Search Results :

×


WordPress Google/GSuite SSO Configuration for Role/Group Mapping, SLO, and more


Once the WordPress Gsuite SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.

Configure the attribute release statements from the Google admin dashboard

  • First login to your G Suite Administrator account using this link https://admin.google.com .
  • Navigate to the Apps section from the left menu and click on Web and mobile apps.
  • Go to your Configured SAML application. (For ex: WordPress).
  • Click on Configured SAML attribute mapping.
WP Google/GSuite SSO Extra Configurations | Configured SAML App

  • Now click on the ADD MAPPING button and select the attributes that you want to send from G-Suite to the WordPress site
WP Google/GSuite SSO Extra Configurations | Click on ADD Mapping

  • Map your Google Directory attributes with your App attributes and click on Save.
WP Google/GSuite SSO Extra Configurations | Map google directory attributes

  • The app attribute configured here will be used for attribute mapping on the Service Provider side.

Configure the Attribute mapping in the WordPress SAML SSO plugin

  • Go to the Service Provider Setup tab of the plugin and perform the Test Configuration.
  • Now go to the Attribute/Role Mapping tab of the plugin.
  • Here, you can see a list of attributes received from G-Suite.
WP Google/GSuite SSO Extra Configurations | List of attributes

  • You can use this section to map the IDP attributes to the WordPress user profile fields as shown above.

Configure the Group membership from the Google admin dashboard

  • Go to SAML attribute mapping for your application on the Google admin dashboard and add a Group membership as shown below.
WP Google/GSuite SSO Extra Configurations | Add Group membership

  • Map your Google groups with App attributes and click on Save.
  • The app attribute you configured will be used for role mapping on the Service Provider side.

Map the Group attribute in the WordPress SAML SSO plugin

  • Go to the Service Provider Setup tab of the plugin and perform the Test Configuration.
  • Now go to the Attribute/Role Mapping tab of the plugin.
WP Google/GSuite SSO Extra Configurations | Perform Test configuration

  • Here you can see a list of attributes received from G-Suite.
  • From the Attribute Mapping section of the plugin, provide a mapping for the field named Group/Role. This attribute will contain the role-related information sent by the IDP and will be used for Role Mapping.

Configure the Role Mapping in the WordPress SAML SSO plugin

  • Navigate to the role mapping section and provide the mappings for the highlighted roles.
WP Google/GSuite SSO Extra Configurations | Navigate to Role Mapping section

  • As per the above configuration, any user belonging to the test group in Google will be assigned the Editor role in WordPress after they perform SSO.
  • Finally, click on the Save button.

Configure the Custom Attribute mapping in the G-Suite

  • To add a Custom Attribute, Go to Directory => Users from the Google admin dashboard. Now click on More options and select Manage Custom attributes.
WP Google/GSuite SSO Extra Configurations | Navigate to directory tab

  • Click on ADD CUSTOM ATTRIBUTE option in the upper right corner.
WP Google/GSuite SSO Extra Configurations | Add custom Attribute

  • Add your custom fields (Category, Description, Custom Fields choose the visibility and no. of values) and click on ADD.
WP Google/GSuite SSO Extra Configurations | Map Google directory

  • To map your custom attribute, go back to your configured SAML application, click the SAML attribute mapping section, and click on ADD MAPPING.
  • Now map your Google Directory attribute (in this case Department) to the App attribute (department) and click on SAVE.
WP Google/GSuite SSO Extra Configurations | Map Google directory

Configure the Custom Attribute mapping in the WordPress SAML SSO plugin

  • Navigate back to the Service Provider Setup tab of the plugin and perform the Test Configuration.
  • Now go to the Attribute/Role Mapping tab of the plugin.
WP Google/GSuite SSO Extra Configurations | Perform Test configuration

  • Here you can see a list of attributes received from G-Suite.
  • You can also use this section to map the IDP attributes to the WordPress user profile fields.
  • To display your attributes in Users of WordPress, configure the custom attribute name and attribute name from IDP and on the toggle Display Attribute.
  • Go to Service Provider Setup Tab and provide the https://accounts.google.com/LogoutURL in the SAML Logout URL field and click on Save.
WP Google/GSuite SSO Extra Configurations | Single Logout

Let us know at samlsupport@xecurify.com if you have any concerns or other questions. We will be happy to help you.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support