Office 365 OAuth & OpenID connect Single Sign-On (SSO) | Office 365 SSO Login

Download And Installation

• Log into your WordPress instance as an admin.
• Go to the WordPress Dashboard -> Plugins and click on Add New.
• Search for a WordPress OAuth Single Sign-On (SSO) plugin and click on Install Now.
• Once installed click on Activate

Step 1: Setup Office 365 as OAuth Provider

• Sign in to Azure portal.
• Click on App Services and go to Manage Azure Active Directory.

• In the left-hand navigation pane, click the App registrations service, and click New registration.

• When the Create page appears, enter your application's registration information:

Name :	Name of your application.
Application type :	Select "Web app / API" for client applications and resource/API applications that are installed on a secure server. This setting is used for OAuth confidential web clients and public user-agent-based clients. The same application can also expose both a client and resource/API.
Sign-on URL :	For "Web app / API" applications, provide the base URL of your app. eg, https://<domain-name> might be the URL for a web app running on your local machine. Users would use this URL to sign in to a web client application.

• When finished, click Register. Azure AD assigns a unique Application ID to your application. Copy Application ID and the Directory ID , this will be your Client ID and Tenent ID.

• Go to API permissions from the left navigaton pane and click on Add permissions.

• Click on Office 365 and add permission.

• Go to Certificates and Secrets from the left navigaton pane and click on New Client Secret. Enter description and expiration time and click on ADD option.

• Copy value. This will be your Secret key.

• Enter application Home page URL Logout Settings->Properties->Logout URL.

You have successfully configured Office 365 as OAuth Provider for achieving Office 365 login into your WordPress Site.

Step 2: Setup WordPress as OAuth Client

• Go to Configure OAuth tab and configure App Name, Client ID, Client Secret, Tenant ID from provided Endpoints
• openid is already filled but if it doesn't work then configure scope as User.Read and for fetching group info use scope is Directory.read.all.
• Click on Save Settings to save the configuration.

You have successfully configured WordPress as OAuth Client for achieving Office 365 login into your WordPress Site.

Step 3: User Attribute Mapping

• User Attribute Mapping is mandatory for enabling users to successfully login into WordPress. We will be setting up user profile attributes for WordPress using below settings.

Finding user attributes

• Go to Configure OAuth tab. Scroll down and click on Test Configuration.

• You will see all the values returned by your OAuth Provider to WordPress in a table. If you don't see value for First Name, Last Name, Email or Username, make the required settings in your OAuth Provider to return this information.
• Once you see all the values in Test Configuration, go to Attribute / Role Mapping tab, you will get the list of attributes in a Username dropdown.

Step 4: Login Settings / Sign In Settings

• The settings in SSO Settings tab define the user experience for Single Sign-On (SSO). To add a login widget on your WordPress page, you need to follow below steps.

Sign In Settings

• Go to WordPress Left Panel > Appearances > Widgets.
• Select "miniOrange OAuth". Drag and drop to your favourite location and save.

• Open your Wordpress page and you can see the login button there. You can test the SSO now.

In this Guide, you have successfully configured Office 365 Single Sign-On (SSO) by configuring Office 365 as OAuth Provider and WordPress as OAuth Client using our WP OAuth Single Sign-On ( OAuth / OpenID Connect Client ) plugin.This solution ensures that you are ready to roll out secure access to your WordPress site using Office 365 login credentials within minutes.

Additional Resources

• What is OAuth 2.0?
• Office 365 as OAuth Provider / OpenID Connect
• Frequently Asked Questions (FAQs)