Setting up storefront SSO involves the following steps:
Configure Commerce Cloud storefront SSO settings.
Download the service provider entity descriptor from Commerce Cloud.
Upload the service provider entity descriptor to the identity provider, then download the corresponding identity provider entity descriptor.
Upload the identity provider entity descriptor to Commerce Cloud.
Configure CORS to enable the identity provider to access Commerce Cloud resources.
Modify the storefront so that the links for logging in and accessing an account direct the shopper to either the storefront or the identity provider, as appropriate.
These steps are described in the sections that follow.
Note that if you configure your storefront to use SSO exclusively and your identity provider allows multiple accounts to share the same email address, you should enable sharing of email addresses in Commerce Cloud as well. See Allow profiles to share an email address for information about how to do this. If you configure your storefront to support both SSO and standard logins, neither your identity provider nor Commerce Cloud should support sharing of email addresses.