Single Sign-On For iGrad Using WordPress


What Is iGrad?

iGrad is a web-platform which, seeing the lack of financial management prevalent in college students of USA, was created to provide tools to students assisting them in managing their money and helping them be as financially secure as possible. Serving over a million users, iGrad is one of the most popular applications for this purpose.

The Issue

Student accounts, issued by the university or school in which they are present, are mainly seen in the respective school's website. The school's website, if built with WordPress, is applicable to the following issue. The credentials needed for users to log in to iGrad are separate from the users' WordPress credentials, making the sign-in process inconvenient for iGrad members. The iGrad API does contain a provision for users who want to log in using a link from various other applications. However, WordPress is limited in its capacity to do this because it does not have an adequate integration set up, to handle Single Sign-On and for iGrad and WordPress to sync.

The Solution

miniOrange has created the "WordPress IDP Plugin", a tool that solves the presented challenge. It can be used as a connector to integrate WordPress and iGrad, so that users are able to easily log in to iGrad, while only using their WordPress credentials.


Steps To Configure WordPress IDP Plugin

  • You will need to upload the IDP metadata or provide certain IDP information in iGrad. This information can be copied from the Service Provider tab, available in the plugin. It includes the following information:
  • Service Provider Name Choose an appropriate name
    SP Entity ID or Issuer Entity ID
    ACS URL Assertion Consumer Service URL.
    X.509 Certificate (optional) [For Signed Request] Paste the certificate value which can be copied from the iGrad metadata file.
    NameID Format Select: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
    Response Signed Unchecked.
    Assertion Signed Checked.
    Encrypted Assertion Unchecked.



  • Obtain the Issuer (Entity ID) and the ACS URL. If your SP is configured for signed requests then you will need to provide the certificate in the plugin, as well. Obtain these from the metadata of iGrad.

  • You will need to configure the user attributes which are to be sent in the SAML response. This is required for users to log in to iGrad. You can do this under the Attribute/Role Mapping tab in the plugin.

  • The SAML response created by the respective school's WordPress site includes student data as SAML attributes. Both the required attributes and the recommended attributes are listed below.

    • Required Attributes:

    • SAML Attribute Name Details
      CoBrand Must match the cobrand designation of the site's URL
      SchoolEmail The primary email on file, and is not required to be school issued. Must be in standard email format: username@host.domain
      FirstName Send in proper type, first letter capitalized, not all caps or all lower case
      LastName Send in proper type, first letter capitalized, not all caps or all lower case
      UserType 1=student, 2=staff
      SchoolName Distinguishes different school campus names. If there is just one campus, then set this to the school name
    • Recommended Attributes:

    • SAML Attribute NameDetails
      StudentID No Format restrictions.
      SchoolState 2 digit state code
      DateOfBirth MM/DD/YYYY
      Gender Male or Female
      AlternateEmail Must be in standard email format: username@host.domain
      PhoneNumber Any format
      AddressLine1
      AddressLine2
      City Distinguishes different school campus names. If there is just one campus, then set this to the school name
      State 2 digit state code
      ZipValid zip code
      GradeLevelFreshman, Sophomore, Junior, Senior, Graduate
      Major
      CustomFilter1
      CustomFilter2
      CustomFilter3
      TargetURL The final landing page on the iGrad site (e.g. /articles/) would take the student to www.igrad.com/articles after SSO integration.
  • Configure the plugin to send relevant user details. Please Note: The name you provide in the plugin for each attribute must match the name being asked in the plugin dashboard.

We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.
Please call us at +1978 658 9387 or email us at info@miniorange.com