WordPress SSO Azure AD Office 365

WordPress SSO using Salesforce SAML Login IDP

Salesforce WordPress Single Sign On (SSO) setup guide using the WP Cloud SSO SAML WordPress Plugin  

 

Follow these steps to enable Salesforce SSO for your WordPress blog, map Salesforce users to WordPress roles, sync Salesforce user attributes and set Salesforce as your WordPress identity provider and creating single sign on experience for your users and securing access.

Salesforce WordPress Single Sign On

with WP Cloud SSO

List of Supported SAML Login Providers for WordPress SSO

Table of Contents

Getting Started Setting Up WordPress SSO using Salesforce Login

Table of Contents

1.) Setup Salesforce as IDP for WordPress

A) Configure Salesforce as IdP (Identity Provider).

  • In the WP Cloud SSO, go to Service Provider Metadata section.  In here, there are following information, such as  SP Entity ID and ACS (AssertionConsumerService) URL , that are compulsory to configure the Identity Provider. 
  • Log in to Salesforce account as admin

 

  • Switch to Salesforce Lighting mode from profile menu and then go to the Setup page by clicking on setup button.
  • In the panel on your left , go to Settings Tab and click on Identity Provider. 
  • Click on Enable Identity Provider. 
  • In the Service Provider section, click on the link to create the Service Provider using Connected Apps
  • Enter Connected App Name, API Name and Contact Email.
  • In the Web App Settings, check Enable SAML checkbox and enter the following values:
Field Setting

Enable SAML

Checked

Entity ID

SP-EntityID / Issuer from Service Provider Metadata tab of the Plugin

ACS URL

ACS (AssertionConsumerService) URL from Service Provider Metadata tab of the Plugin

Subject Type

Username

Name ID Format

urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified

  • Click on Save to save configuration.
 
  • From the panel on your left, where Platform Tools section, select Connected Apps. 
 
  • Select Manage Connected Apps and click on the app just created 
  • In Profiles section click on Manage Profiles.
 
  • In the Profiles section click on Manage Profiles button. 
 
  • Assign the Profiles to allow access in the log in of this app. 
  • Under WP Cloud SSO Login Information, click on Download Metadata.
  • It is useful to keep this metadata for configuring the Service Provider.

Now your Salesforce as WP Cloud IdP (Identity Provider ) has been configured for Salesforce SSO login into WordPress ( WP) Site. 

2.) Configure WordPress as SP

In  WP Cloud SSO plugin, navigate to Service Provider Setup tab of the plugin. Follow one of the 2 ways to configure the WordPress SSO plugin.

A.) Upload IDP metadata:

Note: This upload feature is only available to paid plans. Refer to step B.) which allows you to configure manually.

  • Click on Upload IDP metadata button.
  • Enter Identity Provider Name.
  • Either upload  a metadata file and click on Upload button or use a metadata URL and click on Fetch Metadata.

B.) Manual Configuration:

  • Input the required settings ( i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) as provided by your Identity Provider and click on Save. 

3.) Salesforce Attribute Mapping

  • This section allows you to map user attributes send by the IDP during SSO to user attributes at WordPress.

 

  • In WordPress SAML plugin, navigate to Attribute/ Role Mapping tab and enter  the required fields in Attribute Mapping section. 

 

  • Custom Attribute Mapping: This feature lets you map any attribute sent by the IDP to the usermeta table of WordPress. 

4.) Salesforce to WordPress Role Mapping

This feature lets you assign and manage WordPress roles of the users when they login using Salesforce. Here you set the default WordPress role and then assign Salesforces Groups to each WordPress Role. 

 

  • In the Attribute Mapping section of the plugin, enter a mapping for the field named Group. This attribute will contain the role related information sent by the IDP and will be used for Role Mapping. 
  • Go to role mapping section and enter the mappings for the highlighted roles.

For example, if you want a user whose Group/Role attribute value is wp-editor to be assigned as an Editor in WordPress, please enter the mapping as wp-editor in the Editor field of Role Mapping section.