Readme and compliance updates. No manual migration steps required.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3518091,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3518091,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3518091,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3518091,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.3","1.0.4"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3518091,"resolution":"1","location":"assets","locale":"","width":1508,"height":725},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3518091,"resolution":"2","location":"assets","locale":"","width":1505,"height":1209},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3518091,"resolution":"3","location":"assets","locale":"","width":439,"height":636}},"screenshots":{"1":"SP Information tab with Entity ID, ACS URL, and metadata\/certificate data.","2":"Configuration tab for SAML or OIDC setup and connection tests.","3":"WordPress login page with Microsoft sign-in button."}},"plugin_section":[],"plugin_tags":[138854,3883,43290,9213,2469],"plugin_category":[],"plugin_contributors":[261371,261380],"plugin_business_model":[],"class_list":["post-297074","plugin","type-plugin","status-publish","hentry","plugin_tags-azure-ad","plugin_tags-microsoft","plugin_tags-openid-connect","plugin_tags-saml","plugin_tags-sso","plugin_contributors-karolismerit","plugin_contributors-meritstory","plugin_committers-karolismerit","plugin_committers-meritstory"],"banners":{"banner":"https:\/\/ps.w.org\/sso-saml-login-azure-ad-entra-id\/assets\/banner-772x250.png?rev=3518091","banner_2x":"https:\/\/ps.w.org\/sso-saml-login-azure-ad-entra-id\/assets\/banner-1544x500.png?rev=3518091","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/sso-saml-login-azure-ad-entra-id\/assets\/icon-128x128.png?rev=3518091","icon_2x":"https:\/\/ps.w.org\/sso-saml-login-azure-ad-entra-id\/assets\/icon-256x256.png?rev=3518091","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/sso-saml-login-azure-ad-entra-id\/assets\/screenshot-1.png?rev=3518091","caption":"SP Information tab with Entity ID, ACS URL, and metadata\/certificate data."},{"src":"https:\/\/ps.w.org\/sso-saml-login-azure-ad-entra-id\/assets\/screenshot-2.png?rev=3518091","caption":"Configuration tab for SAML or OIDC setup and connection tests."},{"src":"https:\/\/ps.w.org\/sso-saml-login-azure-ad-entra-id\/assets\/screenshot-3.png?rev=3518091","caption":"WordPress login page with Microsoft sign-in button."}],"raw_content":"\n
Microsoft Login for WordPress<\/strong> lets your users sign in to WordPress using their Microsoft Azure AD \/ Entra ID credentials - no separate password needed. Choose between SAML 2.0 and OpenID Connect (OIDC) to match your organization's configuration.<\/p>\n\n SAML:<\/strong><\/p>\n\n OIDC:<\/strong><\/p>\n\n This plugin does not send data to third parties except as described in the External services section below. SSO and audit data are stored in your own WordPress database.<\/p>\n\n This plugin connects to external services to provide authentication and optional paid features. No data is sent to any external service except as described below.<\/p>\n\n 1) Microsoft Azure AD \/ Entra ID (required for SSO login)<\/strong><\/p>\n\n Used for SAML 2.0 and OpenID Connect authentication.<\/p>\n\n Data sent and when:<\/p>\n\n Returned identity claims (email, name, subject\/object ID, roles\/groups) are used to authenticate\/provision users and stored in your WordPress database.<\/p>\n\n 2) Microsoft Graph API (Pro only; when configured by the site admin)<\/strong><\/p>\n\n Used to sync users and groups from Microsoft Entra ID into WordPress.<\/p>\n\n Data sent and when:<\/p>\n\n Returned directory fields (user principal name, email, display name, object IDs, group membership, account status) are used to create, update, or deprovision WordPress users per plugin settings.<\/p>\n\n 3) Freemius (optional; only when admin opts in or activates a paid license)<\/strong><\/p>\n\n Used for licensing, upgrade flow, and optional analytics.<\/p>\n\n Data sent and when:<\/p>\n\n If telemetry opt-in is accepted, usage and diagnostic events may be sent per Freemius configuration.<\/p><\/li>\n Service: https:\/\/freemius.com\/<\/p><\/li>\n Yes. Azure AD was renamed to Entra ID. This plugin supports both naming conventions.<\/p><\/dd>\n No. SAML parsing is handled by bundled For most teams, OIDC is simpler to configure. Choose SAML if your organization already standardizes on SAML or requires SAML-specific controls.<\/p><\/dd>\n Yes by default. If Pro SSO enforcement is enabled for selected roles, password login is blocked for those roles.<\/p><\/dd>\n If auto-create is enabled, a new WordPress account is created from IdP identity data and assigned your configured default role.<\/p><\/dd>\n Use the emergency bypass URL shown in Settings -> SSO & SAML Login -> Misc \/ Reset<\/strong>.<\/p><\/dd>\n Free<\/strong> includes core SAML\/OIDC login and provisioning for unlimited users.<\/p>\n\n Pro<\/strong> (a separate plugin) adds role mapping, SSO enforcement, attribute sync, audit log (with CSV export\/retention), and Microsoft Graph import\/sync\/deprovision features.<\/p><\/dd>\n Use the Upgrade to Pro<\/strong> links inside plugin settings or the account\/upgrade entry in the plugin UI.<\/p><\/dd>\n Available in all plans<\/strong><\/p>\n\n Fires after a successful SSO login.<\/p>\n\n Fires when an SSO login attempt fails.<\/p>\n\n Fires after JIT provisioning completes.<\/p>\n\n Pro-only hooks (active with valid Pro license)<\/strong><\/p>\n\n Filter normalized attributes before provisioning.<\/p>\n\n Filter resolved WordPress role before applying role mapping.<\/p>\n\n Fires after mapped role is applied.<\/p>\n\n Fires when password login is blocked due to SSO enforcement.<\/p>\n\n Filter whether an individual Graph user should be synced.<\/p><\/dd>\n\n<\/dl>\n\n\nWhy this plugin?<\/h4>\n\n
\n
onelogin\/php-saml<\/code>; OIDC validates RS256 tokens against JWKS.<\/li>\n<\/ul>\n\nFree Features<\/h4>\n\n
\n
wp saml status<\/code>, wp saml import-metadata<\/code>, wp saml regen-cert<\/code>, wp saml test<\/code>)<\/li>\n<\/ul>\n\nPro Features (separate plugin)<\/h4>\n\n
\n
Requirements<\/h4>\n\n
\n
openssl<\/code>, dom<\/code>, zlib<\/code><\/li>\nSetup Overview<\/h4>\n\n
\n
wp-login.php<\/code>.<\/li>\n<\/ol>\n\n\n
\/saml\/oidc-callback<\/code> as Redirect URI.<\/li>\nPrivacy<\/h4>\n\n
External services<\/h3>\n\n
\n
\n
\n
\n
\n
Automatic Installation<\/h4>\n\n
\n
Manual Installation<\/h4>\n\n
\n
\n
Does this work with Microsoft Entra ID (formerly Azure Active Directory)?<\/h3><\/dt>\n
Do I need external software?<\/h3><\/dt>\n
onelogin\/php-saml<\/code>. OIDC validation uses built-in PHP OpenSSL.<\/p><\/dd>\nSAML or OIDC - which should I choose?<\/h3><\/dt>\n
Can users still log in with WordPress passwords?<\/h3><\/dt>\n
What happens on first login?<\/h3><\/dt>\n
I am locked out. How do I recover?<\/h3><\/dt>\n
What is the difference between Free and Pro?<\/h3><\/dt>\n
How do I upgrade from Free to Pro?<\/h3><\/dt>\n
What developer hooks are available?<\/h3><\/dt>\n
ssosamlentra_login_success\n<\/code><\/pre>\n\nssosamlentra_login_failed\n<\/code><\/pre>\n\nssosamlentra_after_provision_user\n<\/code><\/pre>\n\nssosamlentra_user_attributes *(filter)*\n<\/code><\/pre>\n\nssosamlentra_pre_role_mapping *(filter)*\n<\/code><\/pre>\n\nssosamlentra_role_mapped\n<\/code><\/pre>\n\nssosamlentra_sso_enforced\n<\/code><\/pre>\n\nssosamlentra_graph_sync_user *(filter)*\n<\/code><\/pre>\n\n1.0.1<\/h4>\n\n
\n
1.0.0<\/h4>\n\n
\n
onelogin\/php-saml<\/code>.<\/li>\n