How to secure your Shopify Non-Plus stores using CASB

Secure your Shopify Non-Plus stores with the miniOrange CASB solution to protect your store against unauthorized user access by enabling dynamic security restrictions, deep visibility, active threat detection, and granular access controls. In this guide, we will see how you can configure Shopify CASB for your Non-Plus stores.

Step 1: Sign up with miniOrange CASB

Click here to log into your miniOrange account.

(Don’t have an account? No worries, click here to create a new account)

Login into miniOrange shopify non plus apps CASB

Step 2: Selecting Shopify App for Configuration

After logging in, you should be taken to the miniOrange dashboard page. Locate the "Shopify" tab and click on Add App button.

shopify non plus CASB Access Restriction authentication method dashboard

In the authentication source tab, select Add Authentication Source option from the drop-down menu.

shopify non plus CASB Access Restriction Add authentication

Mention an Authentication name for the authentication source, and click on Generate Metadata.

shopify non plus CASB Authentication Generate Metadata

After clicking on Generate Metadata, you will get the metadata details, as shown in the image below. Use this data to configure the SAML application in your Identity Provider (IDP).

shopify non plus CASB Access Restriction Generate Metadata SAML Flow

If you would like to view the metadata details again, then you can click on the View Metadata button.
Now, Enter the remaining details like the IDP Entity ID, SAML Login URL, SAML Logout URL, and X509 Certificate which you will find in your Identity Provider metadata. Once done, Choose the Binding Type for SSO Request as required. You will find this information in the IDP metadata. However, if you are not sure, please select the HTTP-Redirect Binding as the default configuration.

shopify non plus CASB Access Restriction SP metadata IDP Details

Click the Save & Next button once you have filled out all the details.
You have now successfully configured SAML Authentication with miniOrange CASB.

Step 3: Configuring Shopify Non-Plus Application

Now, You are redirected to Basic Settings section.
Fill in the following details to configure the Shopify Non-Plus Application:

Application Name:	Enter the name of your application
Organization Domain:	Enter the domain of your organization on Shopify. (Ex: example.com)
Extension URL:	Copy the extension url and keep it handy for later configuration of the CASB extension
Attribute Key:	Enter the Group Attribute Key for the SSO app, which you have configured in the IDP under the SAML attributes section.
Enable CASB:	Select whether you want to enable CASB or not as per your requirements.
Enable Multistaff:	Select whether you want to enable Multistaff or not as per your requirements.

shopify non plus CASB Basic Settings Details

Click on Save & Next to save your changes.

Step 4: Configuring Policies

Let’s see how to configure policies for Shopify Non-Plus CASB.

You should be taken to the Manage Policy screen. Enter your policy details, like Policy Name and Policy Description.

shopify non plus CASB policies Enable Time Restriction

Follow the below steps to configure restrictions according to your need:

Network Based Restriction
Time Based Restriction
Restrict Import/Export of Files

1. IP Configuration

Click on Checkbox for “Enable IP Restriction” as shown in the image below.
By enabling this IP Restriction feature, you are restricting access to users based on their IP addresses:

1) Select the Allow or Deny option to either permit or restrict certain IP addresses.

2) Click on the Add IP Address icon to create a new field where you can add the IP addresses you want to regulate.

2. Location Configuration

Click on Checkbox for “Enable Location Restriction” as shown in the image below.
By enabling this feature, you are restricting access to users based on their Location:

1) Select the Allow or Deny option to either permit or restrict certain locations.

2) Select Locations from dropdown.

1. Time of Access Configuration

Click on Checkbox for “Enable Time of Access Configuration” as shown in the image below.
By enabling this feature, you will apply time restrictions to users based on the configured settings and specified timings.

1) Select Allow or Deny to permit or restrict user access during the selected time slot.

2) Select the user's timezone.

3) Select the start and end times for the time-based restriction.

setup reverse proxy - add whitelisted paths

2. Session Based Restriction

Click on Checkbox for “Enable Session Based Restriction” as shown in the image below.
By enabling this feature, you are restrict user sessions based on configured duration:

1)The session management should be based on days or hours.

2)Enter the duration for restrict user sessions.

1. Prevent Download

Click on Checkbox for “Enable Prevent Download” as shown in the image below.
By enabling this feature, you are restricting access to download. Currently this feature is only applicable for Google Docs and Google Drive. Downloading and sharing will be restricted from the apps or groups on which you apply this policy.

setup reverse proxy- click on authentication option

2. File Based Restriction

Click on Checkbox for “Enable File Based Restriction” as shown in the image below.
Enable this feature to control file uploads based on the allowed extension list.

1)Select the Allow or Deny option to either permit or restrict certain files. e.g. PDF, Doc, ZIP and etc.

3. Enable Disable Copy

Click on the "Enable Disable copy" checkbox.
By enabling this feature, you are restricting users from copying the contents of the page.

Once, done with all the configurations click on Save and Next button.

Step 5: Configuring Groups

Let’s see how to configure Groups for Shopify Non-Plus CASB.

You should be taken to the Manage Group screen. Enter the Group Name and Group Description. Select the Shopify non-plus Policy from the drop-down menu.

shopify non plus CASB Groups submit app restriction group

Enter the Group Name and Group Description (It should be the same as the name of the group that you have configured in the IDP). Select the Group Policy from the drop-down menu and Click on Save button.

Now,to map the shopify staff users click on Add User button and fill in the required details. Click on Save Configuration .

After successfully configuring all screens, you will be redirected to the edit screen.

Step 6: Edit Screen

Basic Settings section You can change any configurations if required in the Authentication.
Suppose you want to configure different authentication sources. In that case, you can simply click on the Authentication Source in the Navigation Bar, where you will be able to add, view & edit authentication sources.

shopify non plus CASB Basic Settings change any configuration

Using the 'Group Settings' section, you can add and configure groups and users, as well as view all the users and groups you have configured.

shopify non plus CASB Group Settings all configured groups

In the 'Session Management' section, you can see the details of logged-in users' sessions.

shopify non plus New Policy for restrictions

Not able to configure or test Shopify Non-Plus CASB?
For this, you need to Contact us or email us at proxysupport@xecurify.com and we'll help you setting it up in no time.

External References

miniOrange CASB offers a wide variety of security features with flexible scalability, all available at the most affordable price to all types of businesses. Start by signing up now!

Contents