This comprehensive guide is designed to assist you in integrating ALMEFY as your Identity Provider (IdP) on WordPress, utilising OIDC, enabling Single Sign-On (SSO). We'll walk you through the necessary steps to ensure a seamless and secure setup. Please also refer to the Plugin documentation for further details.
Prerequisites
- Admin access to your ALMEFY Hub at
<subdomain>.hub.almefy.com
- A WordPress server
- OpenID Connect Generic Client plugin to enable OIDC support for WordPress
This is a 3rd party plugin which we have confirmed to work well. You may choose any other OIDC or OAuth2 compatible auth plugin.
Setup Overview
We try our best to keep these guides updated but can not anticipate when platforms might update interfaces, or change available options for configuring SSO.
Though setting up ALMEFY as your IdP generally follows the same steps for all platforms.
- Configure Endpoint – Set up the specific details of your endpoint in the ALMEFY Hub.
- Configure Platform – Adjust your platform’s settings for compatibility with the ALMEFY endpoint.
- Copy Metadata – Transfer the necessary metadata from your platform to the ALMEFY Hub for secure integration.
Each step corresponds to the options in the left column of the ALMEFY Hub interface.
If you find any inconsistencies in this guide, please let us know via our contact form.
Setup
Please note: the steps in the left column of the Endpoint Creation screen in the ALMEFY Hub correspond to the same as in this guide.
Step 1. ALMEFY SSO Endpoint Configuration
- Create a new Endpoint in the ALMEFY Hub by clicking the
Add Endpoint
button in the top right of theEndpoints
page. - Select the WordPress OIDC Preset
- (Optional) Rename the endpoint and the endpoint id if you do not want to use the default.
Endpoint URI
: Enter your WordPress site's login URL, e.g.https://<yourdomain>.com/wp-admin
. This is the URL where ALMEFY will send you when you log in athttps://<subdomain>.sso.almefy.com
.Secret
: Either enter a secret or let ALMEFY generate one for you by pressingGenerate Secret
. The secret is needed to encrypt the communication between ALMEFY and your WordPress site.- Keep the endpoint configuration options open and continue with Step 2.
Note that we offer both a WordPress SAML and a WordPress OIDC preset, so make sure to choose the correct one.
Step 2. WordPress Configuration
More details can be found in the Plugin documentation.
- Log into WordPress with an admin account and navigate to
https://<website>.com/wp-admin
. - Go to
Plugins > Add New Plugin
- Search for OpenID Connect Generic Client, install and activate.
- Navigate to
Settings > OpenID Connect Client
. - The settings page contains some configurations that depend on your preferences. Following settings are required to be set correctly for authentication to work properly. All Copy-Values are found in the
Step 2.
section of the left hand column in the ALMEFY Hub:
Only mentioning the settings you have to change.
WordPress field | ALMEFY Hub field |
---|---|
Client ID | Endpoint ID |
Client Secret Key | Secret |
OpenID Scope | Scope |
Login Endpoint URL | Auth URL |
Userinfo Endpoint URL | User Profile URL |
Token Validation Endpoint URL | Token URL |
End Session Endpoint URL | Logout URL |
Identity Key | Subject |
Nickname Key | Subject |
Link Existing Users
: Enabled (Recommended)Redirect Back to Origin Page
Enabled (Recommended)- Click
Save Changes
.
Step 3. Configure WordPress Metadata in ALMEFY
- At the very bottom of the WordPress settings page you will find the
Redirect URI
. It looks something likehttps://<yourdomain>.com/wp-admin/admin-ajax.php?action=openid-connect-authorize
. Copy it. - Navigate back to the ALMEFY Hub Endpoint creation page.
- In the
Step 3.
section, paste the copied URL into theRedirect URIs (one per line)
textbox. - Click "Add Endpoint".
- You are done!
Test & Troubleshoot
To ensure that ALMEFY has been correctly set up as your Identity Provider (IdP), you can test the login in two ways:
- Platform Login Page: Visit the WordPress login page and check if the ALMEFY Login option is visible and functional by clicking on it and scanning the ALMEFY QR Code with the ALMEFY App.
- ALMEFY SSO Page: Go to
<subdomain>.sso.almefy.com
, sign in with the ALMEFY App, and choose your newly enabled endpoint to test the authentication process.
If you encounter any issues:
- Review this guide to make sure all steps were followed correctly.
- Consult the Plugin documentation for specific setup and troubleshooting instructions.
- Try to contact the Plugin developers support and see if your issue can be resolved.
- Try another WordPress OIDC or OAuth2 Plugin.
- If you still need help, please fill out our contact form for support.
Conclusion
Congratulations on successfully setting up OIDC authentication with ALMEFY as your Identity Provider! You are now equipped to offer users a secure and convenient single sign-on experience.