Shoplogix Active Directory

• Active Directory Overview and Terminology

• Supported Protocols

• Configuration

• Shoplogix Service Provider Info Required by Identity Provider

• Identity Provider Info Required by Shoplogix Service Provider

• Security

Active Directory Overview and Terminology:

Active Directory integration consists of two systems: The Service Provider and The Identity Provider. The Service Provider is a website that hosts apps, while the Identity Provider is where the user is sent to be authenticated. Shoplogix is the Service Provider (SP), while your company’s Active Directory Provider is the Identity Provider (IDP), ie. AzureAD. 

The flow is simple. An Active Directory (AD) user’s first point of contact with Shoplogix will be our SP. The user will enter their AD username with the domain name, and if your AD is configured in our system, will then be sent directly to your IDP to be authenticated. 

Once successfully authenticated, your IDP will send the user’s Identity Claim (Identifying information such as full name, email, groups they belong to). We will then try to match the AD groups the user belongs to, to the groups we have configured for you (Configuration Details Below) in order to authorize or deny access. 

Each configured group has a number of Shoplogix Access Levels that grant access to certain Shoplogix systems. If a user does not belong to any configured group, or the system they are attempting to access is not configured in any of the matched groups, the user will be denied access to that Shoplogix system.

Supported Protocols:

Shoplogix supports two authentication protocols. Open ID Connect and Saml2p.

Configuration:

While your company has complete autonomy in the creation, naming, and members in your AD groups, you will need to provide us with all your AD groups that you would like to have access to Shoplogix systems. We will provide you with a spreadsheet in this package to fill out your groups and select all the Shoplogix Access Levels you would like these groups to have. This is not set in stone, therefore these groups can be changed in the future. However, with any change, Shoplogix must be notified to remap your groups to our Access Levels. The required details in this configuration will be provided for each authentication protocol below.

Required Configuration Info Required:

• Domain Name

• Selected Protocol 

• Active Directory Provider (ie. AzureAD)

• Active Directory Groups

Shoplogix Service Provider Info Required by Identity Provider:

Open ID Connect Protocol:

• Redirect URIs:

  • https://identity.shoplogix.com/signin-oidc-<ClientId>

  • https://identity.shoplogix.com/

• Logout URL: 

  • https://identity.shoplogix.com/connect/endsession

Saml2p Protocol:

• Identifier (Entity ID): 

  • https://identity.shoplogix.com/saml

• Reply URL (Assertion Consumer Service URL): 

  • https://identity.shoplogix.com/signin-saml-<TenantId>

• Logout URL: 

  • https://identity.shoplogix.com/connect/endsession

Identity Provider Info Required by Shoplogix Service Provider:

Open ID Connect Protocol:

• Tenant ID

• Application (Client ID) for app created for Shoplogix SP

• Authority URL

• Add Group Claim (Critical Step)

Saml2p Protocol:

• Tenant ID

• App Federation Metadata URL

• Add Group Claim to User Attributes & Claims (Critical Step)

Security:

The Shoplogix Service Provider uses a certificate of key length 2048 bits. The Assertion Response Signature for the Saml2p protocol is encrypted with an RSA SHA-256 hashing algorithm.