Establish a trust between Azure AD / Office365 and your WordPress blog to enable SSO, so users can login using their Azure AD user account and enable the single sign on experience for your users.
In this guide we will go through the steps to configure WordPress to use Azure AD / Office365 using WP Cloud SSO plugin. We will configure Azure AD / Office365 as your identity provider (IDP) and WordPress as your service provider (SP). WP Cloud SSO allows unlimited user authentications from Azure AD/Office365.
First step is to download our plugin and then Step 1 Setup Azure AD as WordPress IDP
Table of Contents
1.) Setup Azure AD as WordPress IDP
How to configure Azure Ad as IdP ( steps provided)
Setup Azure AD as IdP
- With WP Cloud SSO plugin go to tab SAML IDPs To configure the Identity Provider.
Azure AD setup through Enterprise Applications
- Select Enterprise Application
- Click on New Application
- Click to Create your own Application
- Enter the name for your app and select Non-Gallery application and click on Create button
- Click on Setup Single sign-on
- Select the SAML tab
- Click on Edit and enter SP Entity ID for Identifier and the ACS URL for Reply URL from SAML IDP tab of the plugin.
- Copy the App Federation Metadata Url to get the Endpoints required for configuring your Service Provider
- Assign users and groups to your SAML application
- Go to tab Users and groups tab and click on Add user/group
- Click on Users to choose the required User and click Select
- You can also assign a role to your application under Select Role section
- Your configuration is successful of WP Cloud SSO as SAML IdP ( Identity Provider) for WP Cloud SSO login into your WordPress ( WP) site
2.) Configure WordPress as SP
In the WP Cloud SSO plugin there are 2 ways to setup Azure Active Directory with WordPress as your service provider.
A.) Upload Azure AD IDP Federation Metadata XML File
- Click on Configure New IDP
- Click on Upload File/XML
- Input Identity Provider Name
- Either upload a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.
B.) Manually add Azure AD Application URL's
- Click on Configure New IDP
Provide the settings as required ( i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL) as provided by your Identity Provider and click on Save Changes.
3.) Attribute Mapping
- In WP Cloud SSO SAML plugin, click on Attribute Mapping from the IDP List under Actions
- Only the attribute claim of NameID is supported for Email and Username attributes of the WordPress user in the Free edition. Upgrade to map other attributes.
- Users logging in will use their Azure email address as the WordPress user login ID.
When configuring which attributes to sync from your Azure AD / Office 365, Set the NAMEID as the claim name and the value to sync should be user.mail as the following screenshot of Azure AD.
This is found within your Azure tenant > Azure AD / Enterprise Applications / Name of your Azure application you’ve setup / Set up Single Sign-On with SAML / Attributes & Claims
4.) Role Mapping
- In the section of free plugin choose the default role which can be assigned to all non-admin users when they perform SSO
- Navigate to Attribute/Role Mapping tab and go to Role Mapping section
- Select the Default Role and click on the Save button
XXX IMAGE TO FOLLOW