How to secure Shopify Plus stores using CASB Solution

Secure your Shopify Plus stores with the miniOrange CASB solution to protect your store against unauthorized user access by enabling dynamic security restrictions, deep visibility, active threat detection, and granular access controls. In this guide, we will see how you can configure Shopify Plus with CASB.

Step 1: Sign up with miniOrange CASB

Click here to log into your miniOrange account.

(Don’t have an account? No worries, click here to create a new account)

Login into miniOrange shopify plus apps CASB

Step 2: Choose Shopify App for Configuration

After signing in, you should be taken to the miniOrange dashboard page. Locate the "Shopifyplus" tab and click on the Add App button.

shopify plus CASB Access Restriction authentication method dashboard

Select the Add Authentication Source option from the drop-down menu.

shopify plus CASB Access Restriction Add authentication

Mention an Authentication name for the authentication source, and click on Generate Metadata.

shopify plus CASB Authentication Generate Metadata

After clicking on Generate Metadata, you will get the metadata details, as shown in the image below. Use this data to configure the SAML application in your Identity Provider (IDP) like Keycloak, Okta, Entra ID (Azure AD) , miniorange and more.

shopify plus CASB Access Restriction Generate Metadata SAML Flow

If you would like to view the metadata details again, then you can click on the View Metadata button.
Now, Enter the remaining details like the IDP Entity ID, SAML Login URL, SAML Logout URL, and X509 Certificate which you will find in your Identity Provider metadata. Once done, Choose the Binding Type for SSO Request as required. You will find this information in the IDP metadata. However, if you are not sure, please select the HTTP-Redirect Binding as the default configuration.

shopify plus CASB Access Restriction SP metadata IDP Details

Click the Save & Next button once you have filled out all the details.
You have now successfully configured SAML Authentication with miniOrange CASB.

Step 3: Configuring Shopify Plus Application

Now, You are redirected to Basic Settings section.
Fill in the following details to configure the Shopify Plus Application:

shopify plus CASB Basic Settings Details

Name ID format: Select the Name ID format option from dropdown.
Application Name: Enter the name of your Application.
Organization Domain: Enter the domain of your organization on Shopify. (Ex: example.com)
Attribute Key: Enter the Group Attribute Key for the SSO app, which you have configured in the IDP under the SAML attributes section.
Name Attribute Key: Enter the name of Attribute Key which you have configured in the IDP under the SAML attributes section.
ACS URL: You can get the Shopify ACS URL from the Shopify Admin store.
Entity URL: You can get the Shopify Entity URL from the Shopify Admin store.
CASB Type: Select CASB type "inline" or "offline".
Enable MDM: Enable MDM as per your requirement.
Click on Save & Next to save your changes.

Step 4: Configuring Policies

Let’s see how to configure policies for Shopify Plus CASB.

You should be taken to the Manage Policy screen. Enter your policy details, like Policy Name and Policy Description.

In IP Configuration Click on Checkbox for “Enable IP Restriction” as shown in the image below.

shopify plus CASB policies enable IP Restriction

By enabling this IP Restriction feature, you are restricting access to users based on their IP addresses:

1) Select the Allow or Deny option to either permit or restrict certain IP addresses.

2) Click on the Add IP Address icon to create a new field where you can add the IP addresses you want to regulate.

3) Click on the Save & Next button to submit the policy.

In Location Configuration Click on Checkbox for “Enable Location Restriction” as shown in the image below.

shopify CASB policies Enable Location Restriction

By enabling this feature, you are restricting access to users based on their Location:

1) Select the Allow or Deny option to either permit or restrict certain locations.

2) Select Locations from dropdown.

3) Click on the Save & Next button to submit the policy.

In Time of Access Configuration Click on Checkbox for “Enable Time of Access Configuration” as shown in the image below.

shopify plus CASB policies Enable Time Restriction

By enabling this feature, you will apply time restrictions to users based on the configured settings and specified timings:

1) Select Allow or Deny to permit or restrict user access during the selected time slot.

2) Select the user's timezone.

3) Select the start and end times for the time-based restriction.

4) Click on the Save & Next button to submit the policy.

In Session Based Restriction Click on Checkbox for “Enable Session Based Restriction” as shown in the image below.

shopify plus CASB policies Enable Session Restriction

By enabling this feature, you are restrict user sessions based on configured duration:

1)The session management should be based on days or hours.

2)Enter the duration for restrict user sessions.

3)Click on the Save & Next button to save the policy.

In Prevent Download Click on Checkbox for “Enable Prevent Download” as shown in the image below.

shopify plus CASB policies Enable Prevent Download

By enabling this feature, you are restricting access to download. Currently this feature is only applicable for Google Docs and Google Drive. Downloading and sharing will be restricted from the apps or groups on which you apply this policy.
Click on the Save & Next button to save the policy.
In File Based Restriction Click on Checkbox for “Enable File Based Restriction” as shown in the image below.

Enable this feature to control file uploads based on the allowed extension list.

1)Select the Allow or Deny option to either permit or restrict certain files. e.g. PDF, Doc, ZIP and etc.

2)Click on the Save & Next button to save the policy.

Click on the "Enable Disable copy" checkbox.
By enabling this feature, you are restricting users from copying the contents of the page.
Click on the Save & Next button to save the policy.

Step 5: Configuring Groups

Let’s see how to configure Groups for Shopify Plus CASB.

You should be taken to the Manage Group screen. Enter the Group Name and Group Description. Select the Shopify plus Policy from the drop-down menu.

shopify plus CASB Groups add app restriction group

Now, Click on Save & Next once done.

shopify plus CASB Groups submit app restriction group

After successfully configuring all screens, you will be redirected to the edit screen.

Step 6: Edit Screen

Basic Settings section You can change any configurations if required in the Authentication.
Suppose you want to configure different authentication sources. In that case, you can simply click on the Authentication Source in the Navigation Bar, where you will be able to add, view & edit authentication sources.

shopify plus CASB Basic Settings change any configuration

Groups section You can add and configure groups on this screen and view all configured groups. Now, Click on Add New Group.
You will get a pop-up for adding a new group and you can configure it using the above mentioned steps.

shopify plus CASB Group Settings all configured groups

You have successfully configured CASB for your Shopify plus store.

Not able to configure or test Shopify Plus CASB?
No worry, you need to Contact us or email us at proxysupport@xecurify.com and we'll help you setting it up in no time.

External References

miniOrange CASB offers a wide variety of security features with flexible scalability, all available at the most affordable price to all types of businesses. Start by signing up now!

Contents