WordPress SSO Azure AD Office 365

WordPress SSO using OneLogin as SAML IDP

Use OneLogin as your SAML IDP to enable WordPress SAML SSO using the WP Cloud SSO plugin.

 

Configure an app within your OneLogin portal and add your OneLogin SAML data into your WordPress website, creating a trust which will enable SSO for WordPress.  Map OneLogin users to WordPress roles and sync OneLogin attributes.  This will secure logins to your WP logins.

OneLogin WordPress SSO

with WP Cloud SSO

List of Supported SAML IDPs for WordPress SSO

Getting Started Setting Up WordPress SSO with OneLogin

Table of Contents

1.) Setup OneLogin as IDP for WordPress

In the following steps below you will be able to configure OneLogin as IdP.

A.) Configure OneLogin as IdP

  • In the WP Cloud SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
  • Log into OneLogin as an Administrator and go to Apps Company Apps  Add Apps from the Navbar.
  • In the search box, type SAML Test Connector (SP) and click on the App to add it.
  • Enter the display name and click Save.
  • In General Settings, enter App Name and click on Next.
  • After saving, go to Configuration Tab and enter the following:
AudienceProvide Audience URL from the Service Provider Metadata tab of the Plugin 
RecipientProvide Recipient URL from the Service Provider Metadata tab of the Plugin
ACS (Consumer) URL ValidatorProvide ACS (Assertion Consumer Service) URL from the Service Provider Metadata tab of the Plugin
ACS (Consumer) URLProvide ACS (Assertion Consumer Service) URLfrom the Service Provider Metadata tab of the Plugin
Single Logout URLProvide Single Logout URL from the Service Provider Metadata tab of the Plugin
  • Click on Save.

B.) Assigning Groups/People.

  • Go to SSO tab. Note down the URL/Endpoints. You will need these when configuring the plugin.

Now you have successfully configured OneLogin as SAML IdP (Identity Provider) for achieving OneLogin SSO login into your WordPress Site.

2.) Configure WordPress as SP

In the WordPress WP Cloud SSO plugin, go to the Identity Provider Setup tab of the plugin.

 

There are 2 ways to configure the WordPress SSO plugin:

A) Uploading IDP Metadata XML

  • Click on Upload IDP metadata button.
  • Enter the Identity Provider Name.
  • You can either upload a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.

B) Manual OneLogin IDP Configuration

  • Input the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider and click on the Save button.

3.) OneLogin Attribute Mapping

  • The Attribute Mapping feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at WordPress.
  • In WordPress WP CLOUD SSO  plugin, navigate to Attribute/Role Mapping tab and fill up the following fields in Attribute Mapping section.
  • Custom Attribute Mapping: This feature allows you to map any attribute sent by the IDP to the usermeta table of WordPress.
Attribute Mapping

4.) WordPress Role Mapping using OneLogin

This feature lets you assign and manage WordPress roles of the users when they perform SSO. 

 

  • From the Attribute Mapping section of the plugin, provide a mapping for the field named Group. This attribute will contain the role related information sent by the IDP and will be used for Role Mapping.
  • Go to role mapping section and provide the mappings for the highlighted roles.
  • For example ,  If you want a user whose Group attribute value is wp-editor to be assigned as an Editor in WordPress, just provide the mapping as wp-editor in the Editor field of Role Mapping section.
Role Mapping