Azure AD as IdP for WordPress

Azure AD / Office 365 Single Sign-On (SSO) login for WordPress [SAML] can be achieved by using our WordPress SAML SP Single Sign-On (SSO) plugin. Our plugin is compatible with all the SAML compliant Identity Providers. Here we will go through a step-by-step guide to configure SAML SSO login between WordPress site and Azure AD / Office 365 by considering Azure AD/Office 365 as IdP (Identity Provider) and WordPress as SP (Service Provider).

miniorange img Pre-requisites : Download And Installation

To configure Azure AD as SAML IdP with WordPress, you will need to install the miniOrange WP SAML SP SSO plugin:


Steps to configure Azure AD Single Sign-On (SSO) Login into WordPress


Step 1: Setup Azure AD as IDP (Identity Provider)

Follow the steps below to configure Azure AD as IdP

    miniorange img Configure Azure AD as IdP

    • In the miniOrange SAML SP SSO plugin, navigate to SP (Service Provider) Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are
      required to configure the Azure AD as IdP (Identity Provider).
    • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - upload metadata
Step-by-step Video to Setup SSO between WordPress and Azure AD
  • Log in to Azure AD Portal

  • Select Azure Active Directory.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Enterprise registrations
  • Select Enterprise Application.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Enterprise registrations
  • Click on New Application.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - New Application
  • Click on Create your own Application.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Add Non-Gallery Application
  • Enter the name for your app, then select Non-gallery application section and click on Create button.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Add Non-Gallery Application
  • Click on Setup Single sign-on .

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Add Non-Gallery Application
  • Select the SAML  tab.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Add Non-Gallery Application
  • After clicking on Edit, enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Metadata tab of the plugin.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Select SAML authentication SSO Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Select SAML authentication SSO
  • By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Configure SAML 2.0
  • Copy the App Federation Metadata Url to get the Endpoints required for configuring your Service Provider.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - Setup SAML 2.0
  • Assign users and groups to your SAML application
    • Navigate to Users and groups tab and click on Add user/group.
    • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - assign groups and users
    • Click on Users to assign the required user and then click on select.
    • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - add users
    • You can also assign a role to your application under Select Role section.
    • You have successfully configured Azure AD as SAML IdP ( Identity Provider) for achieving Azure AD SSO login into your WordPress (WP) Site.
Step-by-step Video to Setup SSO between WordPress and Azure AD

  • Log in to Azure AD Portal as admin

  • Select Azure Active Directory.

  • SConfigure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - New registrations
  • Select App registrations.

  • SConfigure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - New registrations
  • Click on New registration.

  • SConfigure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - New registrations
  • Assign a Name and choose the account type.
  • In the Redirect URL field, provide the ACS URL provided in Service Provider Metadata tab of the plugin and click on Register button.
  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login -  Application Registration
  • Navigate to Expose an API from left menu panel.
  • Click the Set button and replace the APPLICATION ID URL with the plugin's SP Entity ID.


  • NOTE: Please ensure that the SP Entity ID value from the Service Provider Metadata tab doesn't have a trailing slash('/'). If SP Entity ID has a trailing slash then update it by removing the trailing slash from the SP EntityID / Issuer field under the Service Provider Metadata tab of the plugin, enter the updated value at Azure and click on the Save button.


    Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login -  Expose an API)
  • Go back to Azure Active DirectoryApp Registrations window and click on Endpoints.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - endpoints
  • This will navigate up to a window with multiple URLs.
  • Copy the Federation Metadata document URL to get the Endpoints required for configuring your Service Provider.

  • Configure Azure AD as IDP -SAML Single Sign-On(SSO) for WordPress - Azure AD SSO Login - federation metadata
  • You have successfully configured Azure AD as SAML IdP ( Identity Provider) for achieving Azure AD SSO login into your WordPress (WP) Site.
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com