Azure AD WordPress SSO

WordPress SSO (Single Sign On) using Azure AD / Office365 can be achieved using our WP Cloud SSO WordPress Plugin

 

Establish a trust between Azure AD / Office365 and your WordPress blog to enable SSO, so users can login using their Azure AD user account and enable the single sign on experience for your users.

 

In this guide we will go through the steps to configure WordPress to use Azure AD / Office365 using WP Cloud SSO plugin.  We will configure Azure AD / Office365 as your identity provider (IDP) and WordPress as your service provider (SP).  WP Cloud SSO allows unlimited user authentications from Azure AD/Office365.  

 

First step is to download our plugin and then Step 1 Setup Azure AD as WordPress IDP

Table of Contents

1.) Setup Azure AD as WordPress IDP

How to configure Azure Ad as IdP ( steps provided) 

Setup Azure AD as IdP

  • With  WP Cloud SSO plugin go to tab SAML IDPs To configure the Identity Provider. 

Azure AD setup through Enterprise Applications

  • Select Enterprise Application
  • Click on New Application
  • Click to Create your own Application
  • Enter the name for your app and select Non-Gallery application and click on Create button
  • Click on Setup Single sign-on
  • Select the SAML tab
  • Click on Edit and enter SP Entity ID for Identifier and the ACS URL for Reply URL from SAML IDP tab of the plugin.
  • Copy the App Federation Metadata Url to get the Endpoints required for configuring your Service Provider 
  • Assign users and groups to your SAML application
  • Go to tab Users and groups tab and click on Add user/group
  • Click on Users to choose the required User and click Select 
  • You can also assign a role to your application under Select Role section
  • Your configuration is successful of WP Cloud SSO as SAML IdP ( Identity Provider) for WP Cloud SSO login into your WordPress ( WP) site

2.) Configure WordPress as SP

In the WP Cloud SSO plugin there are 2 ways to setup Azure Active Directory with WordPress as your service provider.

A.) Upload Azure AD IDP Federation Metadata XML File

    • Click on Configure New IDP
    • Click on Upload File/XML
    • Input Identity Provider Name
    • Either upload a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.

B.) Manually add Azure AD Application URL's

    • Click on Configure New IDP

 

Provide the settings as required ( i.e. Identity Provider Name, IdP Entity  ID or Issuer, SAML Login URL) as provided by your Identity Provider and click on Save Changes.

3.) Attribute Mapping

When configuring which attributes to sync from your Azure AD / Office 365, Set the NAMEID as the claim name and the value to sync should be user.mail as the following screenshot of Azure AD. 

 

This is found within your Azure tenant > Azure AD / Enterprise Applications / Name of your Azure application you’ve setup / Set up Single Sign-On with SAML / Attributes & Claims

4.) Role Mapping

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x