diff --git a/src/OpenIddict.Abstractions/OpenIddictResources.resx b/src/OpenIddict.Abstractions/OpenIddictResources.resx
index 418c9e6e..e7939bab 100644
--- a/src/OpenIddict.Abstractions/OpenIddictResources.resx
+++ b/src/OpenIddict.Abstractions/OpenIddictResources.resx
@@ -1547,7 +1547,7 @@ To apply post-logout redirection responses, create a class implementing 'IOpenId
     <value>The issuer couldn't be resolved from the provider configuration or is not a valid absolute URI. Make sure the OpenIddict.Client.WebIntegration package is referenced and 'options.UseWebProviders()' is correctly called.</value>
   </data>
   <data name="ID0412" xml:space="preserve">
-    <value>The Shopify integration requires setting the shop name to be able to determine the location of the OAuth 2.0 endpoints. To dynamically set the shop name when triggering a challenge, add a ".shopify_shop_name" authentication property containing the shop name received by the installation endpoint or specified by the user.</value>
+    <value>The Shopify integration requires setting the shop name to be able to determine the location of the OAuth 2.0 endpoints. To dynamically set the shop name when triggering a challenge, add a ".shopify_shop_name" authentication property containing the shop name received by the installation endpoint or specified by the user. Alternatively, for scenarios where a single shop should be supported (e.g employees authentication), the shop name can be set statically in the Shopify provider settings.</value>
   </data>
   <data name="ID0413" xml:space="preserve">
     <value>The specified string is not a valid hexadecimal string.</value>
diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
index 9ce82afa..88d2573f 100644
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
@@ -40,6 +40,7 @@ public static partial class OpenIddictClientWebIntegrationHandlers
         /*
          * Challenge processing:
          */
+        ValidateChallengeProperties.Descriptor,
         OverrideAuthorizationEndpoint.Descriptor,
         OverrideResponseMode.Descriptor,
         FormatNonStandardScopeParameter.Descriptor,
@@ -942,6 +943,48 @@ public static partial class OpenIddictClientWebIntegrationHandlers
         }
     }
 
+    /// <summary>
+    /// Contains the logic responsible for validating the user-defined authentication properties.
+    /// </summary>
+    public sealed class ValidateChallengeProperties : IOpenIddictClientHandler<ProcessChallengeContext>
+    {
+        /// <summary>
+        /// Gets the default descriptor definition assigned to this handler.
+        /// </summary>
+        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
+            = OpenIddictClientHandlerDescriptor.CreateBuilder<ProcessChallengeContext>()
+                .UseSingletonHandler<ValidateChallengeProperties>()
+                .SetOrder(ResolveClientRegistrationFromChallengeContext.Descriptor.Order + 500)
+                .SetType(OpenIddictClientHandlerType.BuiltIn)
+                .Build();
+
+        /// <inheritdoc/>
+        public ValueTask HandleAsync(ProcessChallengeContext context)
+        {
+            if (context is null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            // If no explicit shop name was attached to the challenge properties, use the default
+            // shop name set in the provider settings, if set. Otherwise, throw an exception.
+            if (context.Registration.ProviderType is ProviderTypes.Shopify &&
+              (!context.Properties.TryGetValue(Shopify.Properties.ShopName, out string? name) ||
+                string.IsNullOrEmpty(name)))
+            {
+                var settings = context.Registration.GetShopifySettings();
+                if (string.IsNullOrEmpty(settings.DefaultShopName))
+                {
+                    throw new InvalidOperationException(SR.GetResourceString(SR.ID0412));
+                }
+
+                context.Properties[Shopify.Properties.ShopName] = settings.DefaultShopName;
+            }
+
+            return default;
+        }
+    }
+
     /// <summary>
     /// Contains the logic responsible for overriding the address of
     /// the authorization endpoint for the providers that require it.
diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
index 31cf826a..18d22135 100644
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
@@ -896,6 +896,9 @@
 
     <Setting PropertyName="AccessMode" ParameterName="mode" Type="String" Required="false"
              Description="The access mode (can be set to 'online' for per-user authorization)" />
+
+    <Setting PropertyName="DefaultShopName" ParameterName="name" Type="String" Required="false"
+             Description="The static shop name used by default when no value is set in the authentication properties (useful for scenarios where a single shop is supported, e.g employees authentication)" />
   </Provider>
 
   <!--