SAML Single Sign-On (SSO) For DotNetNuke Sites Using Office 365 As IDP

DotNetNuke SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your DotNetNuke applications. Using Single Sign-On you can use only one password to access your DotNetNuke application and services. Our module is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between DotNetNuke and Office365 considering Office365 as IdP

Pre-requisites : Download And Installation

• Download the package for DNN SAML Single Sign-On (SSO) module.
• Upload the installation package dnn-saml-single-sign-on_xxx_Install by going in Settings > Extension > Install Extension.

1. Add module on DNN page

• Open any of the page on your DNN site (Edit mode) and Click on Add Module.

• Search for DNNSAMLSSO and click on the DNNSAMLSSO. Drag and drop the module on the page where you want.

• You have finished with the Installation of the module on your DNN site.

2. Configure Office365 as Identity Provider

Follow the steps below to configure Office365 as IdP

• Go to Module Settings >> DNNSAMLSSO Settings .


A] Select your Identity Provider

• Select Office365 from the list. If you don't find your Identity provider in the list, select Custom IDP. You can also search for your Identity Provider using the search box.


B] Configure your Identity Provider

• Under the Service Provider Settings tab, you can download SP metadata as a XML document or copy the metadata url.
• Alternatively, copy and paste the SP Entity ID and ACS Url from the SP metadata Table to your IdP configuration page.

• Azure AD setup through Enterprise Applications
• Azure AD setup through App Registrations

• Log in to Azure AD Portal


• Select Azure Active Directory.


• Select Enterprise Application.


• Click on New Application.


• Click on Create your own Application.


• Enter the name for your app, then select Non-gallery application section and click on Create button.


• Click on Setup Single sign-on .


• Select the SAML  tab.


• After clicking on Edit, enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Metadata tab of the plugin.


• By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.


• Copy the App Federation Metadata Url to get the Endpoints required for configuring your Service Provider.


• Assign users and groups to your SAML application
• Navigate to Users and groups tab and click on Add user/group.

• Click on Users to assign the required user and then click on select.

• You can also assign a role to your application under Select Role section.
• You have successfully configured Azure AD as SAML IdP ( Identity Provider) for achieving Azure AD SSO login into your WordPress (WP) Site.

• Log in to Azure AD Portal as admin


• Select Azure Active Directory.


• Select App registrations.


• Click on New registration.


• Assign a Name and choose the account type.
• In the Redirect URL field, provide the ACS URL provided in Service Provider Metadata tab of the plugin and click on Register button.

• Navigate to Expose an API from left menu panel.
• Click the Set button and replace the APPLICATION ID URL with the plugin's SP Entity ID.


NOTE: Please ensure that the SP Entity ID value from the Service Provider Metadata tab doesn't have a trailing slash('/'). If SP Entity ID has a trailing slash then update it by removing the trailing slash from the SP EntityID / Issuer field under the Service Provider Metadata tab of the plugin, enter the updated value at Azure and click on the Save button.



• Go back to Azure Active Directory ⇒ App Registrations window and click on Endpoints.


• This will navigate up to a window with multiple URLs.
• Copy the Federation Metadata document URL to get the Endpoints required for configuring your Service Provider.

3. Configure DotNetNuke SAML Module as Service Provider

• To upload IdP's metadata, you can use the Upload IdP metadata button under the Identity Provider Settings tab, if you have the IdP metadata URL or the IdP metadata .xml file.
• Alternatively, you can copy the IDP Entity ID and Single Sign-On Url values from the IdP and fill them up under the Identity Provider Settings tab.

4: Test Configuration

• Click the Test Configuration button to verify if you have configured the plugin correctly.
• On successful configuration, you will get Attribute Name and Attribute Values in the Test Configuration window.

5: Adding Login Widget on DNN Page

• For Adding Button on the DNN page on beside the module settings click on the Add Item (Pencil Icon).

• Add Button name and click on Save.

• You can see login button on the page after saving item. (If you are already logged in your site, you will see a "Logout" link).

Note : If you want to Enable this button on every page of the DNN site follow below steps

• Go to the Settings >> Module Settings >> Advanced Settings and Enable option for Display Module On All Page.

• Warning: You will lose all your configuration for the module after enabling this option. You can re-configure the module or it is better to enable this option before configuring the module.

6: Attribute Mapping

• Attributes are user details that are stored in your Identity Provider.
• Attribute Mapping helps you to get user attributes from your IdP and map them to DotNetNuke user attributes like firstname, lastname etc..
• While auto registering the users in your DotNetNuke site these attributes will automatically get mapped to your DotNetNuke user details.
• Go to DNNSAMLSSO Settings >> Advanced settings >> Attribute Mapping.

7: Role mapping (It is Optional to fill this)

• DotNetNuke uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
• DotNetNuke has five pre-defined roles: Administrators, Subscribers, Registered Users, Translator (en-US) and Unverified Users.
• Role mapping helps you to assign specific roles to users of a certain group in your IdP.
• While auto registering, the users are assigned roles based on the group they are mapped to.

You can configure the DotNetNuke SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.

If you are looking to Single Sign-On into your sites with any SAML compliant Identity Provider then we have a separate solution for that. We do provide SSO solutions for the following: