What is Azure Active Directory and SSO?
Microsoft’s Azure Active Directory (Azure AD) is a cloud-based identity and access management (IAM) solution for businesses. With the help of Azure AD, employees can sign up to multiple services and can access them with a single set of login credentials. With regards to SSO, Single sign-on is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems, in this case, the Single Sign-On (SSO) with WordPress allows your users to login to your WordPress and access the site by authenticating with their Azure AD identity provider.
What is OAuth SSO?
Open Authorization (OAuth) is an open standard for token-based authentication and authorization that is used to facilitate single sign-on (SSO).
OAuth allows third-party services, such as Facebook, to access an end user’s account information without exposing the user’s password. It serves as a mediator on behalf of the end-user, delivering an access token to the service that allows the sharing of certain account information. That is, third-party applications can access content owned by the user, but these applications do not know the authentication credentials.
Let’s understand this with our Azure AD example:
Consider you have a WordPress website and users are stored in the Azure active directory, now you want a solution where the users can login into your WordPress website using the Azure AD credentials and that’s where Single Sign-On comes into play. Using SSO you are delegating authentication, you hand off the responsibility of verifying a user’s credentials (such as username and password) to Azure AD so you can get users logged in to your website without worrying about the authentication process. Furthermore, how the OAuth SSO works can be understood by the following OAuth SSO flow.
OAuth – Single Sign-On (SSO) Flow:
1. Register Your App:
Register your app with the OAuth identity provider like Azure AD. This involves creating an app and entering app-related data. On successful registration of the app, you receive a Client ID and a Client Secret. These keys are used for identifying your app to the OAuth provider and are required when requesting a token.
2. Client application request OAuth provider for Access Token:
Your registered app can now send an Authorization request to the OAuth provider in this case Azure AD asking for an Access Token. Users need to authenticate with the OAuth provider and be presented with an authorization page consent asking them to give permissions to your application to access specific user data. Once the user approves the consent, the access token is generated for the user and passed to the client application.
3. Exchange the one-time request token with the OAuth access token:
After the user grants permissions to your application, your application can exchange the request token with an access token. The access token is used by your application for requesting the specific resources from the OAuth provider to which the user granted permission to access.
Additional Benefits of Enabling OAuth SSO for WordPress:
WordPress OAuth Single Sign-On (SSO) using Azure AD:
Provides Unlimited User Authentications with SSO login on WordPress site with Azure AD credentials.
Seamless Azure AD user creation:
On a WordPress site, the registration form is usually created with one of the form plugins such as gravity forms, elementor, or WP forms. The registration form has all the necessary input fields for the use case. Users when register using that form, will be effortlessly added to your Azure Active Directory.
On the fly user provisioning:
In this instance, the WordPress site’s Administrator is in control of user operations. As a result, whenever the administrator creates a user in the WordPress backend, the user is also generated in Azure AD.
Multisite Multinetwork Support
Share single installation with multi-sites. Login to your WordPress multi-sites with a third party OAuth/OpenID server. Configure IDP for all your networks. Allows multiple subdomains/subdirectories to share a single installation.
Sync existing WordPress users to Azure AD
You can easily sync your WordPress users to Azure with our WordPress Azure Integrator. Here, we establish users in Azure with a random password and deliver that password to the corresponding users’ email addresses. Users will be compelled to change their passwords the first time they log into Azure using those random credentials. As a result, they can have their own Azure passwords.
Try Out OAuth WordPress SSO with Azure AD
The best way to see how OAuth WordPress SSO works with Azure AD is to try it out yourself.
miniOrange provides you with the OAuth Single Sign-On (SSO) plugin which would enable you to configure Single Sign-On (SSO) in WordPress using your Azure AD credentials.
You can simply download our plugin in WordPress, after activation of our plugin you can follow Our Step-By-Step Guide to Configure Single Sign-On (SSO) in WordPress using Azure AD as an OAuth Provider. Our plugin will enable you to add a Single Sign-On (SSO) Login Links/widgets / Button, which redirects you to the Azure AD login page, where you can simply sign in with your Azure AD login credentials.
Contact us at firstname.lastname@example.org and we’ll help you set up SSO with Azure AD in no time.