Azure Multitenant Single Sign-On (SSO) login in WordPress (WP)
Enable easy one-click Single Sign-On (SSO) for WordPress using your Azure Multitenant app, authenticating users via their Azure AD credentials. Allow users to login into WordPress from multiple Azure tenants within your Azure Multitenant app by mapping their tenant IDs using WordPress Azure Multitenant add-on.
Multi tenant support allows all the users from your organizations to perform SSO into your site. Users from multiple tenants/directories can easily log into your site through one IDP login form using IDP credentials
Tenant based SSO Restriction
Allow only specific tenant users to perform SSO through your website. Restricted users will see the appropriate error message if they try to perform SSO
Group/Role mapping based on tenants
Assign users to WordPress roles or BuddyBoss groups based on the tenant from which the user belongs to
Multisite Network Support
Configure SSO login with the same IDP for all tenants in a multisite WordPress network and manage SSO settings for each subsite at the network level
User Flow Diagram
Azure Multi-tenant Single Sign-On (SSO) allows to configure the plugin to accept sign-ins from any Azure Active Directory (Azure AD) tenant. It reduces the requirement of configuring multiple tenants separately. Users in any Azure AD tenant will be able to sign in to your WordPress site after consenting to use their account with your website. All the users from the configured tenants will be able to perform SSO login using only a single Azure AD application with a common endpoint.
You may have your own Office 365 / Azure AD tenants and your clients/customers using their own Office365 / Azure AD tenants. Now, you want users from your own office365 organization/tenants and your client’s office365 organization/tenants to be able to access the WordPress site with Single Sign-On (SSO). The users will use their existing Azure AD/Office 365 account credentials to log in to the site.
Steps to configure Azure AD Single Sign-On (SSO) Login into WordPress(WP)
1. Setup Azure AD as IdP (Identity Provider)
Follow the steps below to configure Azure AD as IdP for WordPress
Configure Azure AD as IdP
In the WordPress SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure Azure AD as the Identity Provider.
Assign a Name and choose the Supported account types as Accounts in any orgnaizational directory (Any Azure AD directory - Multitenant).
In the Redirect URL field, provide the ACS URL provided in Service Provider Metadata tab of the plugin and click on Register button.
Navigate back to the Overview tab of you active directory, copy the Primary Domain and keep it handy.
Now copy the Application ID from the configured app and keep it handy.
Navigate to Expose an API from left menu panel.
Click the Set button and replace the APPLICATION ID URL with https://Primary_Domain/Appication-Id
that you have copied previously and click on Save
Go to the Authentication tab in the left panel and select ID Tokens (Used for implicit and Hybrid flows) option also make sure supported account types is Accounts in any orgnaizational directory (Any Azure AD directory - Multitenant) then click on Save.
Navigate to API Permissions ⇒ Add Permission and select Microsoft Graph.
Now click on Application permission, then search for User.Read.All once the option is selected then click on Add permissions button.
To proceed further click on Graant Admin Consent for Demo.
Go back to Azure Active Directory ⇒ App Registrations window and click on Endpoints.
This will navigate up to a window with multiple URLs.
Copy the Federation Metadata document URL to get the Endpoints required for configuring your Service Provider.
Now paste the Federation Metadata URL in the Service Provider Setup tab of the plugin and click on fetch.
Naviagate back to your active directory and copy Application ID URI from the Expose an API tab and paste it in the SP Entity ID/ Issuer under Service Provider Endpoints tab.
Also replace the SAML Login URl and SAML Logout URl with https://login.microsoft.com/common/saml2 then click on save.
2. Steps to configure Azure Multitenant Plugin
First install the Azure Multitenant SSO plugin.
In the Azure Multitenant plugin select the Idp from the dropdown and paste the Tenant IDs that you want to configure then click on save.
To get the Tenant ID for the required office 365 account, navigate back to the Azure AD portal. Click on the Overview tab and copy the tenant ID value as displayed in the below screenshot.
Now, ask all the tenant administrators to perform the SSO first and grant the required permissions to the application.
Now you can test the SSO in an Incognito window to confirm if the Single Sign-On for multiple tenants is configured correctly.
You have successfully configured Azure AD Multitenant SSO for achieving Azure AD SSO login into your WordPress (WP) Site.
In this Guide, you have successfully configured Azure AD SAML Single Sign-On (Azure AD WP SSO Login) choosing Azure AD as IdP and WordPress as SP using WordPress SAML Single Sign-On (SSO) Login plugin .This solution ensures that your Multiple Tenants can access to your WordPress(WP) site using Azure AD login credentials within minutes.
Get Full - Featured Trial
10 Days Free Trial
Integrate with any platform of your choice
Test all the premium features before purchasing the license
24*7 support to help you with the setup
No Credit Card Required
Thank you for your response. We will get back to you soon.
Something went wrong. Please submit your query again
Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.
If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.