6.) Make sure that "Authorization Code" is selected as "Grant type".

7.) Now paste the return URL cached from Shopware into the "Sign-in redirect URIs" field.

8.) You can empty the "Sign-out redirect URIs" field with the "X".

9.) Under "Assignments", "Controlled access", select who is allowed to log in from your organization.

9.1.) Save the settings by clicking the "Save" button.

10.) Copy the "Client ID" in Okta and paste it into the "Client ID" field in Shopware 6.

11.) Also copy the "Client secret" from Okta and paste it into Shopware 6 in the "Client key" field.

12.) Lastly, enter your Okta organization URL in the "Okta organization URL" field. E.g. https://my-company.okta.com

13.) Finally, all you need to do now is enable SSO access in Shopware. Switch back to the plugin configuration in Shopware 6 and flip the switch for your created access (Active) and save all your settings.

Done: Your account is created and the defined user group can now use the SSO login via Okta.

Setup for SSO login with OneLogin:

1.) Use the "Name" field to determine the text of the SSO login button on the administration area login page. Choose something unique here, like "Login with OneLogin". Now copy the generated return URL to your clipboard.

2.) Now log in to the administration of OneLogin.

3.) Click under "Applicarions", "Custom Connectors" on the item "New Connector".

4.) Enter a meaningful name (e.g. "Shop administration login") for your connector by clicking on "Untitled" in the upper left corner and confirm it by clicking on the green checkmark.

5.) Select "OpenID Connect" as the "Sign on method".

6.) Now paste the return URL cached from Shopware into the "Redirect URI" field.

6.1.) Save the changes by clicking "Save" in the upper right corner.

7.) Now go to the "More Actions" menu and click on "Add App to Connector".

7.1.) Save the preset data by clicking on "Save".

8.) Open the "SSO" section from the left side menu.

9.) Now select "Web" as the "Application Type".

10.) Under "Token Endpoint" select "POST" as "Authentication Method".

10.1.) Save the data with "Save".

11.) Open the "SSO" section again.

12.) Copy the "Client ID" in OneLogin and paste it in the "Client ID" field in Shopware 6.

13.) Click on "Show client secret" and copy the "Client secret" from OneLogin to paste it in Shopware 6 in the "Client key" field.

14.) Lastly, enter your OneLogin organization URL in the "Okta organization URL" field. E.g. https://my-company.onelogin.com

15.) Finally, all you need to do now is enable SSO access in Shopware. Switch back to the plugin configuration in Shopware 6 and flip the switch for your created access (Active) and save all your settings.

Done: Your account is created and the defined user group can now use the SSO login via OneLogin.

Setup for SSO login with Cidaas:

1.) Use the "Name" field to determine the text of the SSO login button on the administration area login page. Choose something unique here, like "Login with Cidaas". Now copy the generated return URL to your clipboard.

2.) Now log in to the administration of Cidaas.

3.) Click under "Apps", "App Settings" on the item "Create new app".

4.) Now enter a unique name under "App Name", e.g. "Shop administration login".

5.) Select "Regular" as the "App Type".

6.) Click on "Next".

7.) Now select the options "openid" and "profile" under "Scope".

8.) Under "Redirect URLs" and "Allowed unsubscribe URLs", add the return URL cached from Shopware.

9.) Now continue by clicking on "Next".

10.) Now enter information about the app operator (i.e. you). Specifically, at least the name of the company, the company address and the website.

10.1.) Save the new app by clicking on "Save".

11.) Find your app in the app overview and click on the edit button.

12.) Copy the "Client ID" in Cidaas and paste it in Shopware 6 in the field "Client ID".

13.) Now copy the "Client secret" from Cidaas and paste it into the "Client key" field in Shopware 6.

14.) Finally, you only need to activate the SSO access in Shopware. Switch back to the plugin configuration in Shopware 6 and flip the switch for your created access (Active) and save all your settings.

Done: Your account is created and the defined user group can now use the SSO login via Cidaas.

Setup for SSO login with Atlassian Jira:

1.) Use the "Name" field to determine the text of the SSO login button on the administration area login page. Choose something unique here, such as "Login with Atlassian".

2.) Now log into the Developer Administration in Atlassian.

3.) Click on "Create a new App". Give it a unique name, like "Shopadministration" and continue with "Create".

4.) Under "App details" you can already find the two keys needed for the plugin. In Shopware, enter "Client ID" in the "Application ID" field and "Secret" in the "Application secret" field.

5.) Now copy the return URL directly to your clipboard for the next step.

6.) Switch back to Atlassian and go to the "OAuth 2.0" section on the left. There you paste the return URL in the field "Callback URL".

7.) Now set the permission "read:me" under "User identity API".

8.) Finally, you only need to activate the SSO access in Shopware. Switch back to the plugin configuration in Shopware 6 and flip the switch for your created access (Active) and save all your settings.

Done: Your account is created and the defined user group can now use the SSO login via Atlassian.

Setup for SSO login with OpenID Connect:

Info: If you are using an Identity Provider (IDP) for which we have not provided a configuration template, you can still use it if it supports the OpenID Connect protocol. To find out how to set up your IDP, please refer to the relevant documentation or contact customer support.

1.) With the field "Name" in Shopware 6 you determine the text of the SSO login button on the login page for the administration area. Choose something unique here, such as "Login with <name of identity provider>".

2.) Now copy the generated return URL to your clipboard.

3.) Now log into the administration of your identity provider.

4.) Create a new client or application and enter the "Return URL" from step 1.

4.1.) If your identity provider asks for permissions, scopes or areas, select the scope "openid".

4.2.) If your identity provider offers a metadata file, you can simply copy the link to it into the "OpenID Connect Configuration" field in Shopware 6. The rest of the configuration will then be retrieved automatically.

4.3.) If your identity provider does not offer a metadata file, leave the "OpenID Connect Configuration" field empty and fill in the "Authorization Endpoint", "Token Endpoint" and "User Info Endpoint" fields in Shopware 6 instead. You can get the corresponding URLs from your identity provider.

5.) Under "Client ID" and "Client Key" you enter the client ID and the client secret that your identity provider has given you for this client.

6.) Finally, you only have to activate the SSO access in Shopware. Switch back to the plugin configuration in Shopware 6 and flip the switch for your created account (Active) and save all your settings.

Done: Your account is created and the defined user group can now use the SSO login via OpenID Connect.