Salesforce WordPress Single Sign On (SSO) setup guide using the WP Cloud SSO SAML WordPress Plugin
Follow these steps to enable Salesforce SSO for your WordPress blog, map Salesforce users to WordPress roles, sync Salesforce user attributes and set Salesforce as your WordPress identity provider and creating single sign on experience for your users and securing access.
Getting Started Setting Up WordPress SSO using Salesforce Login
Table of Contents
1.) Setup Salesforce as IDP for WordPress
A) Configure Salesforce as IdP (Identity Provider)
In the WP Cloud SSO, go to Service Provider Metadata section. In here, there are following information, such as SP Entity ID and ACS (AssertionConsumerService) URL , that are compulsory to configure the Identity Provider;
Log in to Salesforce account as admin;
Switch to Salesforce Lighting mode from profile menu and then go to the Setup page by clicking on setup button;
In the panel on your left , go to Settings Tab and click on Identity Provider;
Click on Enable Identity Provider;
In the Service Provider section, click on the link to create the Service Provider using Connected Apps;
Enter Connected App Name, API Name and Contact Email;
In the Web App Settings, check Enable SAML checkbox and enter the following values:
Field
Setting
Enable SAML
Checked
Entity ID
SP-EntityID / Issuer from Service Provider Metadata tab of the Plugin
ACS URL
ACS (AssertionConsumerService) URL from Service Provider Metadata tab of the Plugin
Open the Identity Provider Setup page on your plugin;
Select SalesForce provider;
Identity Provider Name > Provider name;
IdP Entity ID or Issuer > Issuer;
SAML Login URL > SP-Initiated Redirect Endpoint;
To get a Certificate open Metadata Discovery Endpoint in your browser;
Find ds:X509Certificate tag;
Copy the value in the ds:X509Certificate tag;
Go to the plugin and paste the copied certificate in X.509 Certificate field;
Click Save;
Your provider successfully configured.
3.) Salesforce Attribute Mapping
Configure Attribute mapping on the plugin
This section allows you to map user attributes sent by the IDP during SSO to user attributes at WordPress;
In WordPress SAML plugin, navigate to the Attribute/ Role Mapping tab and enter the required fields in the Attribute Mapping section;
Custom Attribute Mapping: This feature lets you map any attribute sent by the IDP to the usermeta table of WordPress;
If you need to check what attributes were sent to you, the following steps below:
Open Identity Provider Setup section;
Select your provider;
Click Test configuration;
Log in if it needs. In this window, you can see all attributes.
Configure Attribute mapping on the SalesForce application
Open configured application in SalesForce;
Scroll down and find the Custom Attributes section;
Click New;
In the Attribute key enter the name of your attribute;
Click Insert Field button. In the opened window choose the attribute you need;
Click Insert;
Click Save;
Your attributes successfully configured.
4.) Salesforce to WordPress Role Mapping
This feature lets you assign and manage WordPress roles of the users when they log in using Salesforce. When signed in with Salesforce, users will have the specified role.
Salesforce doesn’t support Groups role mapping;
WordPress has 7 pre-defined roles :
Administrator;
Editor;
Author;
Contributor;
Subscriber;
Customer.
To configure default role mapping please follow the steps below:
Go to the Attribute/Role Mapping page of the Plugin;
Scroll down and find the Role Mapping section;
Select one necessary role of the WordPress pre-defined role;
Click on the Save button.
5.) Salesforce SSO Login Button - Redirect to IDP
Next is to enable your Salesforce SSO login buttons, which can be found on the SSO Links tab. Follow the SSO Login Widget page for instructions on setting up.