StoreConnect supports multiple authentication providers for customer login, allowing you to offer the sign-in experience that fits your audience — from standard email/password for consumer stores to enterprise SSO for B2B portals and staff-facing applications.
Supported authentication providers
Native accounts
Customers create an account with an email address and password. Account creation can be open (any visitor can register) or invitation-only (admin approval required). Suitable for consumer storefronts and general B2C use.
Google SSO
Customers sign in with their existing Google account using OAuth. No separate StoreConnect password is required. Suitable for consumer stores and any context where customers are likely to have a Google account.
Microsoft Entra ID / Azure AD
Enterprise single sign-on via Microsoft's identity platform (formerly Azure Active Directory). Supports SAML 2.0 and OIDC. Customers and staff authenticate with their existing Microsoft organisational credentials.
Particularly suited to:
- B2B portals where customers are employees of Microsoft-identity organizations
- Government and public sector deployments using Microsoft as their identity provider
- Internal-facing stores where staff authenticate via the institution's Microsoft account
SAML
Standards-based SSO using SAML 2.0, compatible with any SAML-compliant identity provider (Okta, OneLogin, PingFederate, and others). Configure a custom identity provider for stores where your organization manages its own identity infrastructure.
Experience Cloud SSO
Share an authentication session with a Salesforce Experience Cloud site. Customers logged into an Experience Cloud community are recognized as logged-in in StoreConnect, and vice versa. Suitable for organizations that run both a Salesforce Experience Cloud portal and a StoreConnect storefront and want a seamless single sign-on experience across both.
Multiple providers per store
More than one authentication provider can be active on the same store simultaneously. For example, a store might offer both Google SSO and native account creation. The sign-in page presents all active options and the customer chooses.
Role-based store access
Authentication providers integrate with StoreConnect's role-based store permissions. After authentication, a user's access to specific stores, products, and pricing is determined by their Salesforce Contact or Account record attributes — not solely by how they authenticated.
For example, a SAML-authenticated user from a specific organization can automatically be associated with the correct Account record and price book, giving them their account-specific pricing without manual assignment.