WordPress SSO Azure AD Office 365

WordPress Single Sign-On using Auth0 Login as SAML IDP

Enable WordPress Single Sign on using Auth0 as your identity provider using WP Cloud SSO plugin


Configure an application within Auth0 and download the SAML configuration and integrate into your WordPress website, which will allow you to map Auth0 users to WordPress roles and enable SSO for WordPress using WP Cloud SSO with Auth0 as your IDP and securing login access..

Auth0 WordPress Single Sign On

with WP Cloud SSO

List of Supported SAML IDPs for WordPress SSO

Getting Started Setting Up WordPress SSO Auth0 Login

Table of Contents

1.) Setup Auth0 as IDP for WordPress

By following these steps below you can configure Auth0 as your WordPress Identity Provider (IDP).

Configure Auth0 as IdP.

  • In the WP Cloud SSO, go to Service Provider Metadata section, where you find the SP metadata, such as SP Entity ID and ACS ( AssertionConsumerService) URL which are necessary to configure the Identity Provider;
  • Log in to your Auth0 dashboard;
  • Click on Applications and select Applications;
  • Click on Create Application;
  • In the Name field input your application name, for example, Cloud-SSO, and select Regular Web Applications;
  • Click on Create;
  • Click on Addons and activate the switcher for SAML2. It opens up a Configuration window;
  • Select Settings;
  • Enter Application Callback using SP entity ID copied from the plugin as shown below;
  • Copy code block follows and replaces all into Settings block;
  • You need to change https://yourEntityID on 2 line into your SP Entity ID and https://SingleLogoutURL on 32 line into your Single Logout URL;
  "audience": "https://yourEntityID",
  "recipient": "http://foo",
  "mappings": {
    "user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
    "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
    "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
    "given_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
    "family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
    "upn": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
    "groups": "http://schemas.xmlsoap.org/claims/Group"
  "createUpnClaim": true,
  "passthroughClaimsWithNoMapping": true,
  "mapUnknownClaimsAsIs": false,
  "mapIdentities": true,
  "signatureAlgorithm": "rsa-sha1",
  "digestAlgorithm": "sha1",
  "destination": "http://foo",
  "lifetimeInSeconds": 3600,
  "signResponse": false,
  "typedAttributes": true,
  "includeAttributeNameFormat": true,
  "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailaddress",
  "nameIdentifierProbes": [
  "authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified",
  "logout": {
    "callback": "https://SingleLogoutURL",
    "slo_enabled": false
  "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"

  • Scroll down and click on Enable:

2.) Configure Auth0 on the plugin

Upload Auth0 IDP Federation Metadata from the file

Note: This upload feature is only available to paid plans. Refer to configure provider manually step or upgrade your Free version.

  • On the Addon: SAML2 Web App window (above steps)  select the Usage section and click Download;
  • Open WP Cloud SSO plugin on Identity Provider Setup section;
  • Select Auth0 provider;
  • Click on the Upload UDP Metadata tab;
  • Enter the Identity Provider Name for example Auth0;
  • Choose file that you downloaded above;
  • Click Upload;
  • Your provider successfully configured using a metadata file.

Manually Add Auth0 IDP Configuration

  • On the Addon: SAML2 Web App window (above steps)  select the Usage;
  • Open WP Cloud SSO plugin on Identity Provider Setup section;
  • Select Auth0 provider;
  • Identity Provider Name > Provider name;
  • IdP Entity ID or Issuer > Issuer;
  • SAML Login URL > Identity Provider Login URL;
  • SAML Logout URL > To get the logout URL you should enter the Identity Provider Login URL and add it at the end of this link /logout;
  • To get a Certificate download it from Addon: SAML2 Web App window;
  • Open downloaded certificate on any text editor;
  • Copy all in this file;
  • X.509 Certificate > Paste copied certificate;
  • Click Save;
  • Your provider successfully configured.

3.) Auth0 Attribute Mapping

This feature allows you to map the user attributes sent by the IDP during SSO to the user attributes at WordPress.

Configure attribute mapping for Auth0:

  • Go to the Auth0 page;
  • In Dashboard select Auth Pipeline and click Rules;
  • On the Rules, page click on Create;
  • Scroll down and click on SAML Attributes mapping;
  • Enter your Name or use the default;
  • Add costume attributes or save the default. For example, we add department and city;
  • After configured attributes click on the Save Changes button;
  • You successfully configured attributes.

Configure attribute mapping for the plugin:

  • To check what attributes were sent to us:
    • Open Identity Provider Setup section;
    • Select your provider;
    • Click Test configuration;
    • Log in if it is needed. In this window, you can see all attributes.
  • In the WordPress WP Cloud SSO plugin, go to the Attribute/Role Mapping tab and fill up the following fields in the Attribute Mapping section;
  • Custom Attribute Mapping: This feature lets you map any attribute sent by the IDP to the usermeta table of WordPress.

4.) Auth0 Role Mapping

This feature lets you assign and manage WordPress roles of the users when they log in using Salesforce. When signed in with Salesforce, users will have the specified role. 

Salesforce doesn’t support Group role mapping.

WordPress has 7 pre-defined roles :

  •  Administrator
  •  Editor
  •  Author
  •  Contributor
  •  Subscriber
  •  Customer 

To configure default role mapping please follow the steps below:

  • Go to the Attribute/Role Mapping page of the Plugin;
  • Scroll down and find the Role Mapping section;
  • Select one necessary role of the WordPress predefined role;
  • Click on the Save button.

5.) Auth0 SSO Login Button - Redirect to IDP

Next is to enable your Auth0 SSO login buttons, which can be found on the SSO Links tab.  Follow the SSO Login Widget page for instructions on setting up.

Login Button

6.) Multiple Environments Feature

For more information about Multiple Environments Feature follow the Multiple Environments SSO page.