WordPress Single Sign On (SSO) using Okta as IdP

Okta Single Sign On (SSO) For Wordpress miniOrange provides a ready to use solution for Wordpress. This solution ensures that you are ready to roll out secure access to your Wordpress site using Okta within minutes.

Step 1: Configuring Okta as IdP

  • Log into Okta Admin Console.
  • Navigate to the Application and click on the Add Application
  • Click on the SAML 2.0.
  • In General Settings, enter App Name and click on Next.
  • In SAML Settings, enter the following:
  • Single Sign On URL ACS (AssertionConsumerService) URL from Step1 of the plugin under Configure IDP Tab.
    Audience URI(SP Entity ID) SP-EntityID / Issuer from Step1 of the plugin under Configure IDPTab.
    Default Relay State Default Relay State from Step1 of the plugin under Configure IDP Tab.
    Name ID Format EmailAddress
    Application Username Okta username.
  • Configure Attribute Statements and Group Attribute Statement(Optional).

Step 2: Assigning Groups/People

  • After creating and configuring the app go to the Assignment Tab in Okta.
  • Here we select the peoples and groups you want to give access to login through this app. Assign this to the people/group you would to give access to.
  • After assigning the people/groups to your app go to Sign On tab.
  • Click on view setup instructions to get the SAML Login URL (Single Sign on URL), Single Logout URL, IDP Entity ID and X.509 Certificate.

Step 3: Configuring Wordpress as SP

  • In miniOrange SAML plugin, go to Service Provider tab. There are two ways to configure the plugin:
    •  By Uploading Okta Metadata :

      • Click on Upload IDP Metadata.
      • Enter Identity Provider Name.
      • Upload metadata file and click on Upload.

       Manual Configuration :

      • Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) and save it.
      Identity Provider Name For Example:Miniorange
      IdP Entity ID or Issuer https://auth.miniorange.com/moas
      SAML Login URL https://auth.miniorange.com/moas/idp/samlsso
      X.509 Certificate X.509 certificate is enclosed in X509Certificate tag in IdP-Metadata XML file. (parent tag: KeyDescriptor use="signing")