Single Sign-on | OpenID Connect

Configure WPO365

Steps in this Topic

Perform the following steps to update the plugin’s Azure AD configuration with the values created in the previous steps.

  • Open WP Admin > WPO365 > Single Sign-on in one browser tab / window.
  • Ensure that Single Sign-on is enabled.
  • From the dropdown Select Identity Provider (IdP) select Azure AD (default). If you want to configure integration for Azure AD B2C then please follow the steps in the Azure AD B2C guide instead.
  • From the dropdown Select SSO-protocol select OpenID Connect (default) unless you need to configure SAML 2.0. In that case please follow the steps in SAML guide instead.
  • From the dropdown Select OpenID Connect flow select Auth.-code Flow (default) unless you have a good reason to configure the Hybrid Flow instead.
  • Now open in a new browser tab Microsoft Entra Portal and navigate to the application registration’s Overview page and copy the Directory (Tenant) ID and paste it into the corresponding field on the plugin’s Single Sign-on configuration page.
  • Repeat the previous step and copy the Application (Client) ID from the Overview page and paste it into the corresponding field on the plugin’s Single Sign-on configuration page.
  • Copy the Application Client Secret from the text file where you temporarily saved it.
  • Select your desired Authentication scenario. Please note that you can use the Intranet Authentication scenario to require users to sign in before they can access your website’s front-end posts and pages
  • Do not enter a Domain hint at this point in time. You can add a Domain hint later when users complain that Microsoft signed them in with the wrong account (this can happen if a user is signed in with multiple tenants).
  • Scroll to the bottom of the plugin configuration page and click to Save configuration. A popup window will open and you’re reminded to optionally clear server-side cache. When you click Confirm the Plugin self-test will load but you can ignore this for the moment.
  • Instead continue to the plugin’s User registration page and click the link View custom domain names just before to the Custom domains field (this will open a new tab).
  • Now copy each domain name that is used as the domain portion of Azure AD users and add it to the list of Custom domains. Make sure to click + after each domain name added.
  • Scroll to the bottom of the plugin configuration page and click to Save configuration.