Follow the Step-by-Step Guide given below for Wordpress Single Sign On (SSO) using Centrify as IdP

STEP 1: Configuring Centrify as IdP

• Log into Centrify as an Administrator and go to Apps from the NavBar. Click on Add Web Apps.
• In the pop-up, click on Custom tab and then click on the Add button next to SAML.



• In the new SAML App that you created under Application Settings section, enter Assertion Consumer Service URL as provided in the Step 1 of the plugin under Identity Provider tab



• Under User Access section, select roles that can access this app.
• Under Advanced section, pass the following parameters to the functions in the code:
  
  

  setAudience()
  setRecipient()
  setHttpDestination()
  setRelayState()

  NOTE: Please do NOT change any other function calls.
  
  
  
  
• Under Application Settings section, scroll down to Identity Provider Info. Keep this information handy for configuring the plugin.
• Click on Download Signing Certificate to download the Signing certificate.

STEP 2: Configuring Wordpress as SP

• In miniOrange SAML plugin, go to Service Provider tab and enter the following details:
  
  

  Identity Provider Name:	Centrify
  SAML Login URL:	Identity Provider Sign-in URL from Identity Provider Info in your Centrify SAML APP.
  IdP Entity ID or Issuer:	Issuer from Identity Provider Info in your Centrify SAML App
  X.509 Certificate:	Open the .cer certificate file in notepad and copy/paste the entire content of the file.
  Response Signed:	Checked
  Assertion Signed:	Unchecked

• In miniOrange SAML plugin, go to Attribute/RoleMapping tab. Enter the following values:
  
  

  Username:	Name of the username attribute from IdP (Keep NameID by default)
  Email:	Name of the email attribute from IdP (Keep NameID by default)
  FirstName:	Name of the firstname attribute from IdP
  LastName:	Name of the lastname attribute from IdP
  Group/Role:	Name of the Role attribute from IdP

  
  
  You can check the Test Configuration Results to get a better idea as to which values to map here.
• Under the Role Mapping section, configure which GROUP value coming in the SAML response needs to be mapped to which role in WordPress. The Group value coming in the SAML response will be mapped to the Role assigned here and the user will be assigned that role in WordPress.
  
  
  
  
• Go to SSO Login Settings tab. Enable auto-redirect to IDP using Redirect to IdP if user not logged in option.