Additional configuration for WordPress Okta Single Sign-On
Once the WordPress Okta SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.
1. Attribute Mapping
In the Service Provider Setup tab, after metadata exchange click on Test Connection.
After performing SSO, the default attributes will be sent from Okta and will be available for Attribute Mapping.
There are certain default attributes that are sent from the Okta side for every connection that are listed in the table.
Adding extra Attributes on the Okta Side:
Navigate to Directory tab in the left handside menu of Okta.Then click on People option.
Click on Add Person.
Then, Add the attributes in the form and click on the Save button.
now, click on the user you just created and navigate to the Profile tab to add the user attributes.
If you have not configured the options for which attributes to be sent to your SP, go back to the applications tab and select your application.
Under general tab, navigate to SAML settings section and click on Edit option.
Now, head to the Attribute Statements option and add Attribute Name (Okta would send the attribute values under this name) in the left-hand text field and the actual user attributes name on the right-hand text field.
In WordPress SAML plugin, go to Attribute/Role Mapping tab and fill up the following fields in Attribute Mapping section.
Select attributes from the dropdown, sent by Okta in order to map with the WordPress attributes.
Creating custom attributes for Okta user:
Go to profile editor under Directory in left-hand side menu.
In the Users section, click on User (default) profile option (Type : Okta) .
Click on Add Attribute. Click on save. Your custom attribute would be added to the user profile.
To edit the attribute value, head to the user in the People.
Under the Profile section, you will see the custom attribute added.
2. Custom Attribute Mapping
This feature allows you to create custom attributes that can be mapped with any of the attributes sent by the Okta. This is stored in user meta table in WordPress database.
To display this custom attribute in the users menu table in WordPress, enable the Display Attribute toggle.
3. Role Mapping
The Attribute Mapping section also provides mapping for fields named Group / Role.
This attribute will contain the role-related information sent by the Identity Provider (i.e, okta).
The roles are allocated to specific users on the bases of their Roles / Groups at the time of login.
The value of this attribute which is mapped to Group / Role will be considered in the Role Mapping section.
Values of selected Group / Roles of respective users can be placed in the input box of different default Roles which have to be assigned to the respective user.
For example, If you want a user whose Group / Role attribute value is SAML to be assigned as an Editor in WordPress, just provide the mapping as SAML in the Editor field of Role Mapping section.
Group Mapping in Okta :
In the admin console, go to Directory => Groups.
Click on Add group option and add your groups.
Assign people to your group.
In your application, add the Group Statement Attributes under the SAML settings section and save your settings. For e.g. the settings as below will display all the groups that user belongs to.
4. Single Logout
Copy the Single Logout URL from the Service Provider Metadata tab.
Download the certificate from Service Provider Metadata tab.
Now, navigate to your Okta application under SAML settings and click on Edit.
Then, click on the Show Advanced Settings.
Upload the downloaded SP certificate in the Signature Certificate field.
Check the Enable Single Logout checkbox (Allow application to initiate Single Logout).
Paste the copied Single Logout URL from the Service Provider Metadata tab in the Single Logout URL of Okta application.
Similarly, copy the SP-Entity ID / Issuer from the plugin and paste in the SP Issuer field here in the Okta App.
5. Signed SSO Requests
In the Service Provider Setup tab, enable the Sign SSO & SLO Requests toggle for performing Signed SSO and Single Logout Requests.
Now navigate to your Okta App, Under SAML settings click on Edit and go to the Show Advanced Settings option.
And, enable the Signed Requests checkbox.
Then, save your configured application.
Setting up additional configuration for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout along with SSO allows you to maximize efficiency and user identity management from your IDP to your WordPress site.
Why Our Customers choose miniOrange WordPress Single Sign-On (SSO) Solutions?
miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.