SAML Single Sign On – SSO Login

Description

Simplify WordPress Login Experience With Our SAML Single Sign On (SSO) Plugin

With the miniOrange WordPress SAML SSO plugin, you can enable Single Sign On (SSO) for your WordPress site. This means users can sign in with their existing accounts from Identity Providers (IDPs) like Microsoft Azure AD/ Entra ID, Google Workspace, Okta, Salesforce, Keycloak, Shibboleth, OneLogin, ADFS, and others without creating separate WordPress usernames and passwords.

The plugin makes your WordPress site function as a SAML-compliant Service Provider (SP) by using the SAML 2.0 protocol to securely exchange authentication data with your chosen Identity Provider (IDP). Once users are authenticated by the IDP, they automatically gain access to your WordPress site and its resources.

Our WP SSO plugin is designed for you if you need:

• Instant Secure Authentication
  Users access WordPress immediately using their existing Identity Provider (IDP) credentials without managing WordPress-specific passwords.

• Centralized Access Management
  Control everyone’s WordPress access through your Identity Provider (IDP) security policies.

• Organization-Only Access
  Restrict WordPress access exclusively to verified employees through Identity Provider (IDP) authentication and MFA.

• Smart User Provisioning
  Automatically create WordPress accounts and assign roles based on Identity Provider (IDP) groups and user data.

• Reduced Administrative Overhead
  Eliminate manual user creation, password resets, role assignments, and access management tasks.

• Flexibility Across Different Identity Providers (IDP)
  Our plugin works with 50+ IDPs. Enterprises can set up Azure AD login into WordPress for employees, while universities use WordPress Okta SSO, Google Workspace (G Suite) SSO, Shibboleth SSO, OneLogin SSO, or any other SAML IDPs of their choice.

Quick Links: 🌐Official Website | 🛠️Setup Guide | 🎁Free Full-Feature Trial | 💎Pricing Plans | 🧩Integrations & Addons | 📧 Office 365 Integrations | 🤝Support

WordPress SAML SSO Login Explained in Minutes

WP SAML SSO Plugin Supports All SAML Identity Providers

• Azure AD SSO (Microsoft Entra ID)
• Login with Okta SSO
• Google Workspace/GSuite
• Login with Salesforce
• Keycloak
• ADFS
• Login with Azure AD B2C
• Office 365
• OneLogin SSO
• Auth0
• PingOne
• WordPress
• miniOrange
• Oracle
• JumpCloud
• CyberArk
• Duo
• SecureAuth
• Absorb LMS
• Windows
• Shibboleth SSO
• Any Custom IDP Supporting SAML
• And more

Set Up Our WP Single Sign On (SSO) Plugin in Three Easy Steps

Step 1: Install Our WordPress SAML SSO Plugin
Download the WordPress SAML SSO (Single Sign On) plugin from the WordPress plugin directory and install it on your WordPress site.

Step 2: Share Your WordPress Site’s Metadata from the WP SAML Plugin with the Identity Provider (IDP)
Provide the Service Provider (SP), i.e., your WordPress site’s metadata URL or file, to your Identity Provider (IDP) to register your WordPress site as a trusted Service Provider (SP).

Step 3: Import Your Identity Provider’s (IDP) Metadata into the Plugin
Next, upload the IDP’s metadata URL or file to your WordPress site in the plugin settings to enable secure SAML authentication.

That’s it! Your WordPress site is now secured with enterprise-grade Single Sign On (SSO) authentication. You can verify the connection by using the Test Configuration button in the plugin.

Watch Our Complete Step-by-Step Installation Video for WP SSO Login

Follow along with our detailed video walkthrough to see exactly how each step works and ensure your SAML SSO login is configured correctly from start to finish.

Here to Support You, Always

Whether you have questions about setup, pricing, or how the plugin works, our expert team is available 24/7 to assist you. Simply reach out to samlsupport@xecurify.com, and we will ensure you receive timely and reliable guidance.

Features of Our WordPress SAML Single Sign On (SSO) Plugin

Unlimited User Authentications: Allows an unlimited number of users to log in through SAML SSO with your IDP authentication while maintaining optimal site performance during peak traffic.

Auto Login: Automatically logs users into WordPress if they have an active IDP session, without requiring them to re-enter the IDP credentials.

Force Authentication: Ensures that users authenticate through the IDP each time they log in to the WordPress site, regardless of any active IDP session.

Complete Site Protection: Secures your site’s frontend pages/posts and backend WP-Admin pages behind Single Sign On by redirecting all users to IDP if an active session is not found on the IDP. You can add another security layer using Media Restriction and REST API authentication.

Automatic User Creation: Creates new WordPress user accounts automatically on the user’s first Single Sign On login if no account exists by syncing their profile details from the IDP.

Account Linking: Enables users to log into their existing WordPress accounts via their IDP credentials by matching their username or email in WordPress and IDP. This ensures no duplicate accounts are created.

Just-in-Time (JIT) Profile Updation: Updates WordPress user accounts at each Single Sign On login by syncing data from IDP. It maps basic attributes (username, email, first name, last name, etc.) and advanced/custom attributes (department, phone, job title, employee ID, etc.) to maintain accurate user profiles.

Role-based Access: Assigns WordPress roles such as Administrator, Editor, Author, Contributor, or Subscriber to users during WP SSO login. The role assignment is based on the group information provided by the IDP.

Custom Login Buttons and Shortcodes: Adds SSO login buttons to the WordPress login page or any page on the site using widgets and shortcodes. You can change the text, font, color, and size of these buttons to match your site’s design.

Single Logout (SLO): Terminates a user’s session on the WordPress site and the IDP simultaneously when logging out of either of them.

Login Using Multiple IDPs: Allows users to authenticate with different Identity Providers (IDPs) when logging into WordPress. You can also set up email domain mapping so users are automatically directed to the right IDP. For example, an organization can easily set up Azure AD SSO, Okta SSO, or any other IDP for employees, and use Google Workspace SSO for partners or vendors.

Certificate Sync and Multiple Certificates: Automatically syncs X.509 certificates from the Identity Provider (IDP), managing rollover, replacement, and addition without disrupting the SSO connection. It also supports multiple active certificates from the same IDP, allowing WordPress to work with custom setups or environments where more than one certificate is in use.

SSO on Multisite Networks: Applies one SSO configuration to all subsites in a WordPress multisite network. This centralizes SSO management, so you do not need to configure each subsite individually.

Single & Multi‑Tenant Azure AD Login: Connects both single-tenant (one directory) and multi-tenant (multiple directories) Azure AD or Office 365 to WordPress. Users from different tenants can log in to WordPress through Azure AD SSO using their existing accounts.

Cross-Environment Deployment: Supports multiple environments such as Development, Test, and Production, allowing IT teams to configure SSO once and maintain consistent settings across all instances.

WP‑CLI Support: Provides WP‑CLI commands for activating licenses, configuring WP SSO settings, importing or exporting configurations, and updating the plugin. All key SSO functions can be managed from the command line without using the WordPress dashboard.

Extend Your Single Sign On Experience With Our Addons

Real-time SCIM User Provisioning: Syncs user records between the IDP and WordPress in real time when the user is created, updated, or removed to maintain accurate data and strengthen security and efficiency.

Page and Post Restriction: Controls access to your content by restricting pages and posts to specific user roles or login status (whether a user is logged in). If an unauthorized person attempts to view protected content, they can be automatically redirected to authenticate via a SAML Identity Provider (IDP), the WordPress login page, or any custom URL you specify.

Media Restriction: Blocks unauthorized downloads of images, videos, and documents by allowing only SAML SSO–verified users with proper IDP permissions to view or retrieve media files.

Attribute-Based Redirection: Directs users to specific URLs after Single Sign On based on IDP attributes such as role or department to ensure tailored access paths.

Guest User Login (Anonymous Login): Allows users to log in to the WordPress site without creating a WordPress user account for them.

SSO Session Management: Sets default or role-specific session timeouts for SAML SSO users according to IDP-assigned roles to balance convenience with security.

SSO Login Audit: Records all user login and registration activities on your WordPress site. It generates detailed reports that track essential information for each session, including the user, login time, and source IP address. The addon also includes advanced search filters for quickly locating specific events within the audit logs.

WordPress IP Whitelisting: Grants WordPress access to users with specific IPs and allows them to bypass IDP redirection and access restricted content.

Profile Picture Mapping: Imports avatar images from the IDP into WordPress profiles for authenticated users to personalize the site experience.

Federation SSO: Supports logins from multiple federated organizations, such as universities or research consortia, by leveraging standard IDP federation protocols to unify access.

Our plugin also integrates with third-party applications such as LearnDash, WooCommerce, BuddyPress, MemberPress, Paid Memberships Pro, and more, providing a simple SAML Single Sign On (SSO) experience that lets users access courses, online stores, community forums, membership content, and other protected resources with a single login.

Top Use Cases of Our WordPress SAML Single Sign On (SSO) Plugin

Education: SSO for Schools, Universities, and Federated Institutions

Our WordPress SAML SSO plugin helps educational institutions simplify secure access across their WordPress sites. Faculty and staff can log in through Azure AD SSO, while external collaborators or research partners authenticate using WordPress Okta SSO, Shibboleth SSO, G Suite SSO, and other IDPs. This flexibility ensures universities can accommodate multiple identity providers without creating separate WordPress accounts for every user.

Along with multiple IDPs, the plugin also supports academic federations such as InCommon, HAKA, HKAF, etc. These federations connect entire networks of trusted institutions and allow users to authenticate with their home institution credentials, enabling students, faculty, and researchers from partner universities or organizations to access WordPress resources directly.

With our plugin, universities can also manage SSO for Multisite Networks more effectively, making it easy to control access across subsites such as library.uni.edu or research.uni.edu. It further provides Guest User Login for temporary access by external collaborators, ensuring consistent and secure entry to academic resources.

Healthcare: SSO for Hospitals, Clinics, and Medical Portals

Healthcare organizations require access controls that protect sensitive data while remaining compliant with regulations. Our WordPress SAML SSO plugin for healthcare allows hospitals, clinics, medical portals, and other Healthcare Providers (HCPs) to authenticate users against their existing IDPs.

The plugin includes advanced features such as Force Authentication, which requires users outside the hospital network to authenticate with their IDP to access organizational resources, while allowing on-site users immediate access without re-authentication.

To further protect sensitive data, healthcare administrators can configure Role‑based Restrictions that limit access to patient records, laboratory results, research data, administrative content, and other sensitive information. This ensures that only authorized personnel can view or manage sensitive resources while helping institutions stay compliant with HIPAA and other healthcare data protection standards.

WooCommerce: SSO for B2B, Institutional Buyers, and E-Commerce

For online stores, the shopping experience depends on security and convenience working together. Our WordPress SAML SSO plugin integrates WooCommerce with Identity Providers (IDPs) such as Azure AD, Okta, or even other WordPress sites, allowing customers and staff to sign in with the same credentials they already use in their organization.

When deployed with the WooCommerce Integrator, SSO becomes part of the checkout process. Customers adding products to their carts are prompted to authenticate, and once logged in, their account details and order information synchronize automatically.

On the backend, manager and staff roles assigned in the IDP flow directly into WooCommerce, granting specific access to order data, inventory, and dealer portals. With user permissions centralized, businesses avoid duplication errors and maintain consistent security across their e‑commerce operations.

Multiple Site Businesses: SSO (Single Sign On) in WordPress to WordPress sites

Many businesses run multiple WordPress sites: a main site that stores all user accounts and roles (customers, managers, staff), and secondary sites that provide additional services and resources.

To avoid repeated logins and maintain consistent user management, the secondary sites can act as Service Providers (SPs) using our SAML Single Sign On plugin, while the main site serves as the Identity Provider (IDP) using the SAML IDP – Login with Website Users plugin.

When a user tries to access a secondary site, they are redirected to log in on the main site. Upon successful authentication, their credentials, profile details, and roles are passed back to the SP site. This provides seamless access, keeps user data synchronized, and maintains role-based permissions across both sites without manual account duplication.

Enterprise: SSO with Azure AD (Microsoft Entra ID)

Our plugin supports both Single-Tenant and Multi-Tenant Azure AD SSO, allowing users from different Azure AD (Microsoft Entra ID) tenants, whether they belong to separate organizations, subsidiaries, or business units, to securely log in to WordPress using Azure AD.

To simplify user lifecycle management, the plugin offers full SCIM Provisioning and Deprovisioning, automatically creating, updating, or removing WordPress accounts whenever changes are made in Azure AD. This ensures user data and permissions remain consistent and up to date across systems without manual intervention.

For added reliability, the plugin includes Automatic Certificate Synchronization, handling certificate rotation in Azure AD SSO behind the scenes. This eliminates downtime and prevents login failures, ensuring users can always access WordPress without disruption.

The plugin also extends beyond authentication by connecting WordPress with core Microsoft applications, including SharePoint, Power BI, Dynamics CRM, Outlook, and more, making it easy to embed files, display dashboards, and synchronize data within WordPress.

Feedback and Support

We’re committed to ensuring you have a smooth experience with our WordPress SAML Single Sign On (SSO) plugin. If you have any questions, need customizations, or would like to request additional features, feel free to contact us at samlsupport@xecurify.com.