If you have a WordPress website where you want to have number of separate Microsoft (Office 365 / Microsoft Entra ID (Azure AD) - AAD) tenants login / authenticate, then you are looking at the right place. Multiple tenant (Multi-tenant) Login /SSO is possible in multiple ways. Please try the following options for multitenant login setup. You can reach out to us at oauthsupport@xecurify.com for support.

Microsoft Entra ID Azure AD [AAD]

Office 365

Pre-requisites : Download And Installation

Different ways to configure WordPress SSO / Login for multi-tenant users in Microsoft (Office 365 / Microsoft Entra ID (Azure AD))

1. Single or Multiple tenant SSO setup via Single SSO Application

A] Single Tenant Login

• Go to WordPress OAuth Client Single Sign-On (SSO) plugin.
• Select your Configured microsoft application and in the field of Tenant add your application tenant id, as shown in the below screenshot.And click on Save Settings button.


• You can now login with a personal Microsoft account.

B] Common Login for all Tenants

• Go to WordPress OAuth Client plugin.
• Select your Configured microsoft application and in the field of Tenant, replace the current tenant id with ‘common’ as shown in the below screenshot.Click on save settings button.


• By using SSO, users can log in from any Microsoft application as well as using their own personal Microsoft accounts.

2. Multitenant SSO setup via Tenant Specific SSO Applications

• Go to WordPress OAuth Client Single Sign-On (SSO) plugin.
• Create a separate Microsoft application for each tenant.(as shown in the below image)


• Once you have added multiple applications with different tenants, go to your WordPress Login page. (Eg. https:// < your-wordpress-domain>/wp-login.php) and you will see the SSO login buttons for each tenant.

• Now, for single login flow go to the Sign In Settings tab -> Advanced Settings -> Enable Single Sign In Flow and click on Save Settings button in the plugin.

• After Saving the settings, You will get an option to add the "Display Name for Common Login Button".


• When the user tries to login to your website, the user is able to see the Login Widget as below.


• After clicking on that sso button, users will be redirected to a page, where they will be asked to select the application/domain/group to login into the website.


• After selecting an application, the user will be redirected to microsoft app for authentication. After authentication, users will be logged in to WordPress site and a new user is also created in WordPress.

3. Multitenant SSO setup based on Tenant specific E-Mail Domains

This feature allows you to restrict the user login based on configured domains. You can allow/deny the user login based on email domain.

• Go plugin and click on Sign In Settings tab -> Advanced Settings -> Restricted Domains.
• In the configuration, you can add the domain, for example. tenant1@abc.com, tenant2@xyz.com, tenant3@pqr.org, separated by commas (,).

• If you enable the Allow restricted Domains option then, users will not be able to log in using the configured domains in the restricted domains field.

• When the user tries to login from a restricted domain, he will be denied the login and shown this screen.

4. Customized flow

If none of the options above suit you, please contact us at oauthsupport@xecurify.com so we can discuss the requirements and design a customized solution for you.