Single Sign-On solution for Magento 2
16 Feb, 2022 / 4 MIN readAs Magento users, the Admin panel is where we do much of our work. But if you have several Magento installations, getting quickly to the right Admin panel and managing access and rights becomes more complicated. Though we are not in the Olympics where every second matters, increasing efficiency is on the agenda for many businesses. Minutes saved today will turn into hours saved by the end of the year.
Most shops have at least a production, pre-production, and a development environment. You may also have separate installations in different countries/continents, for different business divisions (for example B2B and B2C) or for specific brand catalogs.
Each of these installations or “instances” has its own admin panel, list of users, and user roles. You can think of most daily business access it in the following way:
- Regular Magento users, who work with multiple instances, and need quick access to their respective admin panel to do their work
- Magento administrators, who often spend more time adding and removing users from different admin panels, and assign correct user roles. This especially happens as new users arrive and others change their jobs or leave and access must be revoked.
Given all these scenarios and user roles, reducing the complexity of accessing and managing multiple Magento instances will be a wise step. One way to achieve this is to integrate all your Magento instances into a central single sign-on service, such as an internal Active Directory or Keycloak server, or an external service like OneLogin.
But for whatever reason (cost, complexity, organizational issues, the lack of an established solution, etc) this might not be the answer for you.
For these cases, we developed a Magento-only solution: a Magento extension (MIA) that will allow you to control user access across multiple Magento instances from the Admin panel of just one of those instances. An instance we call the Manager Instance.
Setting it up
First off, you’ll need to install the MIA extension on each of the Magento instances you want to control/access from your single Manager Instance point. (It’s worth mentioning that if you are managing internal test instances, you will need to ensure that the Manager Instance can access those via API.)
Once the MIA extension is installed, the rest of the setup is configured in the Admin panel.
The first step is to nominate one of your Magento instance admin panels to be the “Manager Instance”. Let’s say you have the following Magento instances, each with its own admin panel:
- Spares Europe B2B (Live) ←Nominated Manager Admin Panel
- Spares Europe B2B (Test)
- Spares Japan B2B (Live)
- Spares Japan B2B (Test)
- Widgets Europe B2C (Live)
- Widgets Europe B2C (Test)
- Widgets USA B2B (Live)
- Widgets USA B2C (Test)
The Manager Instance can be configured through the Admin panel with a simple drop-down menu:
Each of the remaining instances’ admin panels receive a specific link, connecting them back to the Manager instance, as we can see below.
Finally, one more admin change will allow the Manager Instance to connect to this instance internally via API.
With that done, you’re ready to begin!
Adding Magento Admin Panels
Accessing the Manager Instance admin panel for the first time will show you a list of Magento admin panels which can be controlled or accessed.
Immediately after setting up the Manager instance, this list will be empty. So your first job as administrator will be to link other instances to the Manager Instance. It can be easily done by accessing the “Add” button and supplying details such as the name and URL of the added instance’s admin panel so that other users will be able to access them as well.
Controlling User Access
As an Administrator, you can also control user access: who can access each of the other Admin panels, and their roles.
In order to do that, in the Manager Instance Admin panel, start with System > Permissions > All Users.
Here, you’ll find all of the original users of the Manager Instance, in addition to all users from every connected Magento instance. It’s important to note here, all users without previous access to the Manager Instance panel will appear with the special MIA Panel role. This role allows them access to the Manager Instance admin panel, but from a permission perspective, they may only connect another panel. They will not have full Manager Instance access, as we do on our Manage Instance system.
If you select and open a user record, a new tab labeled MIA will be available. From here, you can activate, deactivate, or change the role of the user on any of the connected admin panels.
User View
As a user with access to the Manager Instance admin panel, you have access to the same list of admin panels as the administrators (without the right to add or remove instances!).
You can click on a URL to quickly connect to another instance admin panel, which will open in another tab. You can also get back to the Manager Instance panel quickly from a link which displays in the header.
Lastly, you can see whether a user has rights to connect to other panels, as well as what your individual role is in each instance.
Conclusion
We created the MIA extension as a simple-to-configure, Magento only alternative to other single sign-on options, which can be complex to agree and set up. In the process, our goal was to simplify access and management of multiple Magento instances. The end result is just as we’d imagined. Our solution ensures all users have quick connectivity to their respective panel to do their work with ease and security.
If you are looking for a solution like this for your online store or have another challenge or priority, reach out for a consultation.