Microsoft Silver Partner

Microsoft Silver Partner

mobile-logo
WordPress SSO Azure AD Office 365

WordPress SSO using Salesforce SAML Login IDP

Salesforce WordPress Single Sign On (SSO) setup guide using the WP Cloud SSO SAML WordPress Plugin  

 

Follow these steps to enable Salesforce SSO for your WordPress blog, map Salesforce users to WordPress roles, sync Salesforce user attributes and set Salesforce as your WordPress identity provider and creating single sign on experience for your users and securing access.

WP CLoud SSO

Salesforce WordPress Single Sign On

with WP Cloud SSO

Download Plugin

List of Supported SAML Login Providers for WordPress SSO

Active Directory

Azure AD / Office 365

ADFS-SSO

ADFS

Azure B2C

Azure B2C

Okta SSO WordPress Login

Okta

Google Apps Single Sign On

Google Apps

SalesForce SAML SSO

Salesforce

AUTH0 SAML SSO

Auth0

OneLogin Auth0 Alternatives – SSO Providers

One Login

Keycloak IDP

KeyCloak

Shibboleth SAML IDP

Shibboleth

Table of Contents

Getting Started Setting Up WordPress SSO using Salesforce Login

Table of Contents

1.) Setup Salesforce as IDP for WordPress

A) Configure Salesforce as IdP (Identity Provider).

  • In the WP Cloud SSO, go to Service Provider Metadata section.  In here, there are following information, such as  SP Entity ID and ACS (AssertionConsumerService) URL , that are compulsory to configure the Identity Provider. 
  • Log in to Salesforce account as admin

 

  • Switch to Salesforce Lighting mode from profile menu and then go to the Setup page by clicking on setup button.
  • In the panel on your left , go to Settings Tab and click on Identity Provider. 
Select identity Provider
  • Click on Enable Identity Provider. 
Enable Identity Provider
  • In the Service Provider section, click on the link to create the Service Provider using Connected Apps
  • Enter Connected App Name, API Name and Contact Email.
  • In the Web App Settings, check Enable SAML checkbox and enter the following values:
Field Setting

Enable SAML
Checked

Entity ID

SP-EntityID / Issuer from Service Provider Metadata tab of the Plugin

ACS URL

ACS (AssertionConsumerService) URL from Service Provider Metadata tab of the Plugin

Subject Type

Username

Name ID Format

urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified
Web App Settings
  • Click on Save to save configuration.
 
  • From the panel on your left, where Platform Tools section, select Connected Apps. 
 
  • Select Manage Connected Apps and click on the app just created 
Manage Connected Apps
  • In Profiles section click on Manage Profiles.
 
  • In the Profiles section click on Manage Profiles button. 
 
  • Assign the Profiles to allow access in the log in of this app. 
  • Under WP Cloud SSO Login Information, click on Download Metadata.
Download Metadata
  • It is useful to keep this metadata for configuring the Service Provider.

Now your Salesforce as WP Cloud IdP (Identity Provider ) has been configured for Salesforce SSO login into WordPress ( WP) Site. 

2.) Configure WordPress as SP

In  WP Cloud SSO plugin, navigate to Service Provider Setup tab of the plugin. Follow one of the 2 ways to configure the WordPress SSO plugin.

A.) Upload IDP metadata:

Note: This upload feature is only available to paid plans. Refer to step B.) which allows you to configure manually.

  • Click on Upload IDP metadata button.
  • Enter Identity Provider Name.
  • Either upload  a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.

B.) Manual Configuration:

  • Input the required settings ( i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider and click on Save. 

3.) Salesforce Attribute Mapping

  • This section allows you to map user attributes send by the IDP during SSO to user attributes at WordPress.

 

  • In WordPress SAML plugin, navigate to Attribute/ Role Mapping tab and enter  the required fields in Attribute Mapping section. 

 

  • Custom Attribute Mapping: This feature lets you map any attribute sent by the IDP to the usermeta table of WordPress. 

4.) Salesforce to WordPress Role Mapping

This feature lets you assign and manage WordPress roles of the users when they login using Salesforce. Here you set the default WordPress role and then assign Salesforces Groups to each WordPress Role. 

 

  • In the Attribute Mapping section of the plugin, enter a mapping for the field named Group. This attribute will contain the role related information sent by the IDP and will be used for Role Mapping. 
  • Go to role mapping section and enter the mappings for the highlighted roles.

For example, if you want a user whose Group/Role attribute value is wp-editor to be assigned as an Editor in WordPress, please enter the mapping as wp-editor in the Editor field of Role Mapping section.