OneLogin's SAML plugin for WordPress allows you to easily and securely sign users into WordPress. By default users will be signed in using the email address registered in OneLogin, but you can override this by editing the logins on the app if they don't match the ones in WordPress.
If you want to prevent users from signing into WordPress directly using a password, we recommend simply obfuscating the passwords in WordPress so that users don't know them. Just make sure the admin can still sign in using password.
- Sign into your WordPress account as a user who has privileges to install plugins
- Click Plugin in the left sidebar
- Now you can either search for OneLogin or you can upload the plugin attached to this article.
- Once the plugin is installed, activate it
- The next step is to configure your OneLogin X.509 certificate so the plugin can validate SAML responses coming from your OneLogin account. In OneLogin, go to Security -> SAML and copy.
- Click Settings in the sidebar in WordPress and then click SSO/SAML Settings
- Paste the certificate into the text field and click Save Changes. This completes the setup of WordPress.
- Now add WordPress to your OneLogin account. The Site URL should be the root URL of your wordpress site. VERY IMPORTANT: The URL must end with a slash (/) or the plugin will not pick up SAML responses.