WordPress Google/GSuite SSO Configuration for Role/Group Mapping, SLO, and more

Overview

Once the WordPress Gsuite SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.

1. Attribute Mapping

Configure the attribute release statements from the Google admin dashboard

• First login to your G Suite Administrator account using this link https://admin.google.com .
• Navigate to the Apps section from the left menu and click on Web and mobile apps.
• Go to your Configured SAML application. (For ex: WordPress).
• Click on Configured SAML attribute mapping.

• Now click on the ADD MAPPING button and select the attributes that you want to send from G-Suite to the WordPress site

• Map your Google Directory attributes with your App attributes and click on Save.

• The app attribute configured here will be used for attribute mapping on the Service Provider side.

Configure the Attribute mapping in the WordPress SAML SSO plugin

• Go to the Service Provider Setup tab of the plugin and perform the Test Configuration.
• Now go to the Attribute/Role Mapping tab of the plugin.
• Here, you can see a list of attributes received from G-Suite.

• You can use this section to map the IDP attributes to the WordPress user profile fields as shown above.

2. Group Attribute Mapping

Configure the Group membership from the Google admin dashboard

• Go to SAML attribute mapping for your application on the Google admin dashboard and add a Group membership as shown below.

• Map your Google groups with App attributes and click on Save.
• The app attribute you configured will be used for role mapping on the Service Provider side.

Map the Group attribute in the WordPress SAML SSO plugin

• Go to the Service Provider Setup tab of the plugin and perform the Test Configuration.
• Now go to the Attribute/Role Mapping tab of the plugin.

• Here you can see a list of attributes received from G-Suite.
• From the Attribute Mapping section of the plugin, provide a mapping for the field named Group/Role. This attribute will contain the role-related information sent by the IDP and will be used for Role Mapping.

3. Role Mapping

Configure the Role Mapping in the WordPress SAML SSO plugin

• Navigate to the role mapping section and provide the mappings for the highlighted roles.

• As per the above configuration, any user belonging to the test group in Google will be assigned the Editor role in WordPress after they perform SSO.
• Finally, click on the Save button.

4. Custom Attribute Mapping

Configure the Custom Attribute mapping in the G-Suite

• To add a Custom Attribute, Go to Directory => Users from the Google admin dashboard. Now click on More options and select Manage Custom attributes.

• Click on ADD CUSTOM ATTRIBUTE option in the upper right corner.

• Add your custom fields (Category, Description, Custom Fields choose the visibility and no. of values) and click on ADD.

• To map your custom attribute, go back to your configured SAML application, click the SAML attribute mapping section, and click on ADD MAPPING.
• Now map your Google Directory attribute (in this case Department) to the App attribute (department) and click on SAVE.

Configure the Custom Attribute mapping in the WordPress SAML SSO plugin

• Navigate back to the Service Provider Setup tab of the plugin and perform the Test Configuration.
• Now go to the Attribute/Role Mapping tab of the plugin.

• Here you can see a list of attributes received from G-Suite.
• You can also use this section to map the IDP attributes to the WordPress user profile fields.
• To display your attributes in Users of WordPress, configure the custom attribute name and attribute name from IDP and on the toggle Display Attribute.

5. Signed SSO Requests

• Go to Service Provider Setup Tab and provide the https://accounts.google.com/LogoutURL in the SAML Logout URL field and click on Save.

Let us know at samlsupport@xecurify.com if you have any concerns or other questions. We will be happy to help you.