Azure AD Single Sign On (SSO) for Wordpress
miniOrange provides a ready to use solution for Wordpress. This solution ensures that you are ready to roll out secure access to your Wordpress site using Azure AD within minutes.

Follow the Step-by-Step Guide for Wordpress Single Sign On (SSO) using Azure AD as IdP


You can configure the application in Azure AD by following any of the one way listed below.


STEP 1: Configuring Azure AD as IdP

  • Navigate to Azure AD portal http://portal.azure.com. Proceed to Azure Active Directory and click on App Registrations.
  • Click on New Application Registration and then select Application you’re developing.


  • Assign a Name and Sign-on URL to application.Sign-on URL will be ACS URL provided in Identity Provider tab of the plugin. Select Web app/API as Application type.


  • You’ll see the app on App Registration window. Click on Settings option which will open Settings window and go to Properties section under this window.


  • Here change APP ID URI value with the SP-Enity ID value provided in Identity Provider tab of the plugin and save.


STEP 2: Configure Application

  • Click on Azure Active Directory Tab display on the leftside of Dashboard.
  • Click on Endpoints on App Registration window and copy Federation Metadata Document endpoint (will be used in step 3).


  • You can also save the metadata document by going to this endpoint.


STEP 3: Configuring Wordpress as SP

In miniOrange SAML plugin, go to Service Provider tab. There are three ways to configure the plugin:

  • By Azure AD Metadata URL :  
    • Click on Upload IDP Metadata.
    • Enter Identity Provider Name.
    • Enter Metadata URL (copied in step 2) and click on Fetch Metadata.
  • By Uploading Azure AD Metadata :  
    • Click on Upload IDP Metadata.
    • Enter Identity Provider Name.
    • Upload metadata file and click on Upload.
  • Manual Configuration :
    • Copy SAML Entity ID, SAML Single-Sign-On Endpoint URL and X.509 certificate from Federation Metadata document and paste it in IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate fields respectively in the plugin.
  • Identity Provider Name For Example:Azure AD
    IdP Entity ID or Issuer SAML Entity ID in the Federation Metadata document
    SAML Login URL SAML Single-Sign-On Endpoint URL in the Federation Metadata document
    X.509 Certificate X.509 certificate is enclosed in X509Certificate tag in Federation Metadata document XML file. (parent tag: KeyDescriptor use="signing")

STEP 1: Configuring Azure AD as IdP

  • Navigate to Azure AD portal http://portal.azure.com. Proceed to the Active Directory tab and navigate to the Enterprise Applications tab


  • Click on New Application


  • Click on Non-gallery application section and enter the name for your app and click on Add button.


STEP 2: Configure Application

  • Single Sign On Configuration
    • Click on Single sign-on from the application's left hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.


    • Enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Identity Provider tab of the plugin.


    • By default following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the Attributes tab.


    • Copy App Federation Metadata Url (will be used in step 3).


  • Assign users and groups to your SAML application
    • As a security control, Azure AD will not issue a token allowing a user to sign into the application unless Azure AD has granted access to the user. Users may be granted access directly, or through a group membership.
    • Click on User and groups from the applications left hand navigation menu. The next screen persents the options for assigning the users/groups to the application.


STEP 3: Configuring Wordpress as SP

In miniOrange SAML plugin, go to Service Provider tab. There are three ways to configure the plugin:

  • By Azure AD Metadata URL :  
    • Click on Upload IDP Metadata.
    • Enter Identity Provider Name.
    • Enter Metadata URL (copied in step 2) and click on Fetch Metadata.
  • By Uploading Azure AD Metadata :  
    • Click on Upload IDP Metadata.
    • Enter Identity Provider Name.
    • Upload metadata file and click on Upload.
  • Manual Configuration :
    • Click on Configure Test to see the application's SAML documentation.


    • Copy SAML Entity ID,SAML Single Sign On Service URL and SAML Signing Certificate from applications SAML documentation and paste it in IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate fields respectively in the plugin.


  • Identity Provider Name For Example:Azure AD
    IdP Entity ID or Issuer SAML Entity ID
    SAML Login URL SAML Single Sign On Service URL
    X.509 Certificate SAML Signing Certificate

STEP 4: Attribute Mapping

STEP 5: Role mapping (It is Optional to fill this).

STEP 6: Sign In Setting


Business trial for free

If you don't find what you are looking for, please contact us at info@miniorange.com or call us at +1 978 658 9387.