SSO Migration in Multiple Environments

During the creation of a new setup, the user usually tries to test the site without making it accessible to the public, which creates a need for multiple environments. The standard go-to technique would be the creation of three environments i.e. Development, Testing/Staging and Production.

Each environment has its own functionality as mentioned below:

• Development environment: This environment is where developers write and update code, manage commits and branches. It doesn't impact what users see and enables developers to test new features and updates before deploying them.
• Testing/Staging environment: This environment is where we make sure all minor and major problems are fixed before releasing them to the public (also called a pre-production environment). The version of the product here should look almost the same as the real product and match what users will see when it's in production.
• Production environment: This is the environment where the software or products go live for users to use. Once something is in production, all bugs must have been fixed, and the product or update must work perfectly.

Note: To use this feature, you need separate licenses for each place where you want to use the plugin.

Flow of Migration

Note: During Standard Migration, you can also migrate files from your database to the final environment from your initial environment.

Migration issues and their solution provided by us

In multiple environments, migration from one environment to another is a pretty common process, but usually, this process breaks the flow of information, especially in SSO.

While migration, SSO breaks due to the following reasons:

Reason 1: When users move from one environment to another, the old configurations get replaced, which can break the Single Sign-On (SSO) for that setup. Also, during migration, the Service Provider (SP) metadata changes, causing the SSO to break.

• For example, if a user has configured Okta as IDP on the development site, they would not be able to retain Okta’s configuration upon migration to the testing site.
• In this case, the configuration would need to be done again.

Solution: You can enable the Manage Multiple Environment feature in the plugin. This feature will allow you to save the configuration of multiple environments in the same environment. After migration, SSO configurations will be present in all the environments and the miniOrange SAML 2.0 SSO plugin will pick the SSO configuration based on the Fully Qualified Domain Name (FQDN) of the site. This function also allows the generation of SP Metadata in advance for the other environments which are used to configure the SP Metadata in the IDP.




Reason 2: Using the same license key for multiple environments.

• This is because each license is linked to the specified domain. If the user tries to use the same license key for multiple environments a conflict arises which results in the breaking of SSO.
• This means you need to purchase different licenses for each environment.

Solution: Multiple Environments require separate licenses where each environment has its own license key to avoid conflict between two or more environments. If you have separate license keys for each environment, then with the Enterprise Plan or All-Inclusive Plan migration in multiple environments will be seamless.
You will only need to provide license details in every environment after each push to the next environment.

Guide to Configure Multiple Environments in miniOrange SAML 2.0 SSO plugin:

Note: This is an Enterprise and All-Inclusive plan feature.

Pre-requisites: Download and Installation

To configure your SAML IDP with WordPress, you will need to install the miniOrange WP SAML SSO plugin:

SAML Single Sign On – SAML SSO Login

By miniOrange

(209)

WordPress Single Sign On SSO login with Azure, Azure B2C, Okta, ADFS, Keycloak, Salesforce, Ping, Onelogin, Gsuite, Shibboleth & many SAML IdPs [24/7 SUPPORT]

 Tested with 6.2

Download Free Plugin  Full Featured Trial

Watch this video to Migrate SSO setup in Multiple Environments

Step 1: Configure SAML SSO plugin with IDP Metadata

• Install and activate the miniOrange WordPress SAML SP SSO Enterprise/All-Inclusive plugin.
• After activating the plugin, in the left side tab panel click on Manage Multiple Environments tab.
• Activate the Enable Multiple Environments toggle.



• For adding a new Environment refer to the below steps:

1. Enter the Environment Name you want to add, for example: Staging.
2. Navigate to the Settings >> General from the sidebar of your WordPress site.
3. Copy the Site Address (URL) and paste it in the Site URL for the Environment field.
4. Click on Add Environment to add environments of your choice and click the Save button.

• This will add a new dropdown in the Service Provider Setup tab.
• After migrating, the plugin will automatically fetch the correct configuration for your current environment.
• Go to the initial environment from where you want to migrate the data and configure your SP with the desired IDP.
• Go to the Service Provider Setup tab and click on Upload IDP Metadata. You can either Upload your Metadata or Fetch the Metadata by providing the Metadata URL.
• Click on Save and Test configuration to check your SSO configuration.




Note: The Test Configuration works only for the current environment which has been configured by you with the IDP.

• Select the option from dropdown to change the environment and follow the steps again to set up the SAML 2.0 plugin in that environment.

Step 2: Clone the database in the first environment into the second environment

After cloning the first environment database in the second environment, the second environment retains the IDP configuration of the first environment.

Our WordPress SAML SSO Plugin supports integrations with a number of addons to extend the functionality of your site.
If you have any custom requirement, please contact us at samlsupport@xecurify.com and we will help to achieve your use case.

Additional Resources

• WP SAML Single Sign-On
• What is Single Sign-On (SSO)?
• What is SAML?
• Frequently Asked Questions (FAQs)