AWS Single Sign On (SSO) with WordPress as IDP | Login into AWS using WordPress

AWS Single Sign On (SSO) with WordPress as IDP | Login into AWS using WordPress


AWS SAML Single Sign-On (SSO) with WordPress as SAML IdP. Login using WordPress Users (WP as SAML IDP) plugin gives you the ability to use your WordPress (WP) credentials to login into AWS (SP). Here we will go through a step-by-step guide to configure SSO between - AWS WordPress as SSO Login (Service Provider) and WordPress as IdP (Identity Provider).

Note: Premium Version of WP SAML IDP Plugin is required to set up SSO with AWS.

Pre-requisites: Download And Installation

To integrate the WordPress site as an Identity Provider, you will need to install the miniOrange Login using WordPress Users ( WP as SAML IDP ) plugin:

Guide to set up SAML Single Sign-On (SSO) in AWS with WordPress (WP)

1. Setup AWS as SP (Service Provider)

  • Go to the WordPress IDP plugin, navigate to the IDP Metadata tab.
  • Here, you can find the Identity Provider Metadata URL /XML Metadata or endpoints like IDP Entity ID, SAML Login URL, SAML Logout URL (Premium Feature), Certificate for SP configuration.

  • Configure SAML SSO in AWS (SP) with WordPress - AWS WordPress as SSO Login
  • Login to your Amazon Web Services (AWS) Console as an admin.
  • Click on Services Tab. Under Security, Identity & Compliances click on IAM (Identity and Access Management).
  • AWS WordPress as SSO Login - aws iam
  • From the left-hand side list, click on Identity Providers and then click on Create Provider button in the right section.

  • AWS WordPress as SSO Login - aws idp
  • In the Configure Provider, select SAML as Provider type from the drop-down list.
  • Enter any Provider Name (e.g miniOrange/WordPress).
  • Click on Choose File and choose the metadata file that you have already downloaded in Step 1, then click on Next Step.

  • aws create provider - AWS WordPress as SSO Login
  • In the next screen, you will be shown your entered provider information. Verify it and click on the Create button. The SAML Provider is created and it should be listed in the Provider table.

  • AWS WordPress as SSO Login - check provider name
  • Now click on Roles from the left-hand side list and then click on Create role button.
  • In the Create Role section, click on SAML 2.0 federation tab.
  • Under Choose SAML 2.0 Provider, select the SAML Provider that you have created previously i.e miniOrange.
  • AWS WordPress as SSO Login - aws create role
  • After that, choose Allow programmatic access only radio option.
  • Select SAML:aud option from the Attribute drop-down list.
  • Enter the value as https://signin.aws.amazon.com/saml.
  • Then, click on Next: Permissions button.
  • Check the Policy Name AmazonEC2ReadOnlyAccess and click on Next: Tags button.
  • AWS WordPress as SSO Login - choose policy name
  • Then, skip Step Add Tags (Optional) by clicking on Next: Preview button.
  • In the next step, enter Role name and click on Create Role button.
  • AWS WordPress as SSO Login - review role
  • Click on your created role name.
  • In the Summary section, click on the Trusted relationship tab and copy Role ARN and Trusted Entities value.
  • Keep the values with you in comma separated format. For example- [arn:aws:iam::656620318436:role/SSORole,arn:aws:iam::656620318436:saml-provider/miniOrange]
  • AWS WordPress as SSO Login - role settings

2. Configure WordPress (WP) as IdP (Identity Provider)

  • Go to WordPress IDP Plugin on the Dashboard and select Service Providers tab.
  • Enter the following information into the corresponding fields. Click on Save.
  • Service Provider Name AWS
    SP Entity ID or Issuer You can get the SP Entity ID or Issuer from the metadata (https://signin.aws.amazon.com/static/saml-metadata.xml). You will find the value in the first line against entityID. It is set to urn:amazon:webservices but may vary for non-US regions.
    ACS URL https://signin.aws.amazon.com/saml. This might vary for non-US regions in which case you would find it in metadata ( https://signin.aws.amazon.com/static/saml-metadata.xml)
    as Location attribute of AssertionConsumerService.
    NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Assertion Signed Check to sign the SAML Assertion.

    AWS WordPress as SSO Login - enter sp info

3. Attribute Mapping (This is a premium feature)

  • Select Attribute/Role Mapping. In the User Attributes section, enter the following information. Click Save.
    Name User Meta Data
    email user_email
  • AWS WordPress as SSO Login- wp attribute mapping

    In this Guide, you have successfully configured AWS SAML Single Sign-On (AWS SSO Login) choosing AWS as SP and WordPress as IdP using miniOrange plugin-Login using WordPress Users (WP as SAML IDP). This solution ensures that you are ready to roll out secure access to your WordPress (WP) site using AWS login credentials within minutes.

Additional Resources

Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Sign Up

Customer Reviews

See for yourself what our customers say about us.
 

Reviews

Extensive Setup Guides

Easy and precise step-by-step instructions and videos to help you configure within minutes.

Watch Demo

We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at

 +1 978 658 9387 (US) | +91 77966 99612 (India)   samlsupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com