Single Sign-on | OpenID Connect

Video Walkthrough

Please follow along with the video walkthrough below, demonstrating how you can perform the WPO365 self-test to test your configuration, when adding Microsoft (Entra ID) login to WordPress using the OpenID Connect protocol.

Save the configuration and start the plugin self-test

• After completing all mandatory fields:
  • Directory (Tenant) ID
  • Application (Client) ID
  • Client Secret
  • Redirect URI
• Scroll down and click Save configuration.

Handle the cache warning

• After saving, a warning is shown recommending that you clear server-side caches.
• If you do not use server-side caching:
  • Acknowledge the warning and continue.
  • No further action is required.

Access the plugin self-test

• After saving the configuration, you are automatically taken to the Plugin self-test page.
• You can also access the self-test manually at any time:
  • Open the WPO365 menu in WordPress.
  • Select Plugin self-test.

Run the self-test

• Click Start self-test.
  • Optionally check the option to flush permalinks.
• You are redirected to Microsoft login.microsoftonline.com.
  • If you are not signed in yet, you will be prompted to enter your Microsoft username and password.
  • If you are already signed in, authentication happens automatically.
• After authentication, you are redirected back to the Plugin self-test page.

Review the initial test results

• The self-test performs several checks, including:
  • Whether the correct plugin version is installed.
  • Whether any health issues were detected.
• If no health messages are shown:
  • The test ran successfully.
  • Nothing currently blocks Single Sign-On from working.

Verify plugin configuration

• The self-test checks whether the plugin has been configured correctly.
• If an issue is detected with custom domain names:
  • Open the User Registration configuration page.
  • Enter the Custom domains used for Microsoft Entra user principal names (UPNs).
    • These are the domains used for Entra ID usernames (for example wpo365.com).
    • This is not your website domain or staging URL.
  • Save the configuration.
  • Return to the Plugin self-test page and run the self-test again.
• After fixing this, the Custom domains test should pass successfully.

Optional: Microsoft Graph beta setting

• The self-test checks whether the Microsoft Graph beta endpoint is enabled.
• If adjustment is required:
  • The plugin can automatically correct the setting when you click Fix now.
  • The self-test is then run again automatically.

Review SSO-related test results

• Further down the page, the number of tests focus on OpenID Connect based Single Sign-On.
• One of the most important results is:
  • Can decode the ID token
    • This confirms the plugin was able to retrieve and decode the ID token.
    • It proves that authentication and token handling work correctly.
• You can inspect which information is received from Microsoft by clicking the View link.
  • This information is received by your website.
  • The WPO365 plugin processes it on your behalf and does not share it with any external service.
  • Data exchanged between your site and Microsoft never reaches the WPO365.com server.

Review access token and additional feature tests

• The self-test also verifies whether an access token could be requested successfully.
• Additional tests may appear for features that require a specific WPO365 premium extension / plugin.
• If an extension is missing, you may see a notification explaining why a feature is unavailable.

Final result and support

• If all relevant tests pass, it is safe to conclude that:
  • Single Sign-On is working correctly
• If you have any questions or encounter issues:
  • Click the question mark icon on the self-test page.
  • This opens the contact form on the WPO365.com website.
  • Support requests are typically answered:
    • Within 24 hours on weekdays
    • Within 48 hours on weekends