Configure Clever Single Sign-On (SSO) for WordPress using OAuth | Clever SSO

Overview

WordPress Clever SSO uses OAuth Authorization flow to provide users secure access to WordPress sites. With our WordPress OAuth Single Sign-On (SSO) plugin, Clever acts as the OpenID Connect and OAuth provider, ensuring secure login for WordPress websites. The integration of WordPress Clever simplifies and secures the login process using Clever SSO. This solution allows employees to access their WordPress sites with a single click using their Clever credentials, completely removing the need to store, remember, and reset multiple passwords. In addition to offering Clever Single Sign-On (SSO) functionality, the plugin also provides advanced SSO features like user profile attribute mapping, role mapping, and providing site access based on organization email domains. For a detailed overview of the features, check out the WordPress OAuth Single Sign-On (SSO) plugin. You can follow the below steps to setup Clever SSO with WordPress.

Download Plugin Pricing Plans Free Trial

Pre-requisites : Download And Installation

• Log into your WordPress instance as an admin.
• Go to the WordPress Dashboard -> Plugins and click on Add New.
• Search for a WordPress OAuth Single Sign-On (SSO) plugin and click on Install Now.
• Once installed click on Activate.

We provide WordPress Single Sign-On (SSO) with multiple education providers, such as:

ClassLink

Canvas

Google Classroom

Office 365

Can't find your Educational Provider? Click here to learn more.

Configuration Steps

Step 1: Setup Clever as OAuth Provider

• First of all, go to https://dev.clever.com/ and sign up/login to register a new app.
• Under Start your Clever Sandbox, click on the click here to get started option.

• Go to https://apps.clever.com/signup and signup/login to your account.
• Follow the steps to create an application. (refer to the images below)

• Click on Clever Instant Login option to continue.

• Click on next button to continue.

• Copy the Client ID and the Client secret and store it in your miniOrange OAuth Client Plugin under the Client ID and Client Secret text fields respectively. Copy the Redirect/Callback URL from your miniOrange oauth client plugin and store it in the Redirect URIs text field. Finally, click on the Save button to save your configurations.

Note: For the OAuth Single Sign-On premium plugins add this https://{domain-url}?app_name={appname} as the redirect url in clever.
Eg. If your domain name is 'exampledomain' and the appname is 'Clever', then your redirect url will be 'https://example.com?app_name=Clever'.



• Click on the Next button to continue to next step.
• Select the browsers you want to be supported for certificate survey and select Secure Authorization Grant Flow for the which authorization flow do you use question (refer to the image on the next page).

• Enter all the other fields according to your use case and click on the Submit button in the end to save your configurations.



You've successfully configured WordPress SSO using Clever as OAuth Provider on your WordPress site allowing users/students to securely access their WordPress site with Clever SSO or Clever Single Sign On-(SSO) for Education to improve user authentication.

Step 2: Setup WordPress as OAuth Client

Step 3: User Attribute Mapping

• User Attribute Mapping is mandatory for enabling users to successfully login into WordPress. We will be setting up user profile attributes for WordPress using below settings.

Finding user attributes:

• Go to Configure OAuth tab. Scroll down and click on Test Configuration.

• You will see all the values returned by your OAuth Provider to WordPress in a table. If you don't see value for First Name, Last Name, Email or Username, make the required settings in your OAuth Provider to return this information.

• Once you see all the values in Test Configuration, go to Attribute / Role Mapping tab, you will get the list of attributes in a Username dropdown.

Step 4: Role Mapping [Premium]

• Click on “Test Configuration” and you will get the list of Attribute Names and Attribute Values that are sent by your OAuth provider.
• From the Test Configuration window, map the Attribute Names in the Attribute Mapping section of the plugin. Refer to the screenshot for more details.

• Enable Role Mapping: To enable Role Mapping, you need to map Group Name Attribute. Select the attribute name from the list of attributes which returns the roles from your provider application.
  Eg: Role


• Assign WordPress role to the Provider role: Based on your provider application, you can allocate the WordPress role to your provider roles. It can be a student, teacher, administrator or any other depending on your application. Add the provider roles under Group Attribute Value and assign the required WordPress role in front of it under WordPress Role.
  
  For example, in the below image. Teacher has been assigned the role of Administrator & Student is assigned the role of Subscriber.

• Once you save the mapping, the provider role will be assigned the WordPress administrator role after SSO.
  Example: As per the given example, Users with role ‘teacher’ will be added as Administrator in WordPress and ‘student’ will be added as Subscriber.

Step 5: Sign In Settings

Clever SSO with Learndash Role Mapping

If you are using Learndash as your WordPress LMS and want to assign different Learndash courses to your (Classlink, Clever, Google Classroom) users based on their schools or different sections (such as k1, k2). You can use our WordPress Learndash Integration Add-on, with the add-on instead of individually adding each person to a specific Learndash course, we may assign them directly to that course during SSO based on user groups and roles so that they can access that course straight from the WordPress site.

Related Articles

• Clever Single Sign-On (SSO) for Education
• What is Clever SSO?
• What is OAuth 2.0 and how does it work?
• What's new about OAUth 2.1 Single Sign-On protocol?
• Frequently Asked Questions (FAQs)