Single Sign On for Intranet users and MFA over LDAP for users outside intranet
This solution provides requirements when you want to perform Single Sign On (SSO) for a user who is present inside Intranet Network and if the user is present outside intranet network he / she must be authenticated using LDAP / WordPress credentials and on top of that Two Factor(2FA) / Multi Factor Authentication(MFA) is performed before Login is successful.
The first case when a user is present inside an Intranet network:
This can be achieved using Kerberos NTLM SSO protocol. Kerberos is an authentication protocol that supports the concept of Single Sign-On (SSO). It is a cryptography-based authentication protocol that is designed to provide secure authentication over an insecure network by allowing users to authenticate while preventing passwords from being sent over the internet. For more details regarding Kerberos Protocol you can check out our guide.
The second case is when a user is not present inside the intranet network and wants to access the website:
This can be done using reverse proxy. The user is provided with a proxy server URL. Once the user clicks on the proxy server URL the user will be able to access the actual WordPress website. The user then needs to enter their LDAP / WordPress credentials. Once the authentication is successful a 2FA / MFA prompt appears after validating the user using 2FA / MFA the users will be able to access the website.
You have an Active Directory / LDAP Servers which contain information of AD objects like users, computers, electronic devices, etc.
You want to allow Active Directory users to SSO into your web application (WordPress website) when they are present in the Intranet Network.
You want to allow users outside the intranet network to access the content of your WordPress website using LDAP / WordPress credentials with 2 Factor Authentication / Multi-Factor Authentication.
WordPress Kerberos/NTLM Add-on allows the users to configure the Single Sign On (SSO) from LDAP Server / Active Directory using Kerberos protocol.
miniOrange Reverse Proxy Server or On-Premise Reverse Proxy Server setup which will allow external users to access the WordPress website.
miniOrange WordPress 2FA | MFA plugin allows you to perform 2 Factor Authentication or Multi Factor Authentication to verify users on login.
In this setup, WordPress acts as a website / web application which is used by user to Single Sign On (SSO) using their LDAP/Active Directory credentials with Kerberos protocol:
You will also need to completely configure WordPress LDAP/AD Intranet Premium Plugin beforehand.
You will need to install and configure miniOrange WordPress 2FA/MFA plugin to authenticate users trying to access website from outside the Intranet network.
Setup a reverse proxy server for your web server. You can choose between miniOrange reverse proxy server or an On-Premise reverse proxy server.
End user experience:
After installing and configuring the WordPress LDAP/AD Login for Intranet sites premium plugin along with WordPress Kerberos/NTLM add-on, users can auto login (SSO) into your wordpress site without a need of entering their credentials from a domain joined machine (Inside local Intranet network).
With this plugin and add-on, wordpress will directly fetch and update the user profile information from the Active Directory, whenever user auto logins to your website.
If a user is trying to access the WordPress website outside the Intranet Network, they will receive a simple login form where they will enter their LDAP / Active Directory or WordPress credentials for authentication.
For further validation of external users they will receive a 2FA / MFA prompt to authenticate and on successful validation users will be logged in into your WordPress Website.
The miniOrange WordPress LDAP/AD Login for Intranet sites plugin along with miniOrange WordPress 2FA /MFA plugin, and Kerberos/NTLM add-on, offers a seamless user experience by authenticating users into your WordPress site who may be present inside or outside intranet network using their LDAP Credentials, and doubling down on security with 2 Factor / Multi Factor authentication for users outside intranet network.
LDAP/AD Login for Intranet Sites
LDAP/AD login for intranet sites plugin allows you to Login into a WordPress website using the credentials which are stored in your LDAP server/ Active Directory.
To learn more about the plugin's features and add-ons, click here.
Need Help? We are right here!
Contact miniOrange Support
Thanks for your inquiry.
If you dont hear from us within 24 hours, please feel free to send a follow up email to firstname.lastname@example.org
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.