WordPress SAML SSO Paid Memberships Pro Membership Level Based Content Access Control

WordPress SAML SSO Paid Memberships Pro Membership Level Based Content Access Control


Imagine having to create new accounts for each and every site/application you visit and having to maintain the credentials for all of those. This is where Single Sign-On comes into play. SSO allows you to use a single set of login credentials (username and password) to log into several connected applications/websites, without having to explicitly log into every one of them. This especially comes in handy when you want to use different functionalities from different services, and offer various levels of these services to a variety of customers based on their membership levels.

Here, we will explore the work how WordPress SAML SSO plugin and miniOrange Paid Memberships Pro Integrator comes into play with a WordPress site and Paid Memberships Pro plugin (for memberships) to provide/restrict access to users on owner’s WordPress membership site based on the membership level assigned to them during SSO on the basis of their group in IDP.

Scenario

You have a WordPress membership site with content accessible only to its members. You want to not only provide Single Sign-On for your site but also a simpler way for your members to access your members-only content based on the user membership levels assigned to them during SSO on the basis of their IDP group. You also want to restrict access to the site content from unauthorized users.

Requirements

  1. Single Sign-On for a WordPress site: Single Sign-On into WordPress membership site for user authentication and accessing content. Once the user SSOs into the site, he/she will be able to access content based on their membership level.
  2. Group Mapping for Membership Assignment: Users will be assigned membership levels on the basis of the groups assigned to them in their IDP.

Components involved

  1. WordPress SAML SSO Plugin - The WordPress SAML SP plugin is used to authenticate users into the WordPress membership site. It provides features such as Membership Mapping, Support for Multiple IDPs configuration, Single Sign-On for Paid Memberships Pro users and so on.

  2. WordPress Single Sign On SSO login with Azure, Azure B2C, Okta, ADFS, Keycloak, Salesforce, Ping, Onelogin, Gsuite, Shibboleth & many SAML IDPs [24/7 SUPPORT]

     Tested with 5.9.1

  3. miniOrange Paid Memberships Pro Integrator - Paid Memberships Pro Integrator is used to assign membership levels to the users based on their IDP groups.

Solution

The WordPress SAML SSO Plugin enables secure authentication between WordPress and your IDP. It also provides Attribute and Role Mapping that allows mapping of user profiles from the Identity Provider (IDP) to WordPress (SP) and also provides the option to assign roles based on the user's group in the IDP.

When the user tries to access the WordPress site, the plugin generates a SAML request which is sent to the Identity Provider for which the user is automatically redirected to the IDP login page. Once the user logins into their IDP, a SAML response is generated by the IDP, authenticating the user into the WordPress site (SP) i.e. the user is redirected back to the WordPress site and logged into WordPress.

The Identity Provider contains pre-defined groups for each membership level in the WordPress Paid Memberships Pro site. During the process of authentication, the IDP sends the SAML response to WordPress which contains the attributes (including group information) of the user.

The miniOrange WordPress Paid Memberships Pro Integrator plugin then reads the group information from the SAML Response and allows you to map your users to particular Paid Memberships Pro membership levels when they perform the SSO.

Configuration with Multiple Identity Providers

Our WordPress SAML SSO Multiple IDP Plugin also allows configuration with multiple IDPs, which means you can configure multiple IDPs for SSO as well as assign Paid Membership Levels based on the user's IDP or the groups in their respective IDPs.

For a better understanding of this case, let’s take an example of a membership assignment for users from two different Identity Providers - Azure and Okta. Let’s say the users who SSO from Azure should be assigned the membership level 1, whereas the SSO users from Okta should be assigned the standard membership level 2.

This can be achieved by configuring both Azure and Okta as the IDPs in the WP SAML SSO Multiple IDP Plugin. Once the IDPs are set up for SSO, the default membership levels can be configured for the users of both the IDPs separately using the WordPress Paid Memberships Pro Integrator. i.e. in the integrator, you can specify the default membership level for Okta users and then a default membership level for Azure users.

Flow - WordPress Paid Memberships Pro Integration
  1. User tries to access the WordPress Paid MembershipPro site.
  2. User is redirected to the Identity Provider for authentication.
  3. User enters credentials on the IDP login page.
  4. After successful authentication, the user is redirected back to the WordPress site and is logged into the site.
  5. Users would be provisioned access to only the information limited to their subscription.

Conclusion

Our solution with the WordPress SAML SSO plugin ensures a seamless process to achieve synchronization with your Identity Provider to manage user membership levels, along with the additional advantage of convenient access for your users to your WordPress site.

Our WordPress SAML SSO Plugin supports further integrations with a number of add-ons to extend the functionality of your site.

If you have any custom requirements, please contact us at samlsupport@xecurify.com and we will help you achieve your use case.

Additional Resources

Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Sign Up

Customer Reviews

See for yourself what our customers say about us.
 

Reviews

Extensive Setup Guides

Easy and precise step-by-step instructions and videos to help you configure within minutes.

Watch Demo


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at

 +1 978 658 9387 (US) | +91 97178 45846 (India)   samlsupport@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com