This document outlines the implementation of a Single Sign-On (SSO) solution for Shopify, Vimeo and Zoho platforms using Auth0 as the central identity provider. The integration leverages Mini Orange SSO to connect Auth0 with Shopify and Zoho, creating a streamlined user authentication experience. A Python web application, built with Flask and PostgreSQL, manages user registration, authentication via Auth0, domain whitelisting, and serves as the central interface for accessing multiple apps such as Shopify, Zoho Desk, and Vimeo through SSO.

Problem:

Shopify’s Advanced Plan includes the Multipass feature, which allows for easy integration with third-party identity providers like Auth0 for SSO. However, the $2,300/month cost for the Advanced Plan is a considerable expense, especially for smaller businesses or startups that primarily require SSO functionality.

Additionally, managing user access across multiple platforms such as Shopify and Zoho Desk can be a manual and time-consuming process. The goal was to create a custom solution that allows users to sign up once and access both platforms seamlessly, while avoiding the high costs of Shopify’s Advanced Plan.

Solution Architecture:

Centralized Authentication (Auth0):
Auth0 is the primary identity provider, managing user authentication and enforcing role-based access to Shopify, Vimeo and Zoho Desk.
Auth0 handles user credentials, email verification, and roles.
Flask Web App:
» Domain Whitelisting: The Flask-based web portal enables administrators to manage whitelisted domains. Only users with email addresses from approved domains can register, while others are denied access.
» User Registration & Verification: Users register through the Flask app, and the registration process triggers Auth0’s email verification flow. If users haven’t verified their email, they are prompted to do so before proceeding. After verification, users are allowed access to the system.
» Role-Based Access: Post-login, the Flask app presents either a standard homepage or an admin interface, based on the user’s role (retrieved from Auth0). Admin users can manage domains, while standard users gain access to Shopify, Zoho Desk, and Vimeo via SSO.
Mini Orange SSO:
Mini Orange serves as the SSO bridge between Auth0 and third-party platforms (Shopify, Vimeo and Zoho Desk). This is an economical alternative to Shopify’s costly Multipass feature, only available in its Advanced Plan.

Key Functionalities:

Login Flow:
» Users visiting the Flask app are redirected to Auth0 for authentication.
» Auth0 prompts for email verification if not already completed.
» Verified users are authenticated and redirected back to the Flask app.
SSO to Shopify and Zoho:
Once authenticated through Auth0, users can seamlessly log in to Shopify, Zoho Desk, and Vimeo through Mini Orange’s SSO integration.
Domain Whitelisting:
Administrators can manage allowed domains via a dedicated interface. Only users from whitelisted domains are allowed to register and log in.
PostgreSQL Integration
The backend PostgreSQL database stores and manages the whitelisted domains, providing easy retrieval and updates by administrators.

Massive Cost Savings (96% reduction):

Shopify’s Multipass feature, available only with their Advanced Plan, costs $2300/month.
In contrast, Mini Orange SSO delivers a similar functionality at just $89/month.
This results in a 96% cost savings equivalent to a monthly savings of $2211, making Mini Orange a highly economical solution for integrating SSO with Shopify, Vimeo and Zoho Desk.

Conclusion:

By leveraging Auth0 for user authentication and Mini Orange for SSO integration, this solution offers a scalable and cost-effective way to manage access to Shopify, Vimeo and Zoho Desk. The architecture provides a seamless user experience by allowing users to sign in once and access all platforms without additional credentials. Additionally, the solution ensures significant cost savings compared to Shopify’s expensive Multipass feature.

Future Considerations:

Expanding the SSO integration to additional platforms such as Microsoft Teams or Slack using Mini Orange connectors. Implementing additional security measures like adaptive MFA (Multi-Factor Authentication) based on Mini Orange’s offerings.