Logo
How to Configure Single Sign-On in WordPress with Azure AD and miniOrange Plugin
Azure AD

How to Configure Single Sign-On in WordPress with Azure AD and miniOrange Plugin

25 January 2022 By Hal Sclater

This article was a guest contribution from our friends at miniOrange.

What is OAuth SSO? Single Sign-On (SSO) is an authentication process in which a user is provided access to multiple applications/websites by using only one set of login credentials.

Prerequisites

Step 1: Setup Azure AD as OAuth Provider

  1. Sign in to portal.azure.com.
  2. Go to Azure Active Directory > App registrations > New registration.
  3. Enter a name, select Web app / API, and provide your WordPress site URL.
  4. Copy the Application ID (Client ID) and Directory ID (Tenant ID).
  5. Go to Certificates & secrets > New client secret. Copy the value.
  6. Go to Token configuration > Add optional claim > ID and choose email.

Step 2: Setup WordPress as OAuth Client

  1. In WordPress, go to the miniOrange plugin settings.
  2. Click Configure OAuth > Add New Application and select Azure AD.
  3. Copy the Callback URL shown.
  4. Enter the Client ID, Client Secret, and Tenant ID from Azure AD.

Step 3: Attribute Mapping

Go to Attribute / Role Mapping and map the username attribute. In our testing, unique_name works best with both Guests and normal users.

Scope & Endpoints

SettingValue
Scopeopenid
Authorize Endpointhttps://login.microsoftonline.com/<tenant-id>/oauth2/authorize
Access Token Endpointhttps://login.microsoftonline.com/<tenant-id>/oauth2/token
User Info Endpointhttps://login.windows.net/common/openid/userinfo

Image

Image 1

Image 2

Image 3

Image 4

Oauth Token

Image 5

Image 6

Image 7

Image 8

Image 9

Image 10

Image

Image 11

Image 12

Image 13

Image 14

Image 15

Image 16

Image 17

Image 18

Image 19

Image 20

Image 21

Image 22