Search Results :

×

Additional configuration for WordPress Okta Single Sign-On


Once the WordPress Okta SSO has been configured, you can proceed with some additional configuration steps to make the most out of WP Single Sign-On. This includes steps for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout, and more.

1. Attribute Mapping

  • In the Service Provider Setup tab, after metadata exchange click on Test Connection.
  • After performing SSO, the default attributes will be sent from Okta and will be available for Attribute Mapping.
  • There are certain default attributes that are sent from the Okta side for every connection that are listed in the table.

  • Attribute Mapping | WP Okta SSO configuration

Adding extra Attributes on the Okta Side:

  • Navigate to Directory tab in the left handside menu of Okta.Then click on People option.
  • Attribute Mapping | WP Okta SSO configuration
  • Click on Add Person.
  • Attribute Mapping | WP Okta SSO configuration
  • Then, Add the attributes in the form and click on the Save button.
  • Attribute Mapping | WP Okta SSO configuration
  • now, click on the user you just created and navigate to the Profile tab to add the user attributes.
  • Attribute Mapping | WP Okta SSO configuration
  • If you have not configured the options for which attributes to be sent to your SP, go back to the applications tab and select your application.
  • Under general tab, navigate to SAML settings section and click on Edit option.
  • Now, head to the Attribute Statements option and add Attribute Name (Okta would send the attribute values under this name) in the left-hand text field and the actual user attributes name on the right-hand text field.
  • Attribute Mapping | WP Okta SSO configuration
  • In WordPress SAML plugin, go to Attribute/Role Mapping tab and fill up the following fields in Attribute Mapping section.
  • Select attributes from the dropdown, sent by Okta in order to map with the WordPress attributes.
  • Attribute Mapping | WP Okta SSO configuration

Creating custom attributes for Okta user:

  • Go to profile editor under Directory in left-hand side menu.
  • Attribute Mapping | WP Okta SSO configuration
  • In the Users section, click on User (default) profile option (Type : Okta) .
  • Attribute Mapping | WP Okta SSO configuration
    Attribute Mapping | WP Okta SSO configuration
  • Click on Add Attribute. Click on save. Your custom attribute would be added to the user profile.
  • Attribute Mapping | WP Okta SSO configuration
  • To edit the attribute value, head to the user in the People.
  • Under the Profile section, you will see the custom attribute added.
  • Attribute Mapping | WP Okta SSO configuration

2. Custom Attribute Mapping

  • This feature allows you to create custom attributes that can be mapped with any of the attributes sent by the Okta. This is stored in user meta table in WordPress database.
  • To display this custom attribute in the users menu table in WordPress, enable the Display Attribute toggle.
  • Attribute Mapping | WP Okta SSO configuration

3. Role Mapping

  • The Attribute Mapping section also provides mapping for fields named Group / Role.
  • This attribute will contain the role-related information sent by the Identity Provider (i.e, okta).
  • The roles are allocated to specific users on the bases of their Roles / Groups at the time of login.
  • The value of this attribute which is mapped to Group / Role will be considered in the Role Mapping section.

  • Role Mapping | WP Salesforce SSO configuration
  • Values of selected Group / Roles of respective users can be placed in the input box of different default Roles which have to be assigned to the respective user.

  • Role Mapping | WP Salesforce SSO configuration
  • For Example:
    1. For example, If you want a user whose Group / Role attribute value is SAML to be assigned as an Editor in WordPress, just provide the mapping as SAML in the Editor field of Role Mapping section.
    2. Attribute Mapping | WP Okta SSO configuration

Group Mapping in Okta :

  • In the admin console, go to Directory => Groups.
  • Click on Add group option and add your groups.
  • Attribute Mapping | WP Okta SSO configuration
    Attribute Mapping | WP Okta SSO configuration
  • Assign people to your group.
  • In your application, add the Group Statement Attributes under the SAML settings section and save your settings. For e.g. the settings as below will display all the groups that user belongs to.
  • Attribute Mapping | WP Okta SSO configuration
    Attribute Mapping | WP Okta SSO configuration

4. Single Logout

  • Copy the Single Logout URL from the Service Provider Metadata tab.
  • Attribute Mapping | WP Okta SSO configuration
  • Download the certificate from Service Provider Metadata tab.
  • Attribute Mapping | WP Okta SSO configuration
  • Now, navigate to your Okta application under SAML settings and click on Edit.
  • Then, click on the Show Advanced Settings.
  • Attribute Mapping | WP Okta SSO configuration
  • Upload the downloaded SP certificate in the Signature Certificate field.
  • Check the Enable Single Logout checkbox (Allow application to initiate Single Logout).
  • Attribute Mapping | WP Okta SSO configuration
  • Paste the copied Single Logout URL from the Service Provider Metadata tab in the Single Logout URL of Okta application.
  • Similarly, copy the SP-Entity ID / Issuer from the plugin and paste in the SP Issuer field here in the Okta App.

5. Signed SSO Requests

  • In the Service Provider Setup tab, enable the Sign SSO & SLO Requests toggle for performing Signed SSO and Single Logout Requests.

  • Signed SSO Requests | WP Okta SSO configuration
  • Now navigate to your Okta App, Under SAML settings click on Edit and go to the Show Advanced Settings option.
  • And, enable the Signed Requests checkbox.
  • Signed Request plugin | WP Okta SSO configuration
  • Then, save your configured application.

Conclusion

Setting up additional configuration for Advanced & Custom Attribute Mapping, Group & Role Mapping, Single Logout along with SSO allows you to maximize efficiency and user identity management from your IDP to your WordPress site.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com