Search Results :

×


Additional Configuration for WordPress Azure B2C Single Sign-On

Once the WordPress Azure B2C SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.


Attribute Mapping allows you to map the user attributes sent by Azure B2C (like name, email, etc.) to the corresponding user fields in WordPress. This ensures user profiles are created or updated with correct information during Single Sign-On (SSO).

  • Navigate the Attribute/Role Mapping tab in the miniOrange SAML SSO plugin..
  • The following fields are available by default:
Username Usually mapped to NameID or email
Email Typically mapped to email
First Name Can be mapped to givenName
Last Name Can be mapped to surname
Group/Role Can be mapped to group/role name
Display Name Can be mapped to Username or a different attribute
Attribute Mapping | WP Azure B2C SSO configuration

Note and Contact Us - Azure B2C SAML SSO with WordPress

Note: Click on Test Configuration in the plugin to see the attributes Azure B2C is sending. This will help you identify the correct names to map.



Add Custom Claims in Azure B2C

  • Log in to the Azure Portal and navigate to your Azure B2C tenant.
  • Under Policies, select User Flows (or Custom Policies, if applicable).
  • Select the user flow (e.g., B2C_1_signupsignin) you're using for SSO.
  • Under Application Claims, enable any custom or standard attributes you want to send (e.g., jobTitle, extension_).
Attribute Mapping | WP Azure B2C SSO configuration

  • Click Save.

Verify the Claims in the Plugin

  • In WordPress, go to the miniOrange SAML Plugin → Service Provider Setup tab.
  • Click Test Configuration to initiate SSO and inspect the SAML Response.
  • Copy the exact claim name you want to map (e.g., jobTitle, extension_department).

Map Custom Attributes

  • Go to the Attribute Mapping tab in the miniOrange SAML SSO plugin.
  • In the Custom Attribute Mapping section:
    • Click on the Add Attribute button and enter the SAML Attribute Name (e.g., jobTitle).
    • Map it to the WordPress usermeta field (e.g., job_title).
Custom Attribute Mapping | WP Azure B2C SSO configuration

  • Save the changes.
  • If you want to display the attributes in the WordPress users table, then enable the Display Attribute option.

With Role/Group Mapping, WordPress roles can be assigned to users based on attributes sent by Azure B2C during SSO login. While configuring role/group mapping you can choose any attribute sent by Azure B2C to assign roles.

The Role/Group Mapping feature allows you to assign specific WordPress roles to users based on the groups or roles they belong to in Azure B2C. This helps streamline user management by dynamically assigning roles such as Administrator, Editor, or Subscriber depending on a user's group membership in Azure B2C.

This feature supports both default WordPress roles (Administrator, Editor, Subscriber, etc.) as well as custom roles created in your WordPress setup.


To Set Up Role Mapping:

  • Navigate to the Role Mapping tab in miniOrange SSO using SAML 2.0 plugin.
  • Select the IDP Group/Role attribute sent from Azure B2C. Make sure that the attribute you select will have the user's group values in it.
  • To map roles to the users, enter the group name against the WordPress role. For eg. If you want to assign an Administrator role to the user that has the group “Azure_admins”, then add the groupname “Azure_admins” inside the field in front of the Administrator role.
  • To map roles to the group, select the group attribute and enter the group name against the WordPress role. For eg. If you want to assign an Administrator role to the user that has the group “Azure_admins”, then add the groupname “Azure_admins” inside the field in front of the Administrator role.

Example: To assign the Administrator role to users with the Azure group Azure_admins, enter Azure_admins next to the Administrator role field.


Map WordPress Roles based on Custom Azure B2C Roles

  • In Azure B2C, navigate to your User Flow and Application Claims.
  • Enable the role claim (e.g., extension_userRole) to be included in the token.
  • Save your changes.
  • In WordPress:
    • Perform a Test Configuration and review the SAML response.
    • Copy the attribute name and value (e.g., extension_userRole: editor).
    • In the plugin: Enter the Attribute Name (e.g., extension_userRole) and Enter the Attribute Value (e.g. editor) to map it to the desired WordPress role (e.g., Editor).
    Note and Contact Us - Azure B2C SAML SSO with WordPress

    Note: If the claim extension_userRole returns editor, you can map it to the WordPress Editor role for automatic role assignment.



    SAML Single Logout (SLO) enables users to be automatically logged out from all connected applications when they sign out from WordPress.

    Note and Contact Us - Azure B2C SAML SSO with WordPress

    Note: This is a Premium feature available with the paid version of the plugin.


    • Navigate to the Service Provider Metadata tab in the WordPress SAML SSO plugin.
    • Copy the Single Logout URL provided in the metadata section.
    • Log in to your Azure AD B2C portal.
    • Go to the App Registration associated with your WordPress site.
    • In the left-hand menu, select the Manifest tab.
    • Locate the "logoutUrl" field within the manifest JSON.
    • Replace the null value with the Single Logout URL you copied from the plugin.
    • Click Save to apply the changes

    Configuring advanced features like Custom Attribute Mapping, Role/Group Mapping, and Single Logout (SLO) along with SSO allows you to enhance user identity management and streamline access control between your Azure B2C IDP and WordPress site.


    ADFS_sso ×
    Hello there!

    Need Help? We are right here!

    support