Azure AD as IdP for WordPress

Step 1: Setup Azure AD as Identity Provider

    miniorange img Prerequisites:

    • In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
    • wordpress saml upload metadata

    miniorange img Instructions:

  • Log in to Azure AD Portal

  • Select Azure Active Directory ⇒ App Registrations. Click on New Application Registration.

  • azure ad sso-1
  • Assign a Name and choose the account type.In the Redirect URI field, provide the ACS URL provided in Service Provider Info tab of the plugin and click on Register button.
  •       azure ad sso-2
  • Now, navigate to Expose an API menu option and Click the Set button and replace the APPLICATION ID URI with the plugin's SP Entity ID

  • azure ad sso-3
  • Go back to Azure Active Directory ⇒ App Registrations window and click on Endpoints link.

  • azure ad sso-4
  • This will open up a window with multiple URLs listed there. Copy the Federation Metadata Document URL. This will be required while configuring the SAML plugin.

  • azure ad sso-5
  • Log in to Azure AD Portal

  • Select Azure Active Directory ⇒ Enterprise Applications.

  • azure ad sso-6
  • Click on New Application.

  • azure ad sso-7
  • Click on Non-gallery application section and enter the name for your app and click on Add button.

  • azure ad sso-8
  • Click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.

  • azure ad sso-9
  • Enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Info tab of the plugin.

  • azure ad sso-10
  • By default, the following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the Attributes tab.

  • azure ad sso-11
  • Copy App Federation Metadata Url. This will be used while configuring the SAML plugin.

  • azure ad sso-12
  • Click on User and groups from the applications left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.

  • azure ad sso-13