Key Features
Multiple tenants support
Multi tenant support allows all the users from your organizations to perform SSO into your site. Users from multiple tenants/directories can easily log into your site through one IDP login form using IDP credentials
Tenant based SSO Restriction
Allow only specific tenant users to perform SSO through your website. Restricted users will see the appropriate error message if they try to perform SSO
Group/Role mapping based on tenants
Assign users to WordPress roles or BuddyBoss groups based on the tenant from which the user belongs to
Multisite Network Support
Configure SSO login with the same IDP for all tenants in a multisite WordPress network and manage SSO settings for each subsite at the network level
User Flow Diagram
Azure Multi-tenant Single Sign-On (SSO) allows to configure the plugin to accept sign-ins from any Azure Active Directory (Azure AD) tenant. It reduces the requirement of configuring multiple tenants separately. Users in any Azure AD tenant will be able to sign in to your WordPress site after consenting to use their account with your website. All the users from the configured tenants will be able to perform SSO login using only a single Azure AD application with a common endpoint.
Scenario
You may have your own Office 365 / Azure AD tenants and your clients/customers using their own Office365 / Azure AD tenants. Now, you want users from your own office365 organization/tenants and your client’s office365 organization/tenants to be able to access the WordPress site with Single Sign-On (SSO). The users will use their existing Azure AD/Office 365 account credentials to log in to the site.
Steps to configure Azure AD Single Sign-On (SSO) Login into WordPress(WP)
1. Setup Azure AD as IdP (Identity Provider)
Follow the steps below to configure Azure AD as IdP for WordPress
Configure Azure AD as IdP
- In the WordPress SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure Azure AD as the Identity Provider.
- Log in to Azure AD Portal as admin
- Select Azure Active Directory.
- Select App registrations.
- Click on New registration.
- Assign a Name and choose the Supported account types as Accounts in any orgnaizational directory (Any Azure AD directory - Multitenant).
- In the Redirect URL field, provide the ACS URL provided in Service Provider Metadata tab of the plugin and click on Register button.
- Navigate back to the Overview tab of you active directory, copy the Primary Domain and keep it handy.
- Now copy the Application ID from the configured app and keep it handy.
- Navigate to Expose an API from left menu panel.
- Click the Set button and replace the APPLICATION ID URL with https://Primary_Domain/Appication-Id that you have copied previously and click on Save
- Go to the Authentication tab in the left panel and select ID Tokens (Used for implicit and Hybrid flows) option also make sure supported account types is Accounts in any orgnaizational directory (Any Azure AD directory - Multitenant) then click on Save.
- Navigate to API Permissions ⇒ Add Permission and select Microsoft Graph.
- Now click on Application permission, then search for User.Read.All once the option is selected then click on Add permissions button.
- To proceed further click on Graant Admin Consent for Demo.
- Go back to Azure Active Directory ⇒ App Registrations window and click on Endpoints.
- This will navigate up to a window with multiple URLs.
- Copy the Federation Metadata document URL to get the Endpoints required for configuring your Service Provider.
- Now paste the Federation Metadata URL in the Service Provider Setup tab of the plugin and click on fetch.
- Naviagate back to your active directory and copy Application ID URI from the Expose an API tab and paste it in the SP Entity ID/ Issuer under Service Provider Endpoints tab.
- Also replace the SAML Login URl and SAML Logout URl with https://login.microsoft.com/common/saml2 then click on save.
2. Steps to configure Azure Multitenant Plugin
- First install the Azure Multitenant SSO plugin.
- In the Azure Multitenant plugin select the Idp from the dropdown and paste the Tenant IDs that you want to configure then click on save.
- To get the Tenant ID for the required office 365 account, navigate back to the Azure AD portal. Click on the Overview tab and copy the tenant ID value as displayed in the below screenshot.
- Now, ask all the tenant administrators to perform the SSO first and grant the required permissions to the application.
- Now you can test the SSO in an Incognito window to confirm if the Single Sign-On for multiple tenants is configured correctly.
- You have successfully configured Azure AD Multitenant SSO for achieving Azure AD SSO login into your WordPress (WP) Site.
In this Guide, you have successfully configured Azure AD SAML Single Sign-On (Azure AD WP SSO Login) choosing Azure AD as IdP and WordPress as SP using WordPress SAML Single Sign-On (SSO) Login plugin .This solution ensures that your Multiple Tenants can access to your WordPress(WP) site using Azure AD login credentials within minutes.
Get Full - Featured Trial
10 Days Free Trial
Integrate with any platform of your choice
Test all the premium features before purchasing the license
24*7 support to help you with the setup
No Credit Card Required
Thank you for your response. We will get back to you soon.
Something went wrong. Please submit your query again
Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?
24/7 Support
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.
Extensive Setup Guides
Easy and precise step-by-step instructions and videos to help you configure within minutes.
We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more.
Please contact us at - +1 978 658 9387 (US) | +91 97178 45846 (India) samlsupport@xecurify.com
×
![]()
Trending searches:
Hello there!
Need Help? We are right here!
