Azure Banner image| WP Azure Multitenant SSO | Azure AD WP login

Key Features

Multiple tenants support

Multi tenant support allows all the users from your organizations to perform SSO into your site. Users from multiple tenants/directories can easily log into your site through one IDP login form using IDP credentials

Tenant based SSO Restriction

Allow only specific tenant users to perform SSO through your website. Restricted users will see the appropriate error message if they try to perform SSO

Group/Role mapping based on tenants

Assign users to WordPress roles or BuddyBoss groups based on the tenant from which the user belongs to

Multisite Network Support

Configure SSO login with the same IDP for all tenants in a multisite WordPress network and manage SSO settings for each subsite at the network level

User Flow Diagram

Azure AD WordPress SSO | WP Azure Multitenant SSO | Azure AD WP login

Azure Multi-tenant Single Sign-On (SSO) allows to configure the plugin to accept sign-ins from any Azure Active Directory (Azure AD) tenant. It reduces the requirement of configuring multiple tenants separately. Users in any Azure AD tenant will be able to sign in to your WordPress site after consenting to use their account with your website. All the users from the configured tenants will be able to perform SSO login using only a single Azure AD application with a common endpoint.

Scenario

You may have your own Office 365 / Azure AD tenants and your clients/customers using their own Office365 / Azure AD tenants. Now, you want users from your own office365 organization/tenants and your client’s office365 organization/tenants to be able to access the WordPress site with Single Sign-On (SSO). The users will use their existing Azure AD/Office 365 account credentials to log in to the site.


Steps to configure Azure AD Single Sign-On (SSO) Login into WordPress(WP)

1. Setup Azure AD as IdP (Identity Provider)

Follow the steps below to configure Azure AD as IdP for WordPress

miniorange img Configure Azure AD as IdP
  • In the WordPress SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure Azure AD as the Identity Provider.
  • Azure AD SSO Login | WP Azure Multitenant SSO | Azure AD WP login
  • Log in to Azure AD Portal as admin
  • Select Azure Active Directory.
  • Select Azure Directory | WP Azure Multitenant SSO | Azure AD WP login
  • Select App registrations.
  • Select registrations | WP Azure Multitenant SSO | Azure AD WP login
  • Click on New registration.
  • New registrations | WP Azure Multitenant SSO | Azure AD WP login
  • Assign a Name and choose the Supported account types as Accounts in any orgnaizational directory (Any Azure AD directory - Multitenant).
  • In the Redirect URL field, provide the ACS URL provided in Service Provider Metadata tab of the plugin and click on Register button.
  •  Application Details | WP Azure Multitenant SSO | Azure AD WP login
  • Navigate back to the Overview tab of you active directory, copy the Primary Domain and keep it handy.
  •  Copy Primary_Domain | WP Azure Multitenant SSO | Azure AD WP login
  • Now copy the Application ID from the configured app and keep it handy.
  •  Copy Appication-Id | WP Azure Multitenant SSO | Azure AD WP login
  • Navigate to Expose an API from left menu panel.
  • Expose an API | WP Azure Multitenant SSO | Azure AD WP login
  • Click the Set button and replace the APPLICATION ID URL with https://Primary_Domain/Appication-Id that you have copied previously and click on Save
  • Replace Appication-Id | WP Azure Multitenant SSO | Azure AD WP login)
  • Go to the Authentication tab in the left panel and select ID Tokens (Used for implicit and Hybrid flows) option also make sure supported account types is Accounts in any orgnaizational directory (Any Azure AD directory - Multitenant) then click on Save.
  • Select ID-tokens | WP Azure Multitenant SSO | Azure AD WP login)
  • Navigate to API Permissions Add Permission and select Microsoft Graph.
  • Add permission | WP Azure Multitenant SSO | Azure AD WP login)
  • Now click on Application permission, then search for User.Read.All once the option is selected then click on Add permissions button.
  • Search for required permission | WP Azure Multitenant SSO | Azure AD WP login)
  • To proceed further click on Graant Admin Consent for Demo.
  • Search for required permission | WP Azure Multitenant SSO | Azure AD WP login)
  • Go back to Azure Active DirectoryApp Registrations window and click on Endpoints.

  • click on endpoints | WP Azure Multitenant SSO | Azure AD WP login
  • This will navigate up to a window with multiple URLs.
  • Copy the Federation Metadata document URL to get the Endpoints required for configuring your Service Provider.

  • Copy federation metadata | WP Azure Multitenant SSO | Azure AD WP login
  • Now paste the Federation Metadata URL in the Service Provider Setup tab of the plugin and click on fetch.
  • Paste the federation metadata | WP Azure Multitenant SSO | Azure AD WP login
  • Naviagate back to your active directory and copy Application ID URI from the Expose an API tab and paste it in the SP Entity ID/ Issuer under Service Provider Endpoints tab.
  • Copy Appication-Id URI | WP Azure Multitenant SSO | Azure AD WP login
  • Also replace the SAML Login URl and SAML Logout URl with https://login.microsoft.com/common/saml2 then click on save.
  • Replace SAML login URL| WP Azure Multitenant SSO | Azure AD WP login

2. Steps to configure Azure Multitenant Plugin

  • First install the Azure Multitenant SSO plugin.
  • In the Azure Multitenant plugin select the Idp from the dropdown and paste the Tenant IDs that you want to configure then click on save.
  • Select IDP from dropdown | WP Azure Multitenant SSO | Azure AD WP login
  • To get the Tenant ID for the required office 365 account, navigate back to the Azure AD portal. Click on the Overview tab and copy the tenant ID value as displayed in the below screenshot.
  • Copy Tenant ID | WP Azure Multitenant SSO | Azure AD WP login
  • Now, ask all the tenant administrators to perform the SSO first and grant the required permissions to the application.
  • Test SSO | WP Azure Multitenant SSO | Azure AD WP login
  • Now you can test the SSO in an Incognito window to confirm if the Single Sign-On for multiple tenants is configured correctly.
  • You have successfully configured Azure AD Multitenant SSO for achieving Azure AD SSO login into your WordPress (WP) Site.

In this Guide, you have successfully configured Azure AD SAML Single Sign-On (Azure AD WP SSO Login) choosing Azure AD as IdP and WordPress as SP using WordPress SAML Single Sign-On (SSO) Login plugin .This solution ensures that your Multiple Tenants can access to your WordPress(WP) site using Azure AD login credentials within minutes.

Get Full - Featured Trial

10 Days Free Trial

  Integrate with any platform of your choice
  Test all the premium features before purchasing the license
  24*7 support to help you with the setup

No Credit Card Required

Note: Enter your Site URL where your trial license will be activated

 Thank you for your response. We will get back to you soon.

Something went wrong. Please submit your query again


Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?

24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.


Customer Reviews

See for yourself what our customers say about us.

 

Extensive Setup Guides

Easy and precise step-by-step instructions and videos to help you configure within minutes.
 

We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more.

Please contact us at -  +1 978 658 9387 (US) | +91 97178 45846 (India)   samlsupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com