WordPress Single Sign-On (SSO) Multisite plugin allows you to configure Single Sign-On (SSO) for WordPress Multisite environment enabling SSO/login using one set of login credentials. You can connect your SAML Identity Provider with all the subsites present under the multisite network and control the SSO flow as well as the rest of the features like Attribute Mapping, Role Mapping, etc in the plugin for all the subsites from the Network level.

What is WordPress Multisite ?

• WordPress allows you to create a network of sites where all the sites (often known as subsites) will be connected to the same database and share the same WordPress core files, theme.
• It is a type of WordPress installation that allows you to create and manage a network of multiple websites from a single WordPress dashboard. This lets you easily make changes and keep all of your websites updated from one place.

Setup Multisite network in either of the three formats

 Subdirectory multisite network :

In this type of network, the URL of the subsites follow a subdirectory path structure.

For example, if the URL of your main site is abc.com, the subsites will be in the form abc.com/site1, abc.com/site2, etc.

 Subdomain multisite network:

In this network, each subsite will have an individual subdomain on your main domain.

For example, if the URL of your main site is abc.com, the subsites will be in the form site1.abc.com, site2.abc.com, etc.

 Custom domain multisite network:

Apart from the above two structures, WordPress also supports creating totally independent custom domains for each of the subsites.

For example, if the URL of your main site is abc.com, the subsite can be in the form: site1.com, site2.com, xyz.com, etc.

miniOrange WordPress Multisite SSO plugin allows you to enable SSO in any of the above-mentioned multisite networks, allowing your users to log into the multisite network and individual sites by authenticating via your Identity Provider.

Benefits of WordPress Multisite Network

• WordPress multisite networks are a great option for those wanting to manage separate websites from one central dashboard. Multisite networks are used by corporations, schools, universities, news outlets, online businesses, and more.
• You can even create your own blogging platform (network of blogs) on a single multisite installation.

How WordPress SAML SSO plugin works with Multisite?

In the Multisite Network, install the WordPress SAML 2.0 Single Sign-On (SSO) plugin and activate it. Configure the plugin with the required Identity Provider. Once the plugin is successfully configured, SSO will be enabled for all the subsites in that network. Without Multisite support, you have to configure the WordPress SAML 2.0 Single Sign-On (SSO) Plugin on each site separately, add IdP configuration on each site individually and add Service Provider configuration for each site in the IDP.

For Example:  If you have 1 main site with 3 subsites. Then, you have to configure the plugin 3 times on each site, add idp configuration 3 times as well as 3 service provider configurations in your IDP.

With Multi-Site plugin, you have to configure the plugin only once on the network level as well as only 1 Service Provider configuration in the IDP.

WordPress multisite SSO plugin allows you to connect all your subsites with one Identity Provider. There is also an option in the WordPress Multisite SAML SSO plugin where you can enable the SSO for only selected subsites in that network.

Pre-requisites : WordPress SAML SSO Plugin

We recommend our miniOrange WordPress SAML Single Sign On - SSO plugin for WordPress Multisite Single Sign-On (SSO).

Get a Free Trial Now or Contact Us for more information.

How to configure the SAML SSO plugin for WordPress Multisite SSO?

The WordPress SAML SSO multisite plugin only needs to be configured once at the Network level. You do not need to configure the plugin individually in each subsite’s dashboard. This allows your users to log into the subsites by authenticating via the Identity Provider that you have configured in the plugin at the Network level. With this, you will also have granular control over the SSO configuration and Attribute/Role mapping for each subsite.

• You can configure the WordPress SAML Single Sign-On plugin with your IdP at the network level by uploading the IdP metadata once under the ‘Service Provider Setup’ tab of the plugin’.

• The plugin will provide the SP metadata which is given under ‘Service Provider Metadata’ tab. Use this metadata to configure the Identity Provider.
• You get an option to enable or disable SSO for any of the subsites from the Network admin dashboard. Thus, when a new subsite is added, we can have its SSO enabled by default so that the admins don't need to manually enable it. The other SSO settings can be applied to individual subsites that you can select or the Default settings can be applied to all sites.

• You have a granular control for assigning the roles to users under different subsites by enabling ‘Role Mapping’ for all sites at once or enabling it for individual sites. This allows you to restrict which group of users will have access to which subsite.
• Apply Role Mapping for all sites : This will apply the same role mapping settings to all the sites in your network.
• Apply Role Mapping for individual sites : This will apply role mapping to the individual site that you choose to configure.

• Our plugin allows you to control which subsites the user will get created upon Single Sign-on.

Different WordPress Multisite SSO

  Case 1: A university website has subsites (i.e medical, law, and engineering) each with its own set of students. When doing Single Sign-On using their IDP credentials, students of each subsite should be able to access their separate subsites exclusively based on their education through the main website. In this instance, the users from each subsite should not be able to access the subsite to which they do not belong.
Solution Provided:

• Each university subsite has its own designated set of students based on their education. Students group based on their education is already present in the IDP. When the student tries to SSO into any subsite, they will be redirected to their IDP login page to authenticate themselves.
• After the successful login, WordPress SAML SSO - Multisite plugin would check the groups recieved from the Identity Provider and then enable the students to access their respective subsites with a restriction of access to any other subsite other than the ones they are associated with.


  Case 2: An ecommerce website has several subsites (i.e pantry, shopping, kindle). The sole requirement is that customers should be able to authenticate into the main site via their external Identity Provider and have seamless SSO into any of the ecommerce network's subsites. Once the customer authenticates into the main site, they will be able to access any of the subsites without having to authenticate themselves for each one.
Solution Provided:

• When the customer tries to login into the ecommerce portal for SSO into any of its subsites, he or she is forwarded to the external IDP login screen for authentication.
• Customers can used their IDP credentials for authentication.
• Following a successful login, the WordPress SAML SSO - Multisite plugin would allow the session sharing into any of the subsites, removing the requirement for separate authentication for each subsite.

 Case 3: In this scenario, three separate multisite networks are linked to an external Identity Provider. When a user logs into one of the sites, he or she should be able to log into the other sites as well. When a user creates a session on one site, a session should be established in the other two sites, allowing them to access those sites without having to re-authenticate with the IDP.
Solution Provided:

• WordPress SAML SSO - Multisite plugin is configured in all three multisite networks. When a user attempts to SSO into one of these sites, he or she is forwarded to the IDP login page for authentication.
• When he or she is authenticated, a session is created on the website that he or she is attempting to visit.
• The WordPress SAML SSO - Multisite plugin is set up in such a way that when a user authenticates into one of the websites, they are also authenticated for the other two sites, i.e. a user session is formed whenever the user attempts to access either of the two sites.

Additional Resources

• What is Multisite ? How to create a WordPress Multisite network?
• WordPress SSO for Educational Institutions
• A complete guide to WordPress Multisite
• WordPress Multisite Overview

If you are looking for anything which you cannot find, please drop us an email on samlsupport@xecurify.com