WordPress SSO using Salesforce SAML Login IDP
Salesforce WordPress Single Sign On (SSO) setup guide using the WP Cloud SSO SAML WordPress Plugin
Follow these steps to enable Salesforce SSO for your WordPress blog, map Salesforce users to WordPress roles, sync Salesforce user attributes and set Salesforce as your WordPress identity provider and creating single sign on experience for your users and securing access.
List of Supported SAML Login Providers for WordPress SSO
Getting Started Setting Up WordPress SSO using Salesforce Login
Table of Contents
1.) Setup Salesforce as IDP for WordPress
A) Configure Salesforce as IdP (Identity Provider)
- In the WP Cloud SSO, go to Service Provider Metadata section. In here, there are following information, such as SP Entity ID and ACS (AssertionConsumerService) URL , that are compulsory to configure the Identity Provider;
- Log in to Salesforce account as admin;
- Switch to Salesforce Lighting mode from profile menu and then go to the Setup page by clicking on setup button;
- In the panel on your left , go to Settings Tab and click on Identity Provider;
- Click on Enable Identity Provider;
- In the Service Provider section, click on the link to create the Service Provider using Connected Apps;
- Enter Connected App Name, API Name and Contact Email;
- In the Web App Settings, check Enable SAML checkbox and enter the following values:
| Field | Setting |
|---|---|
|
Enable SAML |
Checked |
|
Entity ID |
SP-EntityID / Issuer from Service Provider Metadata tab of the Plugin |
|
ACS URL |
ACS (AssertionConsumerService) URL from Service Provider Metadata tab of the Plugin |
|
Subject Type |
Username |
|
Name ID Format |
urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified |
- Click on Save to save the configuration;
- From the panel on your left, where Platform Tools section, select Connected Apps;
- Select Manage Connected Apps and click on the app just created;
- In Profiles section click on Manage Profiles;
- In the Profiles, section click on Manage Profiles button;
- Assign the Profiles to allow access in the login of this app;
- Now your Salesforce as WP Cloud IdP (Identity Provider ) has been configured for Salesforce SSO login into WordPress (WP) Site.
2.) Configure WordPress as SP
In WP Cloud SSO plugin, navigate to Service Provider Setup tab of the plugin. Follow one of the 2 ways to configure the WordPress SSO plugin.
A.) Upload Salesforce IDP Federation Metadata from file:
Note: This upload feature is only available to paid plans. Refer to step C.) which allows you to configure manually.
- Open your configured application;
- Under WP Cloud SSO Login Information, click on Download Metadata;
- Open WP Cloud SSO the plugin;
- Click on the Upload IDP metadata button;
- Enter Identity Provider Name;
- Upload metadata file downloaded from Salesforce.
B.) Upload Salesforce IDP Federation Metadata from URL:
Note: This upload feature is only available to paid plans. Refer to step C.) which allows you to configure manually.
- Open your configured application;
- Under WP Cloud SSO Login Information, click on Download Metadata;
- Open WP Cloud SSO the plugin;
- Click on the Upload IDP metadata button;
- Enter Identity Provider Name;
- Enter URL copied Metadata Discovery Endpoint.
C.) Manually Add SalesForce IDP Application URL's:
- Open your Application;
- Open the Identity Provider Setup page on your plugin;
- Select SalesForce provider;
- Identity Provider Name > Provider name;
- IdP Entity ID or Issuer > Issuer;
- SAML Login URL > SP-Initiated Redirect Endpoint;
- To get a Certificate open Metadata Discovery Endpoint in your browser;
- Find ds:X509Certificate tag;
- Copy the value in the ds:X509Certificate tag;
- Go to the plugin and paste the copied certificate in X.509 Certificate field;
- Click Save;
- Your provider successfully configured.
3.) Salesforce Attribute Mapping
Configure Attribute mapping on the plugin
- This section allows you to map user attributes sent by the IDP during SSO to user attributes at WordPress;
- In WordPress SAML plugin, navigate to the Attribute/ Role Mapping tab and enter the required fields in the Attribute Mapping section;
- Custom Attribute Mapping: This feature lets you map any attribute sent by the IDP to the usermeta table of WordPress;
- If you need to check what attributes were sent to you, the following steps below:
- Open Identity Provider Setup section;
- Select your provider;
- Click Test configuration;
- Log in if it needs. In this window, you can see all attributes.
Configure Attribute mapping on the SalesForce application
- Open configured application in SalesForce;
- Scroll down and find the Custom Attributes section;
- Click New;
- In the Attribute key enter the name of your attribute;
- Click Insert Field button. In the opened window choose the attribute you need;
- Click Insert;
- Click Save;
- Your attributes successfully configured.
4.) Salesforce to WordPress Role Mapping
This feature lets you assign and manage WordPress roles of the users when they log in using Salesforce. When signed in with Salesforce, users will have the specified role.
Salesforce doesn’t support Groups role mapping;
WordPress has 7 pre-defined roles :
- Administrator;
- Editor;
- Author;
- Contributor;
- Subscriber;
- Customer.
To configure default role mapping please follow the steps below:
- Go to the Attribute/Role Mapping page of the Plugin;
- Scroll down and find the Role Mapping section;
- Select one necessary role of the WordPress pre-defined role;
- Click on the Save button.
5.) Salesforce SSO Login Button - Redirect to IDP
Next is to enable your Salesforce SSO login buttons, which can be found on the SSO Links tab. Follow the SSO Login Widget page for instructions on setting up.
6.) Multiple Environments Feature
For more information about Multiple Environments Feature follow the Multiple Environments SSO page.