How WordPress Single Sign On Authentication Works. With WordPress Single Sign On (SSO) your website users are automatically logged into your WordPress site by the apps or online services they use every day. It’s one less username password combo they have to remember, and keeps them focused on their tasks.
Table of Contents
What is WordPress Single Sign On?
But this became a difficult task, as the number of applications increased. Developers had to maintain and secure multiple user stores and users had more credentials to memorize (or, let’s be honest, write down). Hence the birth of what we know today as SSO feature.
WordPress Single Sign-On is a function (read: feature) added to your WordPress website. It allows users to securely access their accounts without having to authenticate directly on your website. Authentication is instead managed by an online service they likely already have an account with, such as:
How WordPress Single Sign On Authentication Works
Driving interaction between the IdP and the SP is what is known as a federated identity protocol. Federated identity links a user’s electronic identities (accounts) across two or more identity management systems. The protocol refers to the rules that govern the exchange of information for authentication and authorization purposes.
SAML (Security Authentication Markup Language)
- Authentication: Verifies who a user claims to be.
- Authorisation: Determines which resources an authenticated user has access to.
How SAML works
Let’s take a closer look:
Step 1: Authentication
Step 2: Redirect to IdP
Note: Even if the user is already authenticated, the redirect to the IdP still happens, but the authentication process is skipped. In either case a SAML assertion is generated, encoded, and returned to the browser.
Step 3: Response verification
The user agent sends the SAML assertion to the SP for verification.
If the SP’s verification of the IdP’s SAML assertion is successful, the user is mapped to a local user store and granted access.
One unique feature of SAML is that the method of authentication is recorded in the assertion. In other words, did our user authenticate with a username password combination, multi factor authentication, or some other method?
SAML uses Extensible Markup Language (XML) for standardized communications between the identity provider and service providers.
Please follow on reading about how WordPress Single Sign On Authentication Works in the case of WP.
The Case for WordPress Single Sign-On
Case in point: a colleague, Dale, who manages a few WordPress sites.
Among his collection of clients is a professional association. They run a membership multisite – the primary domain carrying the brochure site where visitors can view the usual gamut of information (About, Benefits, a Member Directory, and so on). The subdomain is the members’ area where existing members can log in, read related news, watch videos and perform membership related tasks.
Except, it doesn’t get used.
Members rarely, if ever, log in – they can’t remember their usernames and passwords – and so don’t use the features built into the site. Proof is during the association’s annual vote for new management, where all members have the opportunity to choose who they want in charge of finances, training, and so on. In one month Dale spends more time helping members recover forgotten credentials than in all other months of the year combined.
This has a knock on effect in other areas of the association’s activities. Even though the website supports all the functions members may need, the association’s management has to incur additional expenses on platforms that make those functions more easily accessible (and also less secure).
Benefits of WordPress Single Sign On
According to Gartner 20% – 50% of all support queries are related to password resets. If you take into account that a single password reset can take anything between 20 minutes and 1.5 hours, a cost ranging from $20 to $70 per credential-related support issue is realistic. Forrester research says that enterprises typically budget $1 million per annum for password-related support.
Single Sign-On can help you due to following features:
WordPress SSO Reduces password fatigue
Users have one less password to remember. And since they are already logged in with an IdP they frequently use, they’re automatically logged into your WordPress website.
WordPress SSO Reduces helpdesk workloads
WordPress SSO Increases security
WordPress SSO Ensures current metadata
The federation between your WordPress website and the IdP can be configured to pass additional user data when authentication occurs. This can include title, occupation, and so on.
Introducing WP Cloud Single Sign-On
This part of article how WordPress Single Sign On Authentication Works is to introduce the WP plugin. WP Cloud SSO is developed by Cloud Security Experts and back by more than 20 years’ experience with Identity and Access Management (IAM), Active Directory, SAML, as well as WordPress and IT security.
In addition to the benefits listed above, WP Cloud SSO further enhances the SSO experience with these premium features:
Cross-domain Identity Management (SCIM)
Automatically create, update or delete users in WordPress from your IdP. SCIM enables automating the user lifecycle management process by creating, updating and removing user data in connected applications.
Single Login / Logout
WP Cloud SSO makes it easy to add a custom login and logout button. Logging out is as universal as logging in – the session is terminated at both your WordPress site and the IdP.
Great effort in reading about how WordPress Single Sign On Authentication Works. Let’s summarize.
WordPress Single Sign On Authentication Conclusion
WordPress Single Sign-On has benefits for both the organization and end users that extends beyond convenience. It alleviates password fatigue and can enhance security. When using a premium plugin you’ll also be able to simplify and automate user management, saving valuable time for site administrators and users alike.