Enable G Suite Google Apps as your identity provider (IDP) for WordPress to enable Single Sign On (SSO) using the WP Cloud SSO plugin.
This setup guide will explain the steps to set Google Apps as your IDP and allow SSO for your WordPress users, Map Gsuite/Google App users to WordPress roles and enable the single sign on experience at the same time securing access to WordPress.
Table of Contents
1.) Setup G Suite/ Google Apps as IDP for WordPress
The following steps allows you to configure G Suite/ Google Apps as IdP.
A). Configure G Suite/ Google Apps as IdP:
- In the WP Cloud WordPress SP SSO plugin go to SP ( Service Provider) Metadata tab. In here, there are SP metadata, like SP Entity ID and ACS ( AssertionConsumerService) URL, that are needed to configure the G Suite / Google Apps as IdP ( Identity Provider).
IMAGE TO FOLLOW
- Click on https://admin.google.com and login to G Suite Administrator account.
- Go to the Apps tab on the left menu and click on Web and mobile apps.
B). Add a SAML APP
- Click on Add App button. In the dropdown select Add Custom SAML app tab to create a new saml app.
- Input details for custom WP Cloud SSO app and click on Continue.
C). IDP Information
- Click on Download Metadata button. You need to do this for later configuration of the add-on.
- You may also copy G Suite details like SSO URL, entity ID and Certificate to configure the add on manually and click on Continue.
D).Service Provider Details
- Input details from the Service Provider Metadata tab of the WP Cloud SSO plugin.
Copy and paste the ACS URL from the plugin.
Copy and paste the SP Entity ID/ Issuer from the plugin.
Check Signed Response ✓.
Name ID Format
- Click on Continue.
E). Attribute Mapping
- Click on Add Mapping.
- Add and select user fields in Google Directory and map them to Service Provider attributes and Click on Finish button.
- Navigate to WP Cloud SSO APPS again and click on OFF to everyone.
- Following that step, click ON for everyone to activate SSO
- You have successfully configured G Suite / Google Apps as WP Cloud IdP (Identity Provider) for achieving
G Suite / Google Apps SSO login into your WordPress (WP) site.
2.) Configure WordPress as SP
In the WordPressWP Cloud SSO plugin, go to the Service Provider Setup tab of the plugin.
There are 2 ways to configure the WordPress SSO plugin:
A. By uploading IDP metadata:
- Click on Upload IDP metadata.
- Enter the Identity Provider Name.
- Either upload a metadata file and click Upload or use a metadata URL and click Fetch Metadata.
IMAGE TO FOLLOW X
B. Manual Configuration:
- Input the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider and click on the Save button.
3.) Google Apps Attribute Mapping
- Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at WordPress.
- In WordPress WP Cloud plugin, go to Attribute/Role Mapping tab and fill up the following fields in Attribute Mapping section.
- Custom Attribute Mapping: This feature lets you map any attribute sent by the IDP to the usermeta table of WordPress.
4.) WordPress Role Mapping using Google Apps
This feature assigns and manages roles of the users performing SSO.
Altogether with the default WordPress roles, this is compatible with any custom roles as well.
- From the Attribute Mapping section of the plugin, provide a mapping for the field named Group/Role. This attribute will contain the role related information sent by the IDP and will be used for Role Mapping.
- Go to role mapping section and provide the mappings for the highlighted roles.
- For example, If you want a user whose Group/Role attribute value is wp-editor to be assigned as an Editor in WordPress, just provide the mapping as wp-editor in the Editor field of Role Mapping section.