Integrate WordPress with Conditional Access

In this topic, you will find general instructions on how to integrate WordPress with Portnox™ Conditional Access for Applications using the miniOrange SAML plugin.

Before configuring SSO in WordPress, you need to click on the Plugins menu option and install the miniOrange SAML Single Sign On plugin. Without this plugin, WordPress has no SAML capabilities.

Note: The free version of the miniOrange SAML plugin is sufficient for basic functionality but, for example, to enforce SAML logins, you need to purchase a paid version of this plugin.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with WordPress.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Applications option.

  3. On the Applications screen, click on the Add application button, and select the Add new SAML application option.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this application section.
  5. In the Application details section, enter an Application name and optionally a Description.

    In this example, we used the name WordPress for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your miniOrange SAML configuration page in WordPress

In this section, you will access your miniOrange SAML configuration page in WordPress and set up SAML single sign-on.

  1. In another tab of your browser, open your WordPress administrative interface.

    From now on, we will call this tab the WordPress tab.

  2. In the left-hand side menu, click on the miniOrange SAML 2.0 SSO option.

  3. In the Let’s get started! pane, click on the Configure Your IDP Now button.

Export metadata from the Portnox tab and upload it in the WordPress tab

In this section, you will export the metadata from Portnox Cloud into a file and upload that file in the miniOrange SAML configuration section in WordPress.

  1. In the Portnox tab, in the SAML metadata section, click on the Download metadata XML file link to download the XML file and save it to your local drive.

  2. In the WordPress tab, in the Service Provider Setup tab, in the Configure Service Provider section, click on the Upload IDP Metadata tab, and in the Identity Provider Name field, enter the name that you want your users to see on the login screen as Log in with name. Then, click on the Choose File button next to the Upload Metadata heading, and then upload the XML file downloaded from Portnox Cloud.

  3. Optional: You can check the imported metadata in the Enter IDP Metadata Manually tab.

Copy configuration values from the WordPress tab to the Portnox tab

In this section, you will copy the values displayed in the miniOrange SAML setup section in WordPress, and paste them in the relevant fields in Portnox Cloud.

  1. In the WordPress tab, click on the Service Provider Metadata tab and scroll down to the Note the following to configure the IDP section.

  2. In the WordPress tab, click on the  ⧉  icon next to the SP-EntityID / Issuer field to copy the value to the clipboard.

  3. In the Portnox tab, in the Application properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and paste the value copied from WordPress.

  4. In the WordPress tab, click on the  ⧉  icon next to the ACS (AssertionConsumerService) URL field to copy the value to the clipboard.

  5. In the Portnox tab, in the Application properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and paste the value copied from WordPress.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and WordPress.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: In the POLICY ASSIGNMENTS section, change the setting to Application-based and then select an access control policy and a risk assessment policy if you want to control access to this application without using groups.
    2. Scroll all the way down to the end of the page, and then click on the Save button.

  2. Finalize the configuration in the WordPress tab.
    1. Optional: In the Service Provider Setup tab, click on the Test Configuration button to test your configuration in a separate pop-up.

    2. Click on the Save button.

    3. Optional: In the Redirection & SSO Links tab, scroll down to Option 5: Auto-Redirection from WordPress Login and activate both switches.

      If both these options are turned on, your users will be automatically authenticated by Portnox Conditional Access for Applications, and they will not be able to use their login/password combination. You will also have a secret option to log in using your administrative credentials in case of any problems.

      Important: These options are only available in the paid version of the miniOrange SAML plugin.

Result: You have configured WordPress to be accessible using Portnox Conditional Access for Applications.