OAuth Single Sign On – SSO (OAuth Client)

Description

WordPress Single Sign-On (WordPress SSO) with our OAuth & OpenID Connect plugin allows unlimited login/SSO (Single Sign On) with your Azure AD, Azure B2C, G Suite / Google Apps / Google Workspace, ClassLink, Clever, Office 365, AWS Cognito, Discord, PingFederate, Salesforce, Keycloak, WHMCS, Okta, Identity Server, Invision Community or other custom OAuth 2.0 and OpenID Connect providers. WordPress SSO plugin supports SSO with many OAuth 2.0, OAuth 2.1, OAuth 1.0 & OpenID Connect (OIDC) 1.0 providers.

It also provides unlimited User Authentication with OAuth & OpenID Connect protocol and allows authorized users to log into the WordPress site. Support provided for Single-site & Multi-site Network environments.

| Features | OAuth / OpenID Providers Setup guides | Videos |

Check out the video tutorial below to know how to set up SSO with your OAuth/OpenID Connect providers.

WordPress Single Sign-On / SSO ( Login to WordPress )

WordPress Single Sign-On (WordPress SSO) allows users to log into any website/application using the single set of credentials of another app/site.
Example: Let’s say you have all your users/customers/members/employees stored on a site (eg. Microsoft Azure AD, Azure B2C, Gmail, WordPress, AWS Cognito, Keycloak, etc.), called ‘site A’ and you want all of them to register/login to your WordPress site called ‘site B’. In this scenario, you can register/login all your users of site A into site B using the login credentials/account of site A. This is called Single Sign-On or SSO.

WordPress Single Sign-On ( WordPress SSO ) supported Third-Party Application / OAuth OpenID Provider

• The Third-Party Application can be anything where user accounts are stored or a site/application where you want to store/migrate all the users. It can be your social login app, WordPress site, custom provider, or any database.
• Applications/providers include OAuth Identity Provider, OAuth Server, OpenID Connect Server, OpenID Connect Provider, OIDC Provider, OIDC Server, OAuth Application, OpenID Connect Application, OIDC Application, OpenID Connect Server, OpenID Connect Provider, OpenID Connect Application.

OAuth and OpenID Connect are token-based Single Sign-On (SSO) protocols that allow an end user’s account information to be used by third-party services without exposing the user’s password.

Along with OAuth 2.0, the SSO plugin also has support for OAuth 1.0 and OAuth 2.1 protocols. And, we support the latest OAuth and OpenID Connect protocol including secure 2-Factor Authentication (2FA), and Multi-Factor Authentication (MFA) if enabled at the OAuth/OpenID provider’s end.

WordPress Single Sign-On ( WordPress SSO ) USE CASES

• Single Sign On (SSO) between 2 WordPress sites (Login with WordPress):
  1. Single Sign On (SSO) to a WordPress site (single/multisite) using User Credentials stored on another WordPress site
  2. Single Sign On (SSO) to one/multiple WordPress sites (or subsites) using User Credentials stored on another WordPress site
• Single Sign On (SSO) into WordPress with Any OAuth / OpenID Connect (OIDC) application (Login with Social Login Apps / Custom Providers):
  1. Single Sign On (SSO) to one WordPress site (single / multisite) using User Credentials stored on your third-party application
  2. Single Sign On (SSO) to one/multiple WordPress sites (or subsites) using User Credentials stored on another WordPress site
• Single Sign On into WordPress using existing User stores (Active Directory/Database)
• SSO and extended plugin functionality using tokens (access_token / JWT token / id_token) such as secure API calls using third-party token
• Others: eCommerce Single Sign On (SSO)/Login & other third-party integration with SSO features

Azure SSO
This WordPress Single Sign-on (OAuth / OpenID Connect SSO) plugin supports SSO with multiple Microsoft Apps like Azure AD SSO, Azure B2C SSO, Office 365 SSO, Microsoft Dynamic CRM 365, Microsoft Teams, Windows Live use cases with both OAuth and OpenID Connect protocols. It supports policy-based login redirections such as sign-up policy, sign-in policy, forgot password policy, custom policy, etc.

It supports Azure AD login, Azure B2C login, Office 365 login, login with multiple Microsoft applications, SSO with the multi-tenants app (users registered in different applications from different tenants), and SSO into multiple WordPress domains/subdomains/subdirectories, role-based access restriction to WordPress pages, log in to WordPress using Microsoft users outside the tenant/application, Integrate Azure SSO with a social account (like Facebook, Google), etc.

Apart from SSO, it also supports WordPress – Azure integrations/customizations such as token-based calls to specific API / Graph API.
Azure SSO also supports syncing Azure user profiles to WordPress profiles with the option to customize the profile attribute mapping (given_name, family_name, username, email, group, custom attributes, etc) as per need.

Cognito SSO
This WordPress Single Sign-On plugin supports Login with AWS Cognito, Login with Amazon, Login to WordPress with Cognito, and associated social login accounts. Also supports user profile syncing and role mapping into WordPress, fetching tokens from AWS Cognito to make other API calls and extend the existing functionality.
It supports customization for integrating Cognito SDKs like syncing new registrations from WordPress to Cognito, Login to the site via the default WordPress login form instead of redirecting to Cognito’s login page, connecting Cognito User Pool, login redirections, and many more.

Discord SSO
This WordPress Single Sign-On plugin allows Discord login into WordPress. The other supported use cases are syncing user profiles from Discord to WordPress, Role Mapping into WordPress based on Discord roles, Avatar Mapping along with customizations like WordPress to Discord role mapping, managing Guild members, and handling subscription-based access to discord channels from a WordPress site.
Along with Discord login, it also supports customization for integrating different WordPress and Discord applications.

Keycloak SSO
This WordPress Single Sign-On (OAuth / OpenID Connect SSO) plugin supports SSO with Keycloak. Keycloak server authenticates the user for WordPress. On successful authentication, it also provides an identity token and an access token that contains user profile information along with roles. The access token from Keycloak can be used to invoke other remote services on behalf of the user.
WordPress can make REST invocations on remote services using this access token.
OAuth/OIDC SSO plugin also allows you to make authorization decisions based on role-based access control (RBAC) on the WordPress site using the role mapping feature. You can map different WordPress roles to the Users based on their Keycloak roles and capabilities.

Ping Federate SSO
The WordPress SSO (OAuth / OpenID Connect SSO) plugin allows Login to WordPress using PingFederate. The plugin provides authorized access to different Ping REST APIs using the access token/bearer token.

Clever SSO
The WordPress SSO (OAuth / OpenID Connect SSO) plugin supports login with Clever to allow users (teachers, students, district admins, etc) to access their school portal based on their roles and capabilities. It also supports integration with Learndash to sync the lessons, courses, and assignments with the Clever SSO application.

Along with Clever, it also provides support for SSO to other IDPs schools and universities use such as ClassLink, Google Classroom, Canvas, and any other application which supports OAuth or OpenID Connect protocol.

The plugin can also support WordPress Single Sign On with any Identity Provider including SAML, OAuth, OpenID Connect, Active Directory, and database using miniOrange IDP allowing your users to log in to the WP site via authenticating with their user store.

FREE VERSION FEATURES

• WordPress Single Sign-On (WordPress SSO) OAuth & OpenID Connect Login supports unlimited SSO with any 3rd party OAuth & OpenID Connect server or custom OAuth & OpenID Connect server like AWS Cognito, Azure AD, Azure AD B2C, Office 365, Google Apps, etc.
• WordPress Single Sign-On ( SSO ) Grant Support – Standard OAuth2 Grant: Authorization Code
• Auto Create Users ( User Provisioning ) : After Single Sign On (SSO), a new user automatically gets created in WordPress
• Account Linking : After SSO, if the user already exists in WordPress, then their profile gets updated. Else, a new WordPress User is created.
• Attribute Mapping : OAuth Login allows you to map your Identity Provider’s unique attribute with WordPress Username Attribute.
• Login Widget : Use Widgets to integrate the SSO/login on your WordPress site easily.
• OpenID Connect & OAuth Provider Support : WordPress Single Sign On (OAuth Login) supports any OpenID Connect & OAuth Provider.
• Redirect URL after Login : WordPress Single Sign On (OAuth Login) automatically redirects the user after successful login.
• Logging : If you run into issues, WordPress Single Sign On (OAuth Login) can be helpful to enable debug logging.

STANDARD VERSION FEATURES

• All the FREE Version Features.
• WordPress Single Sign-On (WordPress SSO) Grant Support – Standard OAuth2 Grant: Authorization Code
• Optionally Auto Register Users: WordPress Single Sign On (OAuth Login) does automatic user registration after login if the user is not already registered with your site.
• Advanced Attribute Mapping: WordPress Single Sign On (OAuth Login) provides an Attribute Mapping feature to map WordPress user. profile attributes like username, firstname, lastname, and email. Manage username & email with data provided.
• Basic Role Mapping: Assign default role to user registering through OAuth Login based on rules you define.
• Support for Shortcode: Use a shortcode to place the OAuth login button anywhere in your Theme or Plugin.
• Customize Login Buttons / Icons / Text : Wide range of WordPress Single Sign On (OAuth Login) Buttons/Icons and allows you to customize Text shadow.
• Custom Redirect URL after Login: WordPress OAuth Single Sign On (SSO) provides auto redirection which is useful if you want to globally protect your whole site.
• Custom Redirect URL after logout: WordPress OAuth Single Sign On (SSO) allows you to auto-redirect Users to a custom URL after they log out from your WordPress site.

PREMIUM VERSION FEATURES

• All the STANDARD Version Features
• WordPress Single Sign-On (WordPress SSO) Grant Support– Standard OAuth2 Grants: Authorization Code, Implicit Grant, Password Grant, Refresh Token Grant (Customization Available).
• Custom Attribute Mapping: The plugin allows you to map any custom user attributes received from OAuth / OpenID Connect provider to map to any WordPress user attribute.
• Advanced Role Mapping: Assign roles to users registering through WordPress Single Sign On (OAuth & OpenId Login) based on the rules you define.
• Force Authentication / Protect Complete Site: Allows you to restrict login (Single Sign On) / authorization for users for your website.
• Multiple Userinfo Endpoints Support: WordPress Single Sign On (OAuth Login) supports multiple Userinfo Endpoints.
• App domain-specific Registration Restrictions : WordPress Single Sign On (OAuth Login) restricts registration on your site based on the person’s email address domain.
• JWT Support: This feature enables the use of JSON Web Token (JWT) from the OAuth2 / OpenID Connect server response.
• Multisite Support: WordPress Multisite allows you to create multiple subdomains / subdirectories within a single instance of WordPress. WordPress Single Sign On (OAuth Login) has the unique ability to support multiple sites ( multisite ) under one account. You have to configure the OAuth & OpenID Connect Single Sign On (SSO) plugin just once for all your sites in the network.

ENTERPRISE VERSION FEATURES

• All the PREMIUM Version Features
• Multiple OAuth & OpenID Connect Provider Support
• WordPress Single Sign-On (WordPress SSO) Grant Support – Standard OAuth2 Grants: Authorization Code, Implicit Grant, Password Grant, Refresh Token Grant, Client Credential Grant, Authorization code grant with PKCE flow, Hybrid Grant (Customization Available)
• Single Login button for Multiple Apps: It provides a single login button for multiple providers
• Extended OAuth API support: Extend OAuth / OpenId Connect API support to extend functionality to the existing WordPress OAuth Single Sign-On (SSO) plugin.
• WP Hooks for Different Events: Provides support for different hooks for user-defined functions.
• WordPress Single Sign-On ( SSO ) Login Reports: WordPress Single Sign-On (OAuth Login) creates user login and registration reports based on the application used.
• Enable / Disable WordPress Default Login: WordPress Single Sign On (OAuth Login) allows you to disable the default WordPress login form instead use SSO.
• FrontChannel & BackChannel Single Logout Support: With this feature, users can be logged out from WordPress as well as IDP only if the IDP has support for OpenId Connect 1.0 Single Logout.
• Multisite Support: WordPress Multisite allows you to create multiple subdomains / subdirectories within a single instance of WordPress. WordPress Single Sign On (OAuth Login) has the unique ability to support multiple sites (multisite) under one account. You have to configure the OAuth & OpenID Connect Single Sign On (SSO) plugin just once for all your sites in the network.

ALL INCLUSIVE VERSION FEATURES

• All-in-one WordPress Single Sign-On plan with the support of add-ons / Third Party Plugin compatibility
• Third-Party Plugin Compatibility for Single Sign-On (SSO): WooCommerce plugin compatibility with WordPress Single Sign-On (SSO) / Login plugin
• Add-on Support with SSO Plugin: SCIM User Provisioning, Page & Post Restriction, BuddyPress Integration, Login Form Add-on, LearnDash Integration, Media Restriction (Prevent File Access), Attribute/Membership-Based Redirection, SSO Session Management, Paid Membership Pro Integrator, WooCommerce Integrator, SSO Login Audit, Memberpress Integration, Guest User Login.

No SSL restriction

• Login to WordPress (WordPress SSO) using Google (G Suite) credentials (G Suite / Google Apps Login) or any other app without having an SSL or HTTPS-enabled site.

POPULAR OAUTH AND OPENID CONNECT (OIDC) PROVIDERS SINGLE SIGN-ON (SSO)

The following providers support OAuth 2.0/OpenID Connect SSO for WordPress login.
* AWS Cognito
* Office 365
* Azure B2C
* Azure AD
* Google Classroom
* Classlink
* Keycloak
* Clever
* WHMCS
* Ping Federate ( Ping / Ping Identity )
* IdentityServer4
* IdentityServer3
* Discord
* Canvas
* WordPress
* WSO2
* Salesforce
* G Suite / Google Apps
* Auth0
* Okta
* OneLogin
* Swiss-RX-Login ( Swiss RX Login )
* Neon CRM
* OpenAthens
* iMIS
* HP
* ID.me
* Ticketmaster
* JOIN IT
* MemberConnex
* Servicenow
* Invision Community
* OpenAM / Forgerock
* Laravel Passport
* NextCloud
* Orcid
* Memberclicks
* Open edX / eduNEXT
* SheepCRM
* IBM APP ID
* Amazon
* ADFS
* UNA
* Bitrix24
* Slack
* Yahoo
* LinkedIn
* Gitlab
* Gluu Server
* GitHub
* Box
* Apple
* Strava
* Blizzard / Battle.net
* Basecamp
* PayPal
* Eve Online
* Meetup
* Coil
* VATSIM
* Intuit
* Kakao
* Hubspot
* Twitter
* NetIQ
* Oracle IDCS
* Zoho
* Idaptive | CyberArk

LIST OF GRANT TYPES WE SUPPORT FOR WORDPRESS SINGLE SIGN-ON (SSO) OAUTH / OPENID CONNECT (OIDC) CLIENT

• Authorization code grant
• Implicit grant
• Resource owner credentials grant (Password Grant)
• Client credentials grant
• Refresh token grant
• Hybrid Grant
• Authorization code grant with PKCE flow (Proof Key for Code Exchange)

OTHER OAUTH AND OPENID CONNECT (OIDC) PROVIDERS WE SUPPORT FOR WORDPRESS SINGLE SIGN-ON (SSO)

• Other oauth 2.0 and OpenId Connect ( OIDC ) 1.0 servers WordPress Single Sign-On ( SSO ) plugin support includes Office 365, AWS Cognito, Microsoft Dynamic CRM 365, Auth0, Google Workspace, Egnyte, Autodesk, Zendesk, Foursquare, Harvest, Mailchimp, Bitrix24, Spotify, Vkontakte, Huddle, Reddit, Strava, Ustream, Yammer, RunKeeper, Instagram, SoundCloud, Pocket, PayPal, Pinterest, Vimeo, Nest, Heroku, DropBox, Buffer, Box, Hubic, Deezer, DeviantArt, Delicious, Dailymotion, Bitly, Mondo, Netatmo, Amazon, FitBit, Clever, Sqaure Connect, Windows, Microsoft Live, Dash 10, Github, Invision Community, Blizzard, authlete, Keycloak, Procore, Eve Online, Laravel Passport, Nextcloud, Renren, Soundcloud, OpenAM / Forgerock, IdentityServer, ORCID, Diaspora, Timezynk, Idaptive CyberArk, Duo Security, Rippling, Crowd, Janrain, Numina Solutions, Ubuntu Single Sign-On, Apple, Ipsilon, Zoho, Stripe, Itthinx, Fellowshipone, Miro, Naver, Clever, Coil, Parallel Markets, VATSIM, Liferay, Fatsecret, Intuit, iMIS, ORY Hydra, FusionAuth, Kakao, ID.me, MoxiWorks, HR Answerlink / Support center, ClassLink, Google Classroom, MemberClicks, BankID, CSI, Splitwise, Infusionsoft, Hubspot, Join It, MyAcademicID, MemberConnex, Novi, Coassemble, Servicenow, IBM APP ID, Nimble AMS, iSpring LMS, Neon CRM, EPIC, IPB forum, Wiziq, Sprinklr, Elvanto, ABSORB LMS, Wechat, Weibo, Shibboleth, Centrify, FranceConnect, Church Online, Bigcommerce, Sewobe, PracticePanther, SubscribeStar, Eventbrite, Medi-Access, Lichess, CILogon, Servicem8, Gigya, PhantAuth, XING, Simplecast, SURF, MediaWiki, UNA, NetSuite, Oracle IDCS, Globus, Square, SimpleSAMLphp, Basecamp, HP, SHELL, Otoy, Steam, Webflow, Simplepass, Feide, SingPass, Asmodee, SwissID, Miro, Alkami, Switch, Citrix, Schoology, iGov, LearnWorlds, France Connect, DID, Blackboard, UAEPass, Polar, CodeB, Vincere CRM, F5, TicketMaster, BizLibrary, Skolon, Rapattoni, PowerSchool, Minecraft, NETS, Joomla, Drupal, ASP.NET, CA Siteminder, Outseta, XUMM, ID Austria, Ubisecure, Gravitee.io, SheepCRM, Wahoo, WeatherFlow Tempest, OneWelcome / iWelcome, Xbox, Trovo, Cornerstone, Criipto, bare.id, Discourse, Authentik, Sailpoint, Signicat, Asset Bank, GrowthZone, Vipps, Authorizer, Deviant Art, Miracl, Teamsnap, Authelia, Teachable, Django, IDsampa, Cvent, SERMO, Pixelfed, Finys, Login.gov, Fastcase etc.

WORDPRESS SINGLE SIGN-ON (SSO) SUPPORTED ADD-ONS

We have a variety of add-ons that can be integrated with the OAuth & OpenId Connect Single Sign-On plugin to improve the OAuth SSO functionality of your WordPress site.

• Page Restriction – This add-on is used to protect the pages / posts of your site with OAuth & OpenID Connect compliant IDP (Server) login page and also, to restrict access to pages / posts of the site based on user roles.
• BuddyPress Integration – This add-on maps the attributes fetched from the OAuth & OpenID Connect compliant IdP with BuddyPress attributes.
• LearnDash Integrator – LearnDash Integration will map the Single Sign-On (SSO) users to LearnDash groups as per the group attributes sent by your Identity Provider.
• Login Form Add-On – This add-on provides a login form for OAuth2 / OpenID Connect login instead of only a button. It relies on OAuth & OpenID Connect Single Sign-On (SSO) plugin to have Password Grant configured. It can be customized using custom CSS and JS.
• Discord Role Mapping – Discord Role Mapping add-on helps you get roles from your discord server and maps them to WordPress users after Single Sign-On (SSO).
• Media Restriction – This add-on restricts unauthorized users from accessing the media files on your WordPress site.
• Attribute Based Redirection – Attribute-Based Redirection add-on can be used to restrict and redirect users to different URLs based on OAuth & OpenID Connect attributes.
• SSO Session Management – SSO session management add-on manages the login session time of your users based on their WordPress roles.
• SSO Login Audit – SSO Login Audit captures and tracks all the SSO users and generates reports.
• Azure B2C Forgot Password / Reset Password Policy Add-on – This add-on enables the Forgot Password option provided on Azures Login page using Azure’s Password Reset policy while SSO into WordPress.
• WooCommerce Integrator – WooCommerce integrator will map the user profile attributes sent by your OAuth/OpenID provider to the WooCommerce Billing details of the customer on WordPress.
• WordPress Cognito Integrator – Cognito integrator provides functionality to manage all the user operations such as Login, Registration, Profile update, and Password Reset from your WordPress site.
• WordPress Azure Integrator – WordPress Azure AD integrator provides functionality to manage all the user operations from your WordPress site. The user operations provided are Login, Registration, Profile update, and Password Reset.
• WordPress Hubspot Integration – WordPress HubSpot OAuth Integration allows you to integrate your WordPress website with the HubSpot platform or vice versa.

Real Time User Provisioning using SCIM

Provides user-provisioning (sync user profiles) from your IDP (Okta, Azure, OneLogin, etc) to your WordPress using SCIM standard. You can refer our WordPress User Provisioning using SCIM plugin.

If you are looking for a OAuth / OpenID compliant Identity Provider, you can try out miniOrange On-Premise IdP. Contact us at info@xecurify.com to get WordPress OAuth / OpenId Connect add-ons.

WordPress Single Sign-On (SSO) plugin Compatibility with various LMSs

• Tutor LMS, Sensei, LifterLMS, LearnPress

REST API Authentication

Secures against unauthorized access to your WordPress sites/pages using our WordPress REST API Authentication plugin.