WordPress - SSO Configuration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for WordPress using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To configure Multi-Pass SSO with a WordPress site, ensure you meet the following requirements:
- WordPress Administrator access
- MPAS Admin rights
- All users intended to use SSO in WordPress must be registered in your IdP and have the necessary permissions.
Important: Custom elements in URLs (like tenant names or unique strings) are case sensitive. Match the exact casing from your environment.
- WordPress Administrator access
- MPAS Admin rights
- All users intended to use SSO in WordPress must be registered in your IdP and have the necessary permissions.
Important: Custom elements in URLs (like tenant names or unique strings) are case sensitive. Match the exact casing from your environment.
WordPress - SSO Configuration
Step 1 - Obtain Tenant XML Metadata from Multi-Pass (IdP)
- Open Multi-Pass Dashboard
- Select the correct tenant and go to Integrations, then click on Applications.
- In the Custom Integration section, select SAML.
- Select Download under Tenant XML Data and save the file locally.
Step 2 - Configure WordPress as the Service Provider (SP)
- Log into your WordPress site as an Administrator.
- Navigate to miniOrange SAML 2.0 Single Sign-On plugin.
- Add the plugin and then activate the plugin by navigating to Manage Plugins.
- Click on Settings beside miniOrange SAML 2.0 SSO.
- Select the Service Provider Setup tab.
- Click Upload IdP Metadata.
- Beside Identity Provider Name, enter
KZero Multi-Pass. - Upload the Tenant Metadata file saved in Step 1.
- Click Save and then Test Configuration.
- Verify that a Test Successful banner appears.
- Navigate to the Attribute/Role Mapping tab and fill in the fields based on the table below, then click Save.
| Setting | Value |
|---|---|
| Username (required) | NameID |
| Email (required) | NameID |
- Select which site you want the plugin configured for and click Save.
Step 3 - Configure Multi-Pass as the Identity Provider (IdP)
- In WordPress, navigate to Plugins > Manage Plugins.
- Click on Settings beside miniOrange SAML 2.0 SSO.
- Select the Service Provider Metadata tab.
- Click Download SP Metadata and save the file locally.
- In Multi-Pass, return to Integrations > Applications > Custom SAML App.
- Select Upload File and upload the Service Provider Metadata file obtained previously.
- Complete the remaining fields based on the table below:
| Field | Value |
|---|---|
| Client ID (=SP Entity ID) | <Unique WordPress URL> |
| Name | wordpress |
| Description | WordPress SSO integration |
| Assertion Consumer Service URL | <Unique WordPress URL> |
| NameID Policy Format | email |
- Go to the Advanced Console by clicking on the left side of your screen
- Click on Client and use the search bar to look for WordPress
- Make sure all the fields are populated correctly
General settings (Multi-Pass)
| Field | Value |
|---|---|
| Client ID | <Unique WordPress URL> |
| Name | wordpress |
| Description | WordPress SSO integration |
| Always display in UI | ON |
Access settings (Multi-Pass)
| Field | Value |
|---|---|
| Home URL (IdP-initiated) | https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME> |
Valid Redirect URIs (ACS) | <Unique WordPress URL> |
| IDP-Initiated SSO URL | <Unique WordPress URL> |
SAML Capabilities
| Setting | Value |
|---|---|
| Name ID Format | email |
| Force Name ID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Move to the tab Keys and ensure that both parameters are set to OFF.
- Go to the Advanced tab.
- Set Assertion Consumer Service POST Binding URL to match the Valid Redirect URI under Access Settings.
- Go to the Client Scopes tab and select the first scope in the list.
- Select Add Predefined Mapper and include the following mappings:
X500 emailX500 givenNameX500 surname
Related Articles
D2L Brightspace - SSO Integration
This application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a step-by-step guide to ...Mulesoft - SSO Integration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Mulesoft using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Miro - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Miro using MPAS. SSO simplifies user authentication by allowing access to multiple ...Pipedrive – SSO configuration
This application has been formally tested by Kelvin Zero Inc. This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Pipedrive using Multi-Pass. SSO simplifies user authentication by allowing access to multiple ...