If your organization uses Google's G Suite, WP SAML Auth lets your users sign into WordPress using their Google Account. This makes it much easier to manage user accounts; rather than recreate WordPress accounts for every user, you can treat Google Apps as your Identity Provider for Single Sign-On (SSO) and have WordPress defer to Google when determining who should have access and who shouldn’t.
This guide will help you install the WP SAML Auth plugin, create a SAML App within the Google Admin dashboard, and map the attributes required for successful login.
Setting up is a matter of applying the correct configuration. It should take an hour or less. If you get stuck on a configuration error along the way, please reach out by creating an issue on this doc or the plugin project on GitHub.
Creating a custom Google Apps SAML application requires a G Suite administrator account. If you don’t have appropriate permissions, you’ll need to pair up with someone that does.
As you work through this process, there are two key SAML authentication terms to keep in mind:
- Identity Provider
- Where user information is housed (e.g. Google Apps).
- Service Provider
- Application depending on user information provided by the Identity Provider (e.g. WordPress).
You’ll see these in reference documentation, so it’s important to keep them straight so you know what configuration goes where.
This guide provides instructions using both the WordPress admin dashboard and Terminus. In order to make the Terminus instructions easier to use, you can set local environment variables to match those used in our code snippets.
To begin, let's set the
$site variable to match your Pantheon Site name: