Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Azure AD Single Sign On (SSO) for Wordpress
miniOrange provides a ready to use solution for Wordpress. This solution ensures that you are ready to roll out secure access to your Wordpress site using Azure AD within minutes.

Follow the Step-by-Step Guide for Wordpress Single Sign On (SSO) using Azure AD as IdP


You can configure the application in Azure AD by following any of the one way listed below.


STEP 1: Configuring Azure AD as IdP

  • Navigate to Azure AD portal http://portal.azure.com. Proceed to Azure Active Directory and click on App Registrations.
  • Click on New Application Registration and then select Application you’re developing.


  • Assign a Name and choose the account type.


  • In the Redirect URI field, enter the ACS URL provided in Service Provider Metadata tab of the plugin and click on Register button.


  • Now, navigate to Expose an API menu option and Click the Set button for APPLICATION ID URI.


  • Here, enter the SP Entity ID value from the Service Provider Metadata tab of the plugin and click on Save button.


STEP 2: Configure Application

  • Click on Azure Active Directory Tab display on the leftside of Dashboard.
  • Click on Endpoints on App Registration window and copy Federation Metadata Document endpoint (will be used in step 3).


  • You can also save the metadata document by going to this endpoint.


STEP 3: Configuring Wordpress as SP

In miniOrange SAML plugin, go to Service Provider tab. There are three ways to configure the plugin:

  • By Azure AD Metadata URL :  
    • Click on Upload IDP Metadata.
    • Enter Identity Provider Name.
    • Enter Metadata URL (copied in step 2) and click on Fetch Metadata.
  • By Uploading Azure AD Metadata :  
    • Click on Upload IDP Metadata.
    • Enter Identity Provider Name.
    • Upload metadata file and click on Upload.
  • Manual Configuration :
    • Copy SAML Entity ID, SAML Single-Sign-On Endpoint URL and X.509 certificate from Federation Metadata document and paste it in IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate fields respectively in the plugin.
  • Identity Provider Name For Example:Azure AD
    IdP Entity ID or Issuer SAML Entity ID in the Federation Metadata document
    SAML Login URL SAML Single-Sign-On Endpoint URL in the Federation Metadata document
    X.509 Certificate X.509 certificate is enclosed in X509Certificate tag in Federation Metadata document XML file. (parent tag: KeyDescriptor use="signing")

STEP 1: Configuring Azure AD as IdP

  • Navigate to Azure AD portal http://portal.azure.com. Proceed to the Active Directory tab and navigate to the Enterprise Applications tab


  • Click on New Application


  • Click on Non-gallery application section and enter the name for your app and click on Add button.


STEP 2: Configure Application

  • Single Sign On Configuration
    • Click on Single sign-on from the application's left hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.


    • Enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Identity Provider tab of the plugin.


    • By default following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the Attributes tab.


    • Copy App Federation Metadata Url (will be used in step 3).


  • Assign users and groups to your SAML application
    • As a security control, Azure AD will not issue a token allowing a user to sign into the application unless Azure AD has granted access to the user. Users may be granted access directly, or through a group membership.
    • Click on User and groups from the applications left hand navigation menu. The next screen persents the options for assigning the users/groups to the application.


STEP 3: Configuring Wordpress as SP

In miniOrange SAML plugin, go to Service Provider tab. There are three ways to configure the plugin:

  • By Azure AD Metadata URL :  
    • Click on Upload IDP Metadata.
    • Enter Identity Provider Name.
    • Enter Metadata URL (copied in step 2) and click on Fetch Metadata.
  • By Uploading Azure AD Metadata :  
    • Click on Upload IDP Metadata.
    • Enter Identity Provider Name.
    • Upload metadata file and click on Upload.
  • Manual Configuration :
    • Click on Configure Test to see the application's SAML documentation.


    • Copy SAML Entity ID,SAML Single Sign On Service URL and SAML Signing Certificate from applications SAML documentation and paste it in IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate fields respectively in the plugin.


  • Identity Provider Name For Example:Azure AD
    IdP Entity ID or Issuer SAML Entity ID
    SAML Login URL SAML Single Sign On Service URL
    X.509 Certificate SAML Signing Certificate

STEP 4: Attribute Mapping

STEP 5: Role mapping (It is Optional to fill this).

STEP 6: Sign In Setting


We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com