SSO for Microsoft Entra

Single Sign-On authentication for WordPress using Microsoft Entra ID (Azure AD) via OpenID Connect with PKCE.

Features

OpenID Connect (OIDC) with PKCE — the most secure OAuth 2.0 flow
Automatic user provisioning on first SSO login
Encrypted client-secret storage
Configurable rate limiting on login attempts
Contextual Help tabs built into the settings page
Vietnamese translation included, community translations via translate.wordpress.org

Quick Start

Install and activate the plugin.
In Azure Portal: App registrations > + New registration.
Set Redirect URI (Web) to https://yoursite.com/sso/callback.
Copy the Application (client) ID and Directory (tenant) ID.
Go to Certificates & secrets > + New client secret > copy the Value.
In WordPress: Settings > Entra SSO > enter Tenant ID, Client ID, Client Secret > Save Changes.
Add API permissions: Microsoft Graph > Delegated: openid, profile, email.
Test in an incognito window.

Requirements

PHP 8.1 or higher
WordPress 6.0 or higher
A Microsoft Entra ID (Azure AD) tenant

Installation

From WordPress Admin

Download the latest release zip from Releases.
Go to Plugins > Add New > Upload Plugin.
Upload the zip file and activate.

Manual

cd wp-content/plugins/
git clone https://github.com/codetot-web/sso-for-microsoft-entra.git

Activate the plugin from the WordPress admin.

Configuration

Click the Help button (top-right) on the settings page for step-by-step guides:

Quick Start — OIDC setup walkthrough
Azure Setup — Full app registration walkthrough
Troubleshooting — Common errors and fixes

Security

PKCE (Proof Key for Code Exchange) prevents authorization code interception
OAuth state parameter prevents CSRF attacks
ID token nonce prevents token replay
administrator role is blocked as the SSO default role
Default role for new SSO users is subscriber
Client secret encrypted at rest using libsodium or AES-256-GCM

Development

# Install dependencies (including dev)
composer install

# Run linter
vendor/bin/phpcs --standard=phpcs.xml.dist

# Run tests
vendor/bin/phpunit

Contributing

Contributions are welcome. Please open an issue first to discuss what you would like to change.

Support

Bug reports: GitHub Issues
Security vulnerabilities: Please report privately via GitHub Security Advisories

License

GPL-2.0-or-later

Name		Name	Last commit message	Last commit date
Latest commit History 50 Commits
.github/workflows		.github/workflows
assets		assets
docs		docs
includes		includes
languages		languages
templates		templates
tests		tests
vendor		vendor
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
README.md		README.md
composer.json		composer.json
composer.lock		composer.lock
phpcs.xml.dist		phpcs.xml.dist
phpunit.xml.dist		phpunit.xml.dist
readme.txt		readme.txt
sso-for-microsoft-entra.php		sso-for-microsoft-entra.php
uninstall.php		uninstall.php

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SSO for Microsoft Entra

Features

Quick Start

Requirements

Installation

From WordPress Admin

Manual

Configuration

Security

Development

Contributing

Support

License

About

Uh oh!

Releases 13

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

SSO for Microsoft Entra

Features

Quick Start

Requirements

Installation

From WordPress Admin

Manual

Configuration

Security

Development

Contributing

Support

License

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 13

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages