WordPress SSO using OneLogin as SAML IDP
Use OneLogin as your SAML IDP to enable WordPress SAML SSO using the WP Cloud SSO plugin.
Configure an app within your OneLogin portal and add your OneLogin SAML data into your WordPress website, creating a trust which will enable SSO for WordPress. Map OneLogin users to WordPress roles and sync OneLogin attributes. This will secure logins to your WP logins.
List of Supported SAML IDPs for WordPress SSO
Getting Started Setting Up WordPress SSO with OneLogin
Table of Contents
1.) Setup OneLogin as IDP for WordPress
In the following steps below you will be able to configure OneLogin as IdP.
A.) Configure OneLogin as IdP
- In the WP Cloud SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
- Go to onelogin.com, enter your domain and Login into OneLogin.
- Log into OneLogin as an Administrator and go to Apps Company Apps Add Apps from the Navbar.
- In the search box, type SAML Test Connector (SP) and click on the App to add it.
- Enter the display name and click Save.
- In General Settings, enter App Name and click on Next.
- After saving, go to Configuration Tab and enter the following:
| Audience | Provide Audience URL from the Service Provider Metadata tab of the Plugin |
| Recipient | Provide Recipient URL from the Service Provider Metadata tab of the Plugin |
| ACS (Consumer) URL Validator | Provide ACS (Assertion Consumer Service) URL from the Service Provider Metadata tab of the Plugin |
| ACS (Consumer) URL | Provide ACS (Assertion Consumer Service) URLfrom the Service Provider Metadata tab of the Plugin |
| Single Logout URL | Provide Single Logout URL from the Service Provider Metadata tab of the Plugin |
- Click on Save.
B.) Assigning Groups/People.
- Go to SSO tab. Note down the URL/Endpoints. You will need these when configuring the plugin.
Now you have successfully configured OneLogin as SAML IdP (Identity Provider) for achieving OneLogin SSO login into your WordPress Site.
2.) Configure WordPress as SP
In the WordPress WP Cloud SSO plugin, go to the Identity Provider Setup tab of the plugin.
There are 2 ways to configure the WordPress SSO plugin:
A) Uploading IDP Metadata XML
- Click on Upload IDP metadata button.
- Enter the Identity Provider Name.
- You can either upload a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.
B) Manual OneLogin IDP Configuration
- Input the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider and click on the Save button.
3.) OneLogin Attribute Mapping
- The Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at WordPress.
- In WordPress WP CLOUD SSO plugin, navigate to Attribute/Role Mapping tab and fill up the following fields in Attribute Mapping section.
- Custom Attribute Mapping: This feature allows you to map any attribute sent by the IDP to the usermeta table of WordPress.
4.) WordPress Role Mapping using OneLogin
This feature lets you assign and manage WordPress roles of the users when they perform SSO.
- From the Attribute Mapping section of the plugin, provide a mapping for the field named Group. This attribute will contain the role related information sent by the IDP and will be used for Role Mapping.
- Go to role mapping section and provide the mappings for the highlighted roles.
- For example , If you want a user whose Group attribute value is wp-editor to be assigned as an Editor in WordPress, just provide the mapping as wp-editor in the Editor field of Role Mapping section.
