Follow the Step-by-Step Guide for Wordpress Single Sign On (SSO) using Okta as IdP
STEP 1: Configuring Okta as IdP
- Log into Okta Admin Console.
- Navigate to the Application and click on the Add Application
- Click on the SAML 2.0.
- In General Settings, enter App Name and click on Next.
- In SAML Settings, enter the following:
| Single Sign On URL
|| ACS (AssertionConsumerService) URL from Step1 of the plugin under Configure IDP Tab.
|| Audience URI(SP Entity ID)
|| SP-EntityID / Issuer from Step1 of the plugin under Configure IDPTab.
| Default Relay State
|| Default Relay State from Step1 of the plugin under Configure IDP Tab.
| Name ID Format
| Application Username
|| Okta username.
- Configure Attribute Statements and Group Attribute Statement(Optional).
STEP 2: Assigning Groups/People
- After creating and configuring the app go to the Assignment Tab in Okta.
- Here we select the peoples and groups you want to give access to login through this app. Assign this to
the people/group you would to give access to.
- After assigning the people/groups to your app go to Sign On tab.
- Click on view setup instructions to get the SAML Login URL (Single Sign on URL), Single Logout URL,
IDP Entity ID and X.509 Certificate.
STEP 3: Configuring Wordpress as SP
- In miniOrange SAML plugin, go to Service Provider tab. There are two ways to configure the plugin:
- By Uploading Okta Metadata :
- Click on Upload IDP Metadata.
- Enter Identity Provider Name.
- Upload metadata file and click on Upload.
- Manual Configuration :
- Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) and save it.
|Identity Provider Name
|IdP Entity ID or Issuer
|SAML Login URL
||X.509 certificate is enclosed in X509Certificate tag in IdP-Metadata XML file. (parent tag: KeyDescriptor use="signing")
STEP 4: Attribute Mapping
- Attributes are user details that are stored in your Identity Provider
- Attribute Mapping helps you to get user attributes from your IdP and map them to WordPress user attributes like firstname, lastname etc.
- While auto registering the users in your WordPress site these attributes will automatically get mapped to your WordPress user details.
- In miniOrange SAML plugin, go to Attribute/RoleMapping tab and fill in all the fields.
||Name of the username attribute from IdP (Keep NameID by default)
||Name of the email attribute from IdP (Keep NameID by default)
||Name of the firstname attribute from IdP
||Name of the lastname attribute from IdP
||Name of the Role attribute from IdP
- You can check the Test Configuration Results to get a better idea of which values to map here.
STEP 5: Role mapping (It is Optional to fill this).
- WordPress uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
- WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber.
- Role mapping helps you to assign specific roles to users of a certain group in your IdP.
- While auto registering, the users are assigned roles based on the group they are mapped to.
STEP 6: Sign In Setting
- Go to Sign In Settings tab. Enable auto-redirect to IDP using Redirect to IdP if user not logged in option.
We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.
Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at email@example.com