Microsoft Silver Partner

Microsoft Silver Partner

mobile-logo
WordPress SSO Azure AD Office 365

WordPress Single Sign-On using Auth0 Login as SAML IDP

Enable WordPress Single Sign on using Auth0 as your identity provider using WP Cloud SSO plugin

 

Configure an application within Auth0 and download the SAML configuration and integrate into your WordPress website, which will allow you to map Auth0 users to WordPress roles and enable SSO for WordPress using WP Cloud SSO with Auth0 as your IDP and securing login access..

WP CLoud SSO

Auth0 WordPress Single Sign On

with WP Cloud SSO

Download Plugin

List of Supported SAML IDPs for WordPress SSO

Active Directory

Azure AD / Office 365

ADFS-SSO

ADFS

Azure B2C

Azure B2C

Okta SSO WordPress Login

Okta

Google Apps Single Sign On

Google Apps

SalesForce SAML SSO

Salesforce

AUTH0 SAML SSO

Auth0

OneLogin Auth0 Alternatives – SSO Providers

One Login

Keycloak IDP

KeyCloak

Shibboleth SAML IDP

Shibboleth

Getting Started Setting Up WordPress SSO Auth0 Login

Table of Contents

1.) Setup Auth0 as IDP for WordPress

By following these steps below you can configure Auth0 as your WordPress Identity Provider (IDP).

Configure Auth0 as IdP.

  • In the WP Cloud SSO, go to Service Provider Metadata section, where you find the SP metadata, such as SP Entity ID and ACS ( AssertionConsumerService) URL which are necessary to configure the Identity Provider;
Service Provider Metadata
  • Log in to your Auth0 dashboard;
  • Click on Applications and select Applications;
  • Click on Create Application;
Auth0 Applications
  • In the Name field input your application name, for example, Cloud-SSO, and select Regular Web Applications;
  • Click on Create;
Create app
  • Click on Addons and activate the switcher for SAML2. It opens up a Configuration window;
Auth0 SAML2
  • Select Settings;
  • Enter Application Callback using SP entity ID copied from the plugin as shown below;
SAML2 Setting
  • Copy code block follows and replaces all into Settings block;
  • You need to change https://yourEntityID on 2 line into your SP Entity ID and https://SingleLogoutURL on 32 line into your Single Logout URL;
				
					{
  "audience": "https://yourEntityID",
  "recipient": "http://foo",
  "mappings": {
    "user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
    "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
    "given_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
    "family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
    "upn": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
    "groups": "http://schemas.xmlsoap.org/claims/Group"
  },
  "createUpnClaim": true,
  "passthroughClaimsWithNoMapping": true,
  "mapUnknownClaimsAsIs": false,
  "mapIdentities": true,
  "signatureAlgorithm": "rsa-sha1",
  "digestAlgorithm": "sha1",
  "destination": "http://foo",
  "lifetimeInSeconds": 3600,
  "signResponse": false,
  "typedAttributes": true,
  "includeAttributeNameFormat": true,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailaddress",
  "nameIdentifierProbes": [
    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  ],
  "authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified",
  "logout": {
    "callback": "https://SingleLogoutURL",
    "slo_enabled": false
  },
  "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
}
  • Scroll down and click on Enable:
Enable Settings

2.) Configure Auth0 on the plugin

Upload Auth0 IDP Federation Metadata from the file

Note: This upload feature is only available to paid plans. Refer to configure provider manually step or upgrade your Free version.

  • On the Addon: SAML2 Web App window (above steps)  select the Usage section and click Download;
Auth0 Download Metadata
  • Open WP Cloud SSO plugin on Identity Provider Setup section;
  • Select Auth0 provider;
  • Click on the Upload UDP Metadata tab;
Auth0 Upload UDP Metadata
  • Enter the Identity Provider Name for example Auth0;
  • Choose file that you downloaded above;
  • Click Upload;
Auth0 Upload file
  • Your provider successfully configured using a metadata file.

Manually Add Auth0 IDP Configuration

  • On the Addon: SAML2 Web App window (above steps)  select the Usage;
Auth0 Manually Add
  • Open WP Cloud SSO plugin on Identity Provider Setup section;
  • Select Auth0 provider;
  • Identity Provider Name > Provider name;
  • IdP Entity ID or Issuer > Issuer;
  • SAML Login URL > Identity Provider Login URL;
  • SAML Logout URL > To get the logout URL you should enter the Identity Provider Login URL and add it at the end of this link /logout;
Auth0 Config Provider Manually
  • To get a Certificate download it from Addon: SAML2 Web App window;
  • Open downloaded certificate on any text editor;
  • Copy all in this file;
X.509 Certificate
  • X.509 Certificate > Paste copied certificate;
  • Click Save;
Auth0 Insert X.509 Certificate
  • Your provider successfully configured.

3.) Auth0 Attribute Mapping

This feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at WordPress.

Configure attribute mapping for Auth0:

  • Go to the Auth0 page;
  • In Dashboard select Auth Pipeline and click Rules;
Auth Pipeline
  • On the Rules, page click on Create;
Auth0 Create rules
  • Scroll down and click on SAML Attributes mapping;
Select rule SAML Attributes mapping
  • Enter your Name or use the default;
  • Add costume attributes or save the default. For example, we add department and city;
  • After configured attributes click on the Save Changes button;
Auth0 Add custom attributes
  • You successfully configured attributes.

Configure attribute mapping for the plugin:

  • To check what attributes were sent to us:
    • Open Identity Provider Setup section;
    • Select your provider;
Auth0 Test Configuration button
    • Click Test configuration;
    • Log in if it is needed. In this window, you can see all attributes.
Auth0 Test configuration window
  • In the WordPress WP Cloud SSO plugin, go to the Attribute/Role Mapping tab and fill up the following fields in the Attribute Mapping section;
Auth0 Attribute Mapping
  • Custom Attribute Mapping: This feature lets you map any attribute sent by the IDP to the usermeta table of WordPress.
Auth0 Custom Attribute Mapping

4.) Auth0 Role Mapping

This feature lets you assign and manage WordPress roles of the users when they log in using Salesforce. When signed in with Salesforce, users will have the specified role. 

Salesforce doesn’t support Group role mapping.

WordPress has 7 pre-defined roles :

  •  Administrator
  •  Editor
  •  Author
  •  Contributor
  •  Subscriber
  •  Customer 

To configure default role mapping please follow the steps below:

  • Go to the Attribute/Role Mapping page of the Plugin;
  • Scroll down and find the Role Mapping section;
  • Select one necessary role of the WordPress predefined role;
  • Click on the Save button.

5.) Auth0 SSO Login Button - Redirect to IDP

Next is to enable your Auth0 SSO login buttons, which can be found on the SSO Links tab.  Follow the SSO Login Widget page for instructions on setting up.

Login Button

6.) Multiple Environments Feature

For more information about Multiple Environments Feature follow the Multiple Environments SSO page.