Azure AD as IdP for WordPress
Azure AD / Office 365 Single Sign-On (SSO) login for WordPress [SAML] can be achieved by using our WordPress SAML SP Single Sign-On (SSO) plugin. Our plugin is compatible with all the SAML compliant Identity Providers. Here we will go through a step-by-step guide to configure SAML SSO login between WordPress site and Azure AD / Office 365 by considering Azure AD/Office 365 as IdP (Identity Provider) and WordPress as SP (Service Provider).
Pre-requisites : Download And Installation
To configure Azure AD as SAML IdP with WordPress, you will need to install the miniOrange WP SAML SP SSO plugin:
Steps to configure Azure AD Single Sign-On (SSO) Login into WordPress
Step 1: Setup Azure AD as IDP (Identity Provider)
Follow the steps below to configure Azure AD as IdP
- In the miniOrange SAML SP SSO plugin, navigate to SP (Service Provider) Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are
required to configure the Azure AD as IdP (Identity Provider).
Configure Azure AD as IdP
- Log in to Azure AD Portal
- Select Azure Active Directory.
- Select Enterprise Application.
- Click on New Application.
- Click on Create your own Application.
- Enter the name for your app, then select Non-gallery application section and click on Create button.
- Click on Setup Single sign-on .
- Select the SAML tab.
- After clicking on Edit, enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Metadata tab of the plugin.
- By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.
- Copy the App Federation Metadata Url to get the Endpoints required for configuring your Service Provider.
- Assign users and groups to your SAML application
- Navigate to Users and groups tab and click on Add user/group.
- Click on Users to assign the required user and then click on select.
- You can also assign a role to your application under Select Role section.
- You have successfully configured Azure AD as SAML IdP ( Identity Provider) for achieving Azure AD SSO login into your WordPress (WP) Site.
- Log in to Azure AD Portal as admin
- Select Azure Active Directory.
- Select App registrations.
- Click on New registration.
- Assign a Name and choose the account type.
- In the Redirect URL field, provide the ACS URL provided in Service Provider Metadata tab of the plugin and click on Register button.
- Navigate to Expose an API from left menu panel.
- Click the Set button and replace the APPLICATION ID URL with the plugin's SP Entity ID.
- Go back to Azure Active Directory ⇒ App Registrations window and click on Endpoints.
- This will navigate up to a window with multiple URLs.
- Copy the Federation Metadata document URL to get the Endpoints required for configuring your Service Provider.
- You have successfully configured Azure AD as SAML IdP ( Identity Provider) for achieving Azure AD SSO login into your WordPress (WP) Site.
NOTE: Please ensure that the SP Entity ID value from the Service Provider Metadata tab doesn't have a trailing slash('/'). If SP Entity ID has a trailing slash then update it by removing the trailing slash from the SP EntityID / Issuer field under the Service Provider Metadata tab of the plugin, enter the updated value at Azure and click on the Save button.
Need Help? We are right here!
