Follow the Step-by-Step Guide for Wordpress Single Sign On (SSO) using Okta as IdP
STEP 1: Configuring Okta as IdP
- Log into Okta Admin Console.
- Navigate to the Application and click on the Add Application
- Click on the SAML 2.0.
- In General Settings, enter App Name and click on Next.
- In SAML Settings, enter the following:
| Single Sign On URL
|| ACS (AssertionConsumerService) URL from Step1 of the plugin under Configure IDP Tab.
|| Audience URI(SP Entity ID)
|| SP-EntityID / Issuer from Step1 of the plugin under Configure IDPTab.
| Default Relay State
|| Default Relay State from Step1 of the plugin under Configure IDP Tab.
| Name ID Format
| Application Username
|| Okta username.
- Configure Attribute Statements and Group Attribute Statement(Optional).
STEP 2: Assigning Groups/People
- After creating and configuring the app go to the Assignment Tab in Okta.
- Here we select the peoples and groups you want to give access to login through this app. Assign this to
the people/group you would to give access to.
- After assigning the people/groups to your app go to Sign On tab.
- Click on view setup instructions to get the SAML Login URL (Single Sign on URL), Single Logout URL,
IDP Entity ID and X.509 Certificate.
STEP 3: Configuring Wordpress as SP
- In miniOrange SAML plugin, go to Service Provider tab. There are two ways to configure the plugin:
- By Uploading Okta Metadata :
- Click on Upload IDP Metadata.
- Enter Identity Provider Name.
- Upload metadata file and click on Upload.
- Manual Configuration :
- Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) and save it.
|Identity Provider Name
|IdP Entity ID or Issuer
|SAML Login URL
||X.509 certificate is enclosed in X509Certificate tag in IdP-Metadata XML file. (parent tag: KeyDescriptor use="signing")
STEP 4: Attribute Mapping
- Attributes are user details that are stored in your Identity Provider
- Attribute Mapping helps you to get user attributes from your IdP and map them to WordPress user attributes like firstname, lastname etc.
- While auto registering the users in your WordPress site these attributes will automatically get mapped to your WordPress user details.
- In miniOrange SAML plugin, go to Attribute/RoleMapping tab and fill in all the fields.
||Name of the username attribute from IdP (Keep NameID by default)
||Name of the email attribute from IdP (Keep NameID by default)
||Name of the firstname attribute from IdP
||Name of the lastname attribute from IdP
||Name of the Role attribute from IdP
- You can check the Test Configuration Results to get a better idea of which values to map here.
STEP 5: Role mapping (It is Optional to fill this).
- WordPress uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
- WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber.
- Role mapping helps you to assign specific roles to users of a certain group in your IdP.
- While auto registering, the users are assigned roles based on the group they are mapped to.
STEP 6: Sign In Setting
- Go to Sign In Settings tab. Enable auto-redirect to IDP using Redirect to IdP if user not logged in option.
Business trial for free
If you don't find what you are looking for, please contact us at firstname.lastname@example.org or call us at +1 978 658 9387.