WordPress Admin SSO Login w/ Google Workspace
Managing multiple WordPress installations all with different username and passwords and session timeouts can become cumbersome so I decided to find a solution that allows me to Single Sign On using my Google Workspace account. That would be a more user friendly and more secure solution. After my research I landed on SAML Single Sign On — SSO Login by miniOrange. I’m not associated with them in any way.
miniORange is a tech company out of India focused on Identity and Access Management (IAM) and Customer Identity and Access Management (CIAM) solutions. They provide a range of products and services related to authentication, single sign-on (SSO), multi-factor authentication (MFA), and other identity management capabilities. They are a decent size company which makes me feel comfortable that the plugin will be kept up to date.
The plugin’s free version fulfills my needs. In this tutorial, I’ll explain how I managed to activate Google SSO on my WordPress websites. It seems that the 2FA functionality is only available in the paid version of the miniOrange plugin. I’ve enabled 2FA enforcement in Google Workspace, so I’m covered there.
miniOrange SSO Login WordPress Plugin
Install the free version of the “SAML Single Sign On — SSO Login” WordPress plugin.
- Click on the Install Now button
- Click on the Activate button
- Click on Configure Your IDP Now button
Add Google App
You need a Google Workspace account for this to work.
- Go to your Google Admin Console
- Go to Web and Mobile apps
- Clicks on Add Custom SAML app
- Add your app name and click Continue
- Click on “Download Metadata” and save the downloaded file
- Click Continue
- Go back to the WordPress Plugin
Configure SSO Plugin on WordPress
Go back to WordPress plugin configuration process. On the “Configure Service Provider” block
- Click on the Upload IDP Metadata tab
- Select the IDP Metadata file that you downloaded from Google
- Enter a name for the Identify Provider you are adding (ex. Google)
- Click on the Upload button
Finish Configuring Google App
Next let’s complete the Google app configuration
- In the WordPress plugin configuration page, click on “Service Provider Meta Data”
- Copy “ACS (AssertionConsumerService) URL” from the WordPress plugin configuration page and paste it back in the “ACS URL” field in the Google App that you were creating
- Copy “SP-EntityID / Issuer” from the WordPress plugin configuration page and paste it back in the “Entity ID” field in the Google App that you were creating
- Check the “Signed Responses” box
- Click Continue
- Mapping is not required. Click Finish
- Go to the App main page, find the text that reads “OFF For Everyone” and click on it
- Click on “ON for Everyone” and click Save
Verify Admin Email Address
Verify that admin email address is part of the Google Workspace where you just added the SSO app.
Test the Configuration
Lets test everything and make sure the login functionality works.
- Go back to the WordPress plugin configuration page.
- At the bottom of the page click on the“Test Configuration” button.
- Select your Google account
- Verify successful login test
