{"id":108118,"date":"2020-07-22T12:16:12","date_gmt":"2020-07-22T18:16:12","guid":{"rendered":"https:\/\/wpengine.com\/?post_type=support&#038;p=108118"},"modified":"2026-04-08T04:54:11","modified_gmt":"2026-04-08T10:54:11","slug":"sso-user-portal","status":"publish","type":"support","link":"https:\/\/wpengine.com\/support\/sso-user-portal\/","title":{"rendered":"Single Sign-On (SSO) for WP Engine User Portal"},"content":{"rendered":"<p>The Single Sign-On (SSO) feature will allow customers to use their own identity provider (like Active Directory, Google, Okta, etc.) to authenticate and log in to WP Engine\u2019s User Portal (my.wpengine.com). SSO will give you the ability to set up custom security rules for the User Portal based on your own internal processes and security practices.<\/p>\n\n\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">About WP Engine SSO<\/h2>\n\n\n\n<p>WP Engine uses <a rel=\"noreferrer noopener\" href=\"http:\/\/docs.oasis-open.org\/security\/saml\/Post2.0\/sstc-saml-tech-overview-2.0.html\" target=\"_blank\">SAML 2.0<\/a> to provide SSO to corporate identity systems. When you log in to the WP Engine User Portal, you are first prompted for your email. Our systems then use this email to route authentication to your business\u2019s identity system.<\/p>\n\n\n\n<p>When you integrate through SAML, you can use the SAML app from your identity UI to push authentication from your company to WP Engine, so you are automatically logged in to WP Engine\u2019s User Portal. Often this means you click a tile in your identity application to launch the WP Engine User Portal.<\/p>\n\n\n\n<p>Once logged in to the User Portal, your users can additionally utilize WP Engine\u2019s <a href=\"https:\/\/wpengine.com\/support\/seamless-login\/\">Seamless Login<\/a> feature to access any WordPress\u00ae admin dashboards on your account that they have access to.<sup><a href=\"#legal-disclaimer\">1<\/a><\/sup><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Add a New User with SSO<\/h3>\n\n\n\n<p>To add a new user using SSO for WP Engine, ensure you\u2019ve <a href=\"https:\/\/wpengine.com\/support\/users\/#Add_a_user\">added the user<\/a> to the WP Engine User Portal as well as to your SAML application.<\/p>\n\n\n\n<p>The email address on WP Engine must match the email in your identity system, and should use the domain for which SSO was enabled.<\/p>\n\n\n\n<p>As long as these two requirements are met, the user will automatically be prompted to log in with SSO at my.wpengine.com and can log in remotely from your identity app.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Limitations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSO for WP Engine only supports the login process for accessing the WP Engine User Portal. This feature does not support SFTP, SSH, or API credentials.<\/li>\n\n\n\n<li>At this time, we do not support SCIM, Just in Time (JIT) user provisioning, or group integrations.<\/li>\n\n\n\n<li>Only one identity provider may be configured per account. Multiple domain configurations may be tied to a single account, only in the case where there is one identity provider.<\/li>\n\n\n\n<li>We require email, first name, and last name attributes, and can optionally configure a mobile phone attribute to map through SAML. We do not map group attributes.<\/li>\n\n\n\n<li>If you have configured <a href=\"https:\/\/wpengine.com\/support\/multi-factor-authentication\/\">multi-factor authentication<\/a> (MFA) for your WP Engine account you will no longer see that verification requested after SSO is enabled. If your identity provider requires MFA users will see verification prompts as dictated by your corporate identity provider when logging in.<\/li>\n\n\n\n<li>Only one email domain per account can have SSO configured. Multi-domain configurations are not supported. If you require this configuration, please <a href=\"https:\/\/wpengine.com\/support\/sso-user-portal\/#SSO_Enablement_Request\">reach out to Support.<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">Before Starting<\/h2>\n\n\n\n<p>SSO for the User Portal can only be configured by&nbsp;<strong>the owner&nbsp;<\/strong>of the account. To see if you have the self-serve option available:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <strong><a href=\"https:\/\/my.wpengine.com\/sites\">User Portal<\/a><\/strong><\/li>\n\n\n\n<li>Expand <strong>Users<\/strong> in the lefthand menu<\/li>\n\n\n\n<li>Click <strong>Single Sign-On<\/strong><\/li>\n<\/ol>\n\n\n\n<p>If the <em>Single Sign-On<\/em> page is available, <a href=\"https:\/\/wpengine.com\/support\/sso-user-portal\/#Configure_SSO\">please skip to the SSO configuration steps<\/a>.<\/p>\n\n\n\n<p><meta charset=\"utf-8\">If you do&nbsp;<strong>not<\/strong>&nbsp;see the&nbsp;<em>Single Sign-on<\/em>&nbsp;option, please <a href=\"#SSO_Enablement_Request\">contact Support<\/a> to have this feature enabled or reach out to an Owner on the account.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"780\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/sso-1024x780.png\" alt=\"Screenshot of the Single Sign-on page in the WP Engine User Portal\" class=\"wp-image-125255\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/sso-1024x780.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/sso-300x228.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/sso-768x585.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/sso-1536x1169.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/sso-1500x1142.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/sso.png 1642w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<a name=\"Enable_SSO\"><\/a>\n\n\n\n<h3 class=\"wp-block-heading\">SSO Enablement Request<\/h3>\n\n\n\n<p>If you do not have the SSO Page enabled in your User Portal, or if you need to configure SSO for multiple email domains on a single account, please reach out to the <a href=\"https:\/\/my.wpengine.com\/support\/\">WP Engine Support team<\/a> to have this feature enabled. Support will get your request to the appropriate team internally to have SSO enabled for your domain. Please provide the following information with your request:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Domain name(s) attached to your email addresses.\n<ul class=\"wp-block-list\">\n<li><strong>EX<\/strong>: If your email is <code>yourname@somedomain.com<\/code> we would need to know <code>somedomain.com<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The name and email of an initial test user.\n<ul class=\"wp-block-list\">\n<li>We will use this address to allow you to test logging in prior to enabling SSO for the entire domain.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Contact emails of the people doing the SSO setup for your domain.\n<ul class=\"wp-block-list\">\n<li>At least one of these should have admin access to your identity management system.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><a href=\"https:\/\/wpengine.com\/support\/verifying-your-user-portal-account-when-contacting-support\/\">Support PIN<\/a> for an Owner of the WP Engine plan.\n<ul class=\"wp-block-list\">\n<li>The Owner user\u2019s email must use the same domain for which we\u2019re enabling SSO.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">Configure SSO<\/h2>\n\n\n\n<p>Setting up single sign-on for a domain is restricted to <a href=\"https:\/\/wpengine.com\/support\/users\/#Owners_and_Full_Users\">Owner<\/a> level users. If you have multiple WP Engine accounts for your business then we suggest configuring SSO on the <em>primary<\/em> account.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Before You Begin<\/h3>\n\n\n\n<p>You will need access to the DNS records for the domain that SSO will be configured for.<\/p>\n\n\n\n<p>Additionally, this automated process will walk you through connecting the WP Engine SSO feature to your identity app. Below are the configuration guides for the most common identity providers:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AD FS \u2013 <a href=\"https:\/\/docs.microsoft.com\/en-us\/powerapps\/maker\/portals\/configure\/configure-saml2-settings?ranMID=46131&amp;ranEAID=a1LgFw09t88&amp;ranSiteID=a1LgFw09t88-AVyQSj91z83cyvA_LoLsgg&amp;epi=a1LgFw09t88-AVyQSj91z83cyvA_LoLsgg&amp;irgwc=1&amp;OCID=AID2200057_aff_7806_1243925&amp;tduid=%28ir__cdsu0hn01gkfqjfmkk0sohzgkm2xrh1pu1xm1t0r00%29%287806%29%281243925%29%28a1LgFw09t88-AVyQSj91z83cyvA_LoLsgg%29%28%29&amp;irclickid=_cdsu0hn01gkfqjfmkk0sohzgkm2xrh1pu1xm1t0r00\" target=\"_blank\" rel=\"noreferrer noopener\">Configure a SAML 2.0 provider with Active Directory Federation Services<\/a><\/li>\n\n\n\n<li>Azure \u2013 <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/enterprise\/azure-integration?view=o365-worldwide\">Set up your Azure AD subscription, which is included with Microsoft 365<\/a><\/li>\n\n\n\n<li>OneLogin \u2013 <a href=\"https:\/\/onelogin.service-now.com\/support?id=kb_article&amp;sys_id=b2c91143db109700d5505eea4b9619d5\" target=\"_blank\" rel=\"noreferrer noopener\">Learn how to add a custom SAML app to OneLogin<\/a><\/li>\n\n\n\n<li>Okta \u2013 <a href=\"https:\/\/developer.okta.com\/docs\/guides\/build-sso-integration\/saml2\/main\/#create-your-integration\" target=\"_blank\" rel=\"noreferrer noopener\">Configure an SSO integration with Okta<\/a><\/li>\n\n\n\n<li>Google SSO \u2013 <a href=\"https:\/\/support.google.com\/a\/answer\/6349809\" target=\"_blank\" rel=\"noreferrer noopener\">Set up SSO via a third party SSO provider<\/a><\/li>\n<\/ul>\n\n\n\n<p>If you do not see your identity provider here, <a href=\"https:\/\/my.wpengine.com\/support\/\">please reach out to WP Engine Support<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Configuration Steps<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <strong><a href=\"https:\/\/my.wpengine.com\/sites\">User Portal<\/a><\/strong><\/li>\n\n\n\n<li>Expand <strong>Users<\/strong> in the lefthand menu<\/li>\n\n\n\n<li>Select <strong>Single Sign-On<\/strong><\/li>\n\n\n\n<li>Click <strong>Setup SSO for a new domain<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"780\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/setup-sso-1024x780.png\" alt=\"Screenshot of the Single Sign-on page in the WP Engine User Portal showing where to set up SSO for a new domain\" class=\"wp-image-125256\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/setup-sso-1024x780.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/setup-sso-300x228.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/setup-sso-768x585.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/setup-sso-1536x1169.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/setup-sso-1500x1142.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2024\/07\/setup-sso.png 1642w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>Enter <strong>email domain name<\/strong>\n<ul class=\"wp-block-list\">\n<li><span style=\"color: initial;\">This is not necessarily the domain of the website, it\u2019s the domain of the email addresses.<\/span><\/li>\n\n\n\n<li><span style=\"color: initial;\">For example, if your business email addresses look like <code>youremail@somedomain.com<\/code><\/span> we would need <code>somedomain.com<\/code> entered here.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Select a <strong>WP Engine account<\/strong>\n<ul class=\"wp-block-list\">\n<li>This ties the SSO configuration to a given account. Any <a href=\"https:\/\/wpengine.com\/support\/users\/#Owners_and_Full_Users\">Owner<\/a> on this account can view and edit these settings.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Next<\/strong><\/li>\n\n\n\n<li>The TXT and Value for a DNS record are provided on this page. Log in to your DNS host for the domain and add the TXT record for validation.<\/li>\n<\/ol>\n\n\n\n<p>Your TXT verification record should look similar to the following:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"318\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/txt-record-sso-1024x318.png\" alt=\"\" class=\"wp-image-122871\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/txt-record-sso-1024x318.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/txt-record-sso-300x93.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/txt-record-sso-768x238.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/txt-record-sso-1536x476.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/txt-record-sso-1500x465.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/txt-record-sso.png 2044w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<ol start=\"10\" class=\"wp-block-list\">\n<li>Click <strong>Next<\/strong>\n<ul class=\"wp-block-list\">\n<li>There will be an error message at the top of this page until the DNS record has been validated. Record propagation may take some time, depending on your DNS host.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>When the DNS record has been validated, the SAML app details will appear. Enter these into your SAML app where requested.\n<ul class=\"wp-block-list\">\n<li>App name<\/li>\n\n\n\n<li>Description<\/li>\n\n\n\n<li>WP Engine app logo downloads<\/li>\n\n\n\n<li>WP Engine metadata<\/li>\n\n\n\n<li>ACS URL and recipient<\/li>\n\n\n\n<li>Audience URL<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Next<\/strong><\/li>\n\n\n\n<li>Integrate SAML:\n<ul class=\"wp-block-list\">\n<li>Upload the XML metadata file supplied by your identity provider, or input the metadata manually using copy and paste<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Next<\/strong><\/li>\n\n\n\n<li>Test SSO:\n<ul class=\"wp-block-list\">\n<li>Enter an email address to test with<\/li>\n\n\n\n<li>We suggest using a user account <em>other<\/em> than the one you are logged in with while configuring SSO, and that uses the same domain as the email addresses you wish to enable. This is to prevent the possibility of being locked out if there\u2019s an issue with the configuration. <a href=\"https:\/\/wpengine.com\/support\/users\/#Add_User\">You can use this guide to add a new user to WP Engine<\/a>. For example, I\u2019m logged into the User Portal configuring SSO with <code>admin@mycoolsite.com<\/code>, but I will test with <code>it@mycoolsite.com<\/code>. <\/li>\n\n\n\n<li>Additionally, take note of your <a href=\"https:\/\/wpengine.com\/support\/verifying-your-user-portal-account-when-contacting-support\/\">support PIN<\/a>, located in the lower left-hand side of the screen, next to the key icon. This will be required if you need to <a href=\"https:\/\/my.wpengine.com\/support\">contact Support<\/a> with any issues.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Test signing in to the <a href=\"https:\/\/my.wpengine.com\/sites\">WP Engine User Portal<\/a> using the designated test email\n<ul class=\"wp-block-list\">\n<li>We suggest trying to log in with the test user through a separate incognito browser window. That way you can stay logged in with your normal user account in the original session in case there\u2019s an issue.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Test launching the WP Engine User Portal from your identity system<\/li>\n\n\n\n<li>Once satisfied, return to the SSO Configuration page of the User Portal and click <strong>Next<\/strong><\/li>\n\n\n\n<li>Go live:\n<ul class=\"wp-block-list\">\n<li>Be sure to notify your users about the new authentication flow and assign the application to required users in your identity system before going live.<\/li>\n\n\n\n<li>After going live with SSO, MFA for SSO users will be handled by your Identity Provider (IdP). WP Engine will not prompt SSO users for MFA.<\/li>\n\n\n\n<li>This will impact all users who have an email at this domain and force them through your corporate identity provider for authentication.<\/li>\n\n\n\n<li>Finally, as a contingency for any unforeseen SSO issues or IdP outages, we recommend adding a user to the account as an <a href=\"https:\/\/wpengine.com\/support\/users\/#Owners_and_Full_Users\">Owner<\/a> that doesn\u2019t use the SSO email domain.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Go live<\/strong><\/li>\n\n\n\n<li>(Optional) Add SSO Exceptions: <a href=\"https:\/\/wpengine.com\/support\/sso-user-portal\/#SSO_Exceptions\">Learn more here<\/a><\/li>\n<\/ol>\n\n\n\n<p>Now, any user that attempts to log in to the WP Engine User Portal with an email address belonging to the SSO-configured domain will be redirected to your identity provider, then redirected back to the User Portal once authenticated.<\/p>\n\n\n\n<div style=\"color:#32373c;background-color:#00d1b2\" class=\"wp-block-genesis-blocks-gb-notice gb-font-size-18 gb-block-notice\" data-id=\"10de4b\"><div class=\"gb-notice-title\" style=\"color:#fff\"><p>NOTE<\/p><\/div><div class=\"gb-notice-text\" style=\"border-color:#00d1b2\">\n<p>Make it even easier for your users to log in to your WordPress sites by also enabling <a href=\"https:\/\/wpengine.com\/support\/seamless-login\/\">Seamless login<\/a>.<\/p>\n<\/div><\/div>\n\n\n\n<a name=\"Disable\"><\/a>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">Delete SSO Configuration<\/h2>\n\n\n\n<p>SSO can be disabled either by <a href=\"#Deactivate_SSO\">deactivation<\/a> (temporary) or <a href=\"#Delete_SSO\">deletion<\/a> (permanent). To delete your SSO configuration, it must first be deactivated. Only account <a href=\"https:\/\/wpengine.com\/support\/users\/\">owners<\/a> where the configuration was created can deactivate and delete SSO.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Deactivate SSO<\/h3>\n\n\n\n<p>Deactivating SSO will temporarily stop redirecting all email domain users to your identity provider\u2019s log in. The SSO configuration must be reactivated to begin functioning again. To delete your SSO configuration, you must first deactivate the configuration.<\/p>\n\n\n\n<p>To deactivate SSO:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <a href=\"https:\/\/my.wpengine.com\/sites\/\" target=\"_blank\" rel=\"noreferrer noopener\">User Portal<\/a><\/li>\n\n\n\n<li>Expand <strong>Users<\/strong> in the lefthand menu<\/li>\n\n\n\n<li>Select <strong>Single Sign-On<\/strong><\/li>\n\n\n\n<li>Locate the SSO email domain and click the 3 dot menu icon to the right<\/li>\n\n\n\n<li>Click <strong>Deactivate<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Follow the prompts to complete SSO deactivation.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"352\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-deactivate-1-1024x352.png\" alt=\"\" class=\"wp-image-123173\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-deactivate-1-1024x352.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-deactivate-1-300x103.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-deactivate-1-768x264.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-deactivate-1-1536x528.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-deactivate-1-1500x516.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-deactivate-1.png 1818w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Reactivate SSO<\/h4>\n\n\n\n<p>Reactivating the SSO configuration will begin forwarding email domain users to your identity provider for login to access the WP Engine User Portal.<\/p>\n\n\n\n<p>To enable SSO again after <a href=\"#Deactivate_SSO\">deactivating<\/a> the configuration:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <a href=\"https:\/\/my.wpengine.com\/sites\/\">User Portal<\/a><\/li>\n\n\n\n<li>Expand <strong>Users<\/strong> in the lefthand menu<\/li>\n\n\n\n<li>Select <strong>Single Sign-On<\/strong><\/li>\n\n\n\n<li>Locate the SSO email domain and click the 3 dot menu icon to the right<\/li>\n\n\n\n<li>Click <strong>Go Live<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"352\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-redeactivate-1024x352.png\" alt=\"\" class=\"wp-image-123182\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-redeactivate-1024x352.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-redeactivate-300x103.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-redeactivate-768x264.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-redeactivate-1536x528.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-redeactivate-1500x516.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-redeactivate.png 1818w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Delete SSO<\/h3>\n\n\n\n<p>Deleting the SSO configuration can only be done <em>after<\/em> <a href=\"#Deactivate_SSO\">deactivation<\/a>, and will delete your SSO configuration from WP Engine. Email domain users will no longer log in to the WP Engine User Portal with your identity provider. Once a configuration is deleted, it cannot be restored. If necessary, it should be created again as a new configuration.<\/p>\n\n\n\n<p>To delete an SSO configuration:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <a href=\"https:\/\/my.wpengine.com\/sites\/\">User Portal<\/a><\/li>\n\n\n\n<li>Expand <strong>Users<\/strong> in the lefthand menu<\/li>\n\n\n\n<li>Select <strong>Single Sign-On<\/strong><\/li>\n\n\n\n<li>Locate the SSO email domain and click the 3 dot menu icon to the right<\/li>\n\n\n\n<li>Click <strong>Delete<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Follow the prompts to complete SSO configuration deletion.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"338\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-delete-1024x338.png\" alt=\"\" class=\"wp-image-123175\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-delete-1024x338.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-delete-300x99.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-delete-768x254.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-delete-1536x507.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-delete-1500x496.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-delete.png 1810w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">Manage Metadata<\/h2>\n\n\n\n<p>Once saved to the WP Engine User Portal, SSO configuration metadata can be downloaded at any time. Only account <a href=\"https:\/\/wpengine.com\/support\/users\/\">owners<\/a> where the configuration was created can access SSO metadata.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Download Metadata<\/h3>\n\n\n\n<p>Downloading metadata will allow you to export the current SSO configuration as an XML file. Only the current metadata can be downloaded, previous settings are not available for download.<\/p>\n\n\n\n<p>To download SSO metadata:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <a href=\"https:\/\/my.wpengine.com\/sites\/\" target=\"_blank\" rel=\"noreferrer noopener\">User Portal<\/a><\/li>\n\n\n\n<li>Expand <strong>Users<\/strong> in the lefthand menu<\/li>\n\n\n\n<li>Select <strong>Single Sign-On<\/strong><\/li>\n\n\n\n<li>Locate the SSO email domain and click the 3 dot menu icon to the right<\/li>\n\n\n\n<li>Click <strong>Download metadata<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"331\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-metadata-download-1-1024x331.png\" alt=\"\" class=\"wp-image-123180\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-metadata-download-1-1024x331.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-metadata-download-1-300x97.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-metadata-download-1-768x249.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-metadata-download-1-1536x497.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-metadata-download-1-1500x485.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-metadata-download-1.png 1860w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">SSO Exceptions<\/h2>\n\n\n\n<p>Exceptions allow you to have an email address within the SSO-configured domain that does not have the SSO configuration applied. SSO exceptions will not redirect to your identity provider for login, and can be used as a backup should an SSO issue arise preventing access. Exception emails must share the email domain that you have configured SSO for and must exist as a user on the account. Multiple exceptions can be added. Exceptions can only be added to SSO configurations that are currently live.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Add Exception<\/h3>\n\n\n\n<p>To add an email exception to an SSO configuration:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <a href=\"https:\/\/my.wpengine.com\/sites\/\">User Portal<\/a><\/li>\n\n\n\n<li>Expand <strong>Users<\/strong> in the lefthand menu<\/li>\n\n\n\n<li>Select <strong>Single Sign-On<\/strong><\/li>\n\n\n\n<li>Locate the live SSO email domain and click the 3 dot menu icon to the right<\/li>\n\n\n\n<li>Click <strong>Manage exceptions<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"339\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-1024x339.png\" alt=\"\" class=\"wp-image-123176\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-1024x339.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-300x99.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-768x254.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-1536x509.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-1500x497.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions.png 1818w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li>Add the exception email(s) to the exception field<\/li>\n\n\n\n<li>Click <strong>Save<\/strong> to activate the exception(s)<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"727\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-add-1024x727.png\" alt=\"\" class=\"wp-image-123178\" style=\"width:512px;height:364px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-add-1024x727.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-add-300x213.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-add-768x545.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-add.png 1227w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Remove Exception<\/h3>\n\n\n\n<p>To delete an exception from an SSO configuration:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the <a href=\"https:\/\/my.wpengine.com\/sites\/\" target=\"_blank\" rel=\"noreferrer noopener\">User Portal<\/a><\/li>\n\n\n\n<li>Expand <strong>Users<\/strong> in the lefthand menu<\/li>\n\n\n\n<li>Select <strong>Single Sign-On<\/strong><\/li>\n\n\n\n<li>Locate the SSO email domain and click the 3 dot menu icon to the right<\/li>\n\n\n\n<li>Click <strong>Manage exceptions<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"339\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-1024x339.png\" alt=\"\" class=\"wp-image-123176\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-1024x339.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-300x99.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-768x254.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-1536x509.png 1536w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions-1500x497.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-manage-exceptions.png 1818w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li>Locate the email address under <em>Exception email addresses<\/em><\/li>\n\n\n\n<li>Delete it from the exceptions list by clicking <strong>x<\/strong><\/li>\n\n\n\n<li>Click <strong>Save<\/strong> to apply any changes<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"727\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-delete-1024x727.png\" alt=\"\" class=\"wp-image-123179\" style=\"width:512px;height:364px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-delete-1024x727.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-delete-300x213.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-delete-768x545.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/07\/sso-exception-delete.png 1227w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">Troubleshooting SSO<\/h2>\n\n\n\n<p>Once SSO is enabled for a domain, WP Engine no longer owns any User Portal credentials for the attached email addresses. For this reason, what we\u2019re able to assist with is limited, and any issues may need to be taken to the identity provider directly.<\/p>\n\n\n\n<p>Some important points to note:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Users must be added to the WP Engine User Portal. <a href=\"https:\/\/wpengine.com\/support\/users\/#Access_Account_Users\">Learn about managing WP Engine users here<\/a>.<\/li>\n\n\n\n<li>Users must be added to the corporate identity system.<\/li>\n\n\n\n<li>Users must be assigned to the SAML application in your identity system.<\/li>\n<\/ul>\n\n\n\n<p>WP Engine WP Engine Support can confirm if an email address has been added to the User Portal. For security reasons, our team cannot add any user on your behalf.<\/p>\n\n\n\n<p>Refer to <em><a href=\"#Limitations\">SSO Limitations<\/a><\/em> above for additional information.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Okta Lock Out<\/h3>\n\n\n\n<p>Users may get locked out from Okta if the incorrect credentials are entered too many times. If this occurs you must wait 24 hours before trying again.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">Updating your SSO certificate<\/h2>\n\n\n\n<p>To update your SSO certificate you simply have to deactivate SSO for the email domain and then go through the configuration stepper again to add the new cert. Deactivating won\u2019t remove your configuration details, so you won\u2019t have to fully reconfigure your SSO.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to the&nbsp;<strong><a href=\"https:\/\/my.wpengine.com\/sites\/\" target=\"_blank\" rel=\"noreferrer noopener\">User Portal<\/a><\/strong><\/li>\n\n\n\n<li>Expand&nbsp;<strong>Users<\/strong>&nbsp;in the lefthand menu<\/li>\n\n\n\n<li>Select&nbsp;<strong>Single Sign-On<\/strong><\/li>\n\n\n\n<li>Locate the SSO email domain and click the 3 dot menu icon to the right<\/li>\n\n\n\n<li>Click&nbsp;<strong>Deactivate<\/strong><\/li>\n\n\n\n<li>Once the configuration is deactivated, click&nbsp;<strong>Continue&nbsp;<\/strong>to step through the SSO configuration<\/li>\n\n\n\n<li>When you reach the certificate configuration step, upload your new certificate<\/li>\n\n\n\n<li>Proceed to the end of the SSO configuration stepper and go live<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">Setup Instructions by Provider<\/h2>\n\n\n\n<p>Below are setup instructions for the top identity providers we see used. Be aware that because these identity providers are third party, the interface may be different than the one shown below, but the settings should remain the same.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/wpengine.com\/support\/sso-user-portal\/#Active_Directory_Federation_Services\">Active Directory Federation Services<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wpengine.com\/support\/sso-user-portal\/#Azure_Active_Directory\">Azure Active Directory<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wpengine.com\/support\/sso-user-portal\/#Google_Single_Sign-on\">Google Single Sign-on<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wpengine.com\/support\/sso-user-portal\/#Okta_SSO\">Okta SSO<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wpengine.com\/support\/sso-user-portal\/#OneLogin_SSO\">OneLogin SSO<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-genesis-blocks-gb-accordion gb-block-accordion gb-font-size-22\"><details><summary class=\"gb-accordion-title\"><meta charset=\"utf-8\"><h3>Active Directory Federation Services<\/h3><\/summary><div class=\"gb-accordion-text\">\n<p>For Microsoft\u2019s official setup guide, see their article <a href=\"https:\/\/docs.microsoft.com\/en-us\/powerapps\/maker\/portals\/configure\/configure-saml2-settings?ranMID=46131&amp;ranEAID=a1LgFw09t88&amp;ranSiteID=a1LgFw09t88-AVyQSj91z83cyvA_LoLsgg&amp;epi=a1LgFw09t88-AVyQSj91z83cyvA_LoLsgg&amp;irgwc=1&amp;OCID=AID2200057_aff_7806_1243925&amp;tduid=%28ir__cdsu0hn01gkfqjfmkk0sohzgkm2xrh1pu1xm1t0r00%29%287806%29%281243925%29%28a1LgFw09t88-AVyQSj91z83cyvA_LoLsgg%29%28%29&amp;irclickid=_cdsu0hn01gkfqjfmkk0sohzgkm2xrh1pu1xm1t0r00\" target=\"_blank\" rel=\"noreferrer noopener\">Configure a SAML 2.0 provider for portals with AD FS<\/a>.<\/p>\n\n\n\n<ol style=\"list-style-type:1\" class=\"wp-block-list\">\n<li><span style=\", sans-serif\">In the AD FS console, under Trust Relationships, select <strong>Relying Party Trusts<\/strong>. Then click <\/span><strong style=\", sans-serif\">Add Relying Party Trust<\/strong><span style=\", sans-serif\">.<\/span><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"568\" height=\"306\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-1.png\" alt=\"\" class=\"wp-image-120572\" style=\"width:284px;height:153px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-1.png 568w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-1-300x162.png 300w\" sizes=\"auto, (max-width: 568px) 100vw, 568px\"><\/figure>\n\n\n\n<ol start=\"2\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>In the Welcome step, select <strong>Claims aware<\/strong>, then <strong>Start<\/strong>.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"788\" height=\"640\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-2.png\" alt=\"\" class=\"wp-image-120573\" style=\"width:591px;height:480px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-2.png 788w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-2-300x244.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-2-768x624.png 768w\" sizes=\"auto, (max-width: 788px) 100vw, 788px\"><\/figure>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>In the Select Data Source step, select <strong>Import data about the relying party from a file<\/strong> and import the XML metadata you downloaded from the WP Engine User Portal during the Create SAML app step.<\/li>\n\n\n\n<li>Browse to the <strong>WP Engine metadata file<\/strong> and select it, then click <strong>Next<\/strong>.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"786\" height=\"638\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-3.png\" alt=\"\" class=\"wp-image-120574\" style=\"width:590px;height:479px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-3.png 786w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-3-300x244.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-3-768x623.png 768w\" sizes=\"auto, (max-width: 786px) 100vw, 786px\"><\/figure>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>In the Specify Display Name step, set the following, then click Next:\n<ul class=\"wp-block-list\">\n<li><strong>Display Name<\/strong>: <em>WP Engine User Portal<\/em><\/li>\n\n\n\n<li><strong>Notes<\/strong>: <em>The WordPress Digital Experience Platform. Bring your vision to life in breakthrough experiences, built on the best platform for developing and hosting fast, reliable, and secure hosting for WordPress sites.<\/em><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"782\" height=\"636\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-4.png\" alt=\"\" class=\"wp-image-120576\" style=\"width:587px;height:477px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-4.png 782w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-4-300x244.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-4-768x625.png 768w\" sizes=\"auto, (max-width: 782px) 100vw, 782px\"><\/figure>\n\n\n\n<ol start=\"6\" class=\"wp-block-list\">\n<li>In the Choose Issuance Authorization Rules step, select <strong>Permit everyone<\/strong>, then click <strong>Next<\/strong>.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"788\" height=\"640\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-5.png\" alt=\"\" class=\"wp-image-120575\" style=\"width:591px;height:480px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-5.png 788w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-5-300x244.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-5-768x624.png 768w\" sizes=\"auto, (max-width: 788px) 100vw, 788px\"><\/figure>\n\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li>In the Ready to Add Trust step, click <strong>Next<\/strong> to accept defaults<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"782\" height=\"636\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-6.png\" alt=\"\" class=\"wp-image-120577\" style=\"width:587px;height:477px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-6.png 782w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-6-300x244.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-6-768x625.png 768w\" sizes=\"auto, (max-width: 782px) 100vw, 782px\"><\/figure>\n\n\n\n<ol start=\"8\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>In the Finish dialog, check <strong>Open the Edit Claim Rules dialog for this relying party trust<\/strong> and when the wizard finishes click <strong>Close<\/strong>.<\/li>\n\n\n\n<li>In the Edit Claim Rules for WP Engine User Portal dialog, click <strong>Add Rule<\/strong> to enter the Add Transform Claim Rule Wizard.<\/li>\n\n\n\n<li>In the Choose Rule Type step, select <strong>Send LDAP Attributes as Claims<\/strong> from the Claim rule template drop-down, then click <strong>Next<\/strong>.<\/li>\n\n\n\n<li>In the Configure Claim Rule step, enter the following, the click OK:\n<ul class=\"wp-block-list\">\n<li>(Row 1) <strong>LDAP Attribute<\/strong>: Email Addresses<\/li>\n\n\n\n<li><strong>Outgoing Claim Type<\/strong>: E-Mail address<\/li>\n\n\n\n<li>(Row 2) <strong>LDAP Attribute<\/strong>: Given-Name<\/li>\n\n\n\n<li><strong>Outgoing Claim Type<\/strong>: firstName<\/li>\n\n\n\n<li>(Row 3) <strong>LDAP Attribute<\/strong>: Surname<\/li>\n\n\n\n<li><strong>Outgoing Claim Type<\/strong>: lastName<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"824\" height=\"886\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-7.png\" alt=\"\" class=\"wp-image-120578\" style=\"width:618px;height:665px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-7.png 824w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-7-279x300.png 279w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-7-768x826.png 768w\" sizes=\"auto, (max-width: 824px) 100vw, 824px\"><\/figure>\n\n\n\n<ol start=\"9\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>Click <strong>Add Rule<\/strong> to enter the Add Transform Claim Rule Wizard<\/li>\n\n\n\n<li>In the Choose Rule Type step, select <strong>Transform an Incoming Claim<\/strong> from the Claim rule template drop-down, then click <strong>Next<\/strong>.<\/li>\n\n\n\n<li>In the Configure Claim Rule step, enter the following, then click <strong>Finish<\/strong>:\n<ul class=\"wp-block-list\">\n<li><strong>Claim Rule Name<\/strong>: Transform Rule<\/li>\n\n\n\n<li><strong>Incoming claim type<\/strong>: Email Address (matches the name from the outgoing claim type in the LDAP claims rule)<\/li>\n\n\n\n<li><strong>Outgoing claim type<\/strong>: Name ID<\/li>\n\n\n\n<li><strong>Outgoing name ID format<\/strong>: Email<\/li>\n\n\n\n<li>Select <strong>Pass through all claim values<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"824\" height=\"886\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-8.png\" alt=\"\" class=\"wp-image-120579\" style=\"width:618px;height:665px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-8.png 824w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-8-279x300.png 279w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-8-768x826.png 768w\" sizes=\"auto, (max-width: 824px) 100vw, 824px\"><\/figure>\n\n\n\n<ol start=\"12\" class=\"wp-block-list\">\n<li>Select <strong>Properties<\/strong> from the Actions sidebar while you have the relying party trust selected<\/li>\n\n\n\n<li>In the Advanced tab, make sure <strong>SHA-256<\/strong> is specified as the secure hash algorithm, then click <strong>OK<\/strong>.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"596\" height=\"706\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-9.png\" alt=\"\" class=\"wp-image-120580\" style=\"width:447px;height:530px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-9.png 596w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-9-253x300.png 253w\" sizes=\"auto, (max-width: 596px) 100vw, 596px\"><\/figure>\n\n\n\n<ol start=\"14\" class=\"wp-block-list\">\n<li>Click on AD FS, Service, then <strong>Endpoints<\/strong>.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"432\" height=\"570\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-10.png\" alt=\"\" class=\"wp-image-120584\" style=\"width:324px;height:428px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-10.png 432w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-10-227x300.png 227w\" sizes=\"auto, (max-width: 432px) 100vw, 432px\"><\/figure>\n\n\n\n<ol start=\"15\" class=\"wp-block-list\">\n<li>Locate the <strong>URL path<\/strong> in the Metadata section. EX:<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"702\" height=\"178\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-11.png\" alt=\"\" class=\"wp-image-120585\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-11.png 702w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/adfs-11-300x76.png 300w\" sizes=\"auto, (max-width: 702px) 100vw, 702px\"><\/figure>\n\n\n\n<ol start=\"16\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>Copy the path into a new tab in your browser, and prepend <code>https:\/\/<\/code> followed by your <strong>ADFS hostname<\/strong>.\n<ul class=\"wp-block-list\">\n<li>For example: <code>https:\/\/adfs.example.com\/federationmetadata\/2007-06\/federationmetadata.xml<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Download this metadata to a file on your computer.<\/li>\n\n\n\n<li>You will be prompted to upload this metadata file during the <strong>Integrate SAML<\/strong> step during the Single Sign-On setup in the WP Engine User Portal<\/li>\n<\/ol>\n\n\n\n<p>In some cases you may have multiple certificates configured, and the metadata may not be clear about which certificate will be used. In these cases, you will need to export the ADFS certificate:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Click AD FS Management (Server Manager &gt; Tools), then Service, then Certificates.<\/li>\n\n\n\n<li>In the Token-signing section, right click the certificate and select View Certificate.<\/li>\n\n\n\n<li>On the Details tab, click Copy to file and Next.<\/li>\n\n\n\n<li>Select DER encoded binary X.509 (.CER), and click Next.<\/li>\n\n\n\n<li>Select where you want to save the file and enter a name for the file. Click Save, Next, and Finish.<\/li>\n\n\n\n<li>You can paste the contents of this certificate during the <strong>Integrate SAML<\/strong> step during the Single Sign-On setup in the WP Engine User Portal.<\/li>\n<\/ol>\n<\/div><\/details><\/div>\n\n\n\n<div class=\"wp-block-genesis-blocks-gb-accordion gb-block-accordion\"><details><summary class=\"gb-accordion-title\"><h3>Azure Active Directory<\/h3><\/summary><div class=\"gb-accordion-text\">\n<p>If you have not done so already, <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/enterprise\/azure-integration?view=o365-worldwide\" target=\"_blank\" rel=\"noreferrer noopener\">this document<\/a> can help you set up the Azure AD subscription which is included with Microsoft 365.<\/p>\n\n\n\n<ol style=\"list-style-type:1\" class=\"wp-block-list\">\n<li><span style=\", sans-serif\">Go to <\/span><a style=\", sans-serif\" href=\"https:\/\/portal.azure.com\/#home\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/portal.azure.com\/#home<\/a><\/li>\n\n\n\n<li>In the left hand menu, select <strong>Azure Active Directory<\/strong><\/li>\n\n\n\n<li>Under Create, click <strong>Enterprise Applications<\/strong><\/li>\n\n\n\n<li>Select <strong>New application Non-gallery application<\/strong><\/li>\n\n\n\n<li>Select <strong>Create your own application<\/strong><\/li>\n\n\n\n<li>In the panel, set the Name to: <code>WP Engine User Portal<\/code><\/li>\n\n\n\n<li>Select \u201cIntegrate any other application you don\u2019t find in the gallery \u201d<\/li>\n\n\n\n<li>Click <strong>Create<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"548\" height=\"548\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-create-app.png\" alt=\"\" class=\"wp-image-122886\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-create-app.png 548w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-create-app-300x300.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-create-app-150x150.png 150w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-create-app-360x360.png 360w\" sizes=\"auto, (max-width: 548px) 100vw, 548px\"><\/figure>\n\n\n\n<ol start=\"9\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>Click <strong>Assign users and groups<\/strong> in the <em>Assign users and groups<\/em> box. Then assign the appropriate users to the WP Engine application. These users must also <a href=\"https:\/\/wpengine.com\/support\/users\/\">exist in the WP Engine User portal<\/a>.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"350\" height=\"152\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-assign-users.png\" alt=\"\" class=\"wp-image-122888\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-assign-users.png 350w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-assign-users-300x130.png 300w\" sizes=\"auto, (max-width: 350px) 100vw, 350px\"><\/figure>\n\n\n\n<ol start=\"10\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>Click <strong>Get Started<\/strong> under <em>Set up single sign on<\/em>.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"354\" height=\"152\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-setup-get-started.png\" alt=\"\" class=\"wp-image-122889\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-setup-get-started.png 354w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-setup-get-started-300x129.png 300w\" sizes=\"auto, (max-width: 354px) 100vw, 354px\"><\/figure>\n\n\n\n<ol start=\"11\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>Choose <strong>SAML<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"354\" height=\"185\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-choose-saml.png\" alt=\"\" class=\"wp-image-122890\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-choose-saml.png 354w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-choose-saml-300x157.png 300w\" sizes=\"auto, (max-width: 354px) 100vw, 354px\"><\/figure>\n\n\n\n<ol start=\"12\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>Click <strong>Upload metadata file<\/strong> and select the XML metadata you downloaded from the WP Engine User Portal during the <strong>Create SAML app<\/strong> step.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"155\" height=\"31\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-upload-metadata.png\" alt=\"\" class=\"wp-image-122891\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-upload-metadata.png 155w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-upload-metadata-150x31.png 150w\" sizes=\"auto, (max-width: 155px) 100vw, 155px\"><\/figure>\n\n\n\n<ol start=\"13\" class=\"wp-block-list\">\n<li>In the <em>Basic SAML<\/em> configuration box, click <strong>Edit<\/strong> then fill in these fields. <em>The information used here will be available on the <\/em><strong><em>Create SAML app<\/em><\/strong><em> step of Single Sign-On setup in the WP Engine User Portal.&nbsp;<\/em>\n<ul class=\"wp-block-list\">\n<li>In the Relay State field, paste the <strong>Relay state \/ start URL<\/strong> you received from WP Engine.<\/li>\n\n\n\n<li>Verify the metadata import filled the <em>Issuer (Entity ID)<\/em> field with the <strong>Audience URI \/ entity ID<\/strong> from WP Engine.<\/li>\n\n\n\n<li>Verify the metadata import filled the <em>Reply URL (Assertion Consumer Service URL)<\/em> field with the <strong>ACS URL <\/strong>from WP Engine.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>, then <strong>X<\/strong> to close the <em>Basic SAML Configuration<\/em>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"599\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-basic-saml-config-example-1024x599.png\" alt=\"\" class=\"wp-image-122897\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-basic-saml-config-example-1024x599.png 1024w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-basic-saml-config-example-300x175.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-basic-saml-config-example-768x449.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-basic-saml-config-example-1500x877.png 1500w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-basic-saml-config-example.png 1503w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/figure>\n\n\n\n<ol start=\"13\" class=\"wp-block-list\">\n<li>Under user Attributes and Claims, click <strong>Edit<\/strong>:\n<ul class=\"wp-block-list\">\n<li>Click the <em>Required Claim<\/em> <strong>Unique User Identifier (Name ID)<\/strong><\/li>\n\n\n\n<li>Under <em>Choose name identifier format<\/em>, verify the format is <strong>Email address<\/strong>. If not, you may need to change the Source attribute to: <strong>user.mail<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Save<\/strong> if you made changes, then <strong>X<\/strong> to close.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click the <strong>user.mail<\/strong> claim and change the name to <strong>email<\/strong>.<\/li>\n\n\n\n<li>Then click <strong>Save<\/strong> and close.<\/li>\n\n\n\n<li>Click the <strong>user.givenname<\/strong> claim and change the name to <strong>firstName<\/strong>.<\/li>\n\n\n\n<li>Then click <strong>Save<\/strong> and close.<\/li>\n\n\n\n<li>Click the <strong>user.surname<\/strong> claim and change the name to <strong>lastName<\/strong>.<\/li>\n\n\n\n<li>Then click <strong>Save<\/strong> and close.<\/li>\n\n\n\n<li>Delete the claim <strong>user.userprincipalname<\/strong><\/li>\n<\/ol>\n\n\n\n<p>The resulting claims should appear as follows:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"394\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/04\/azure-attributes-claims.png\" alt=\"\" class=\"wp-image-122952\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/04\/azure-attributes-claims.png 800w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/04\/azure-attributes-claims-300x148.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/04\/azure-attributes-claims-768x378.png 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\"><\/figure>\n\n\n\n<p>Before continuing to the last steps, your final settings should look similar to this:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"671\" height=\"1024\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-saml-final-settings-example-1-671x1024.png\" alt=\"\" class=\"wp-image-122899\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-saml-final-settings-example-1-671x1024.png 671w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-saml-final-settings-example-1-197x300.png 197w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-saml-final-settings-example-1-768x1172.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2022\/03\/azure-saml-final-settings-example-1.png 787w\" sizes=\"auto, (max-width: 671px) 100vw, 671px\"><\/figure>\n\n\n\n<ol start=\"21\" class=\"wp-block-list\">\n<li>Under Step 3 <em>SAML Signing Certificate<\/em>, click <strong>download<\/strong> to save the <strong>Federation Metadata XML<\/strong> file.<\/li>\n\n\n\n<li>You will be prompted to upload this metadata file during the <strong>Integrate SAML<\/strong> step during the <em>Single Sign-On setup<\/em> in the WP Engine User Portal.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"512\" height=\"170\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/09\/azure-cert.png\" alt=\"\" class=\"wp-image-121175\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/09\/azure-cert.png 512w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/09\/azure-cert-300x100.png 300w\" sizes=\"auto, (max-width: 512px) 100vw, 512px\"><\/figure>\n<\/div><\/details><\/div>\n\n\n\n<div class=\"wp-block-genesis-blocks-gb-accordion gb-block-accordion\"><details><summary class=\"gb-accordion-title\"><h3>OneLogin SSO<\/h3><\/summary><div class=\"gb-accordion-text\">\n<ol class=\"wp-block-list\">\n<li>Log in to the OneLogin Dashboard, and click Applications &gt; <strong>Add App<\/strong><\/li>\n\n\n\n<li>Search for SAML, and select <strong>SAML Test Connector (Adva<\/strong>nced) to set up SAML 2.0<\/li>\n\n\n\n<li>On the initial screen and Info tab:<ul><li><strong>Display Name<\/strong>: WP Engine User Portal<\/li><li>Enable <strong>Visible in Portal<\/strong><\/li><li><strong>Logo<\/strong>: On the WP Engine User Portal on the <strong>Create SAML app<\/strong> step of Single Sign-On Setup, download and extract <code>logos.zip<\/code>. Upload a logo here.<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li><strong>Description<\/strong>: <em>The WordPress Digital Experience Platform. Bring your vision to life in breakthrough experiences, built on the best platform for developing and hosting fast, reliable, and secure hosting for WordPress sites.<\/em><\/li>\n\n\n\n<li>Click <strong>Save<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>In the Configuration tab, set up the SAML connection. <em><em>The information used here will be available on the <\/em><strong><em>Create SAML app<\/em><\/strong><em> step of Single Sign-On setup in the WP Engine User Portal.&nbsp;<\/em><\/em>\n<ul class=\"wp-block-list\">\n<li><strong>Relay State<\/strong>: Paste the \u201cRelayState \/ Start URL\u201d provided<\/li>\n\n\n\n<li><strong>Audience<\/strong>: Paste the \u201cAudience URI \/ Entity ID\u201d provided<\/li>\n\n\n\n<li><strong>Recipient<\/strong>: Paste the \u201cAssertion Consumer Service URL\u201d provided<\/li>\n\n\n\n<li><strong>ACS (Consumer) URL Validator<\/strong>: This could be <code>.*<\/code> or for more security you could escape characters in the provided ACS URL for additional security. Generally, this would mean putting a backslash  in front of each forward slash <code>\/<\/code> and period <code>.<\/code> However, it may vary if there are other special characters. For example, the final URL validator could come out like: <code>https:\/\/identity.wpengine.com\/sso\/saml2\/restofacs<\/code><\/li>\n\n\n\n<li><strong>ACS (Consumer) URL<\/strong>: Paste the \u201cAssertion Consumer Service URL\u201d provided<\/li>\n\n\n\n<li>The <strong>logout URL<\/strong> can remain blank. WP Engine log out should not log you out of your corporate identity system.<\/li>\n\n\n\n<li>The <strong>SAML Signature Element<\/strong> should be set to \u201cBoth\u201d so that both the assertion and response are signed<\/li>\n\n\n\n<li>Other values can use the <strong>defaults<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"821\" height=\"1024\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/onelogin-1-821x1024.png\" alt=\"\" class=\"wp-image-120693\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/onelogin-1-821x1024.png 821w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/onelogin-1-241x300.png 241w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/onelogin-1-768x958.png 768w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/onelogin-1.png 866w\" sizes=\"auto, (max-width: 821px) 100vw, 821px\"><\/figure>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>On the parameters tab:\n<ul class=\"wp-block-list\">\n<li>Under Credentials are, select <strong>Configured by admin<\/strong><\/li>\n\n\n\n<li>Select Add parameter, and create and map custom parameters for each field name used to identify user details.<\/li>\n\n\n\n<li>The default value includes the NameID (fka Email) field, with a value of Email. WP Engine requires email as the <strong>NameID<\/strong>.<\/li>\n\n\n\n<li>Click the plus to add a parameter:\n<ul class=\"wp-block-list\">\n<li>Select <strong>Include in SAML assertion<\/strong><\/li>\n\n\n\n<li><strong>Field Name<\/strong>: email<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click <strong>Save<\/strong><\/li>\n\n\n\n<li><strong>Value<\/strong>: email<\/li>\n\n\n\n<li>Leave <strong>Include in SAML assertion<\/strong> checked<\/li>\n\n\n\n<li>Click <strong>Save<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click the plus to add another parameter:\n<ul class=\"wp-block-list\">\n<li>Select <strong>Include in SAML assertion<\/strong><\/li>\n\n\n\n<li><strong>Field Name<\/strong>: firstName<\/li>\n\n\n\n<li>Click <strong>Save<\/strong><\/li>\n\n\n\n<li><strong>Value<\/strong>: First Name<\/li>\n\n\n\n<li>Leave <strong>Include in SAML assertion<\/strong> checked<\/li>\n\n\n\n<li>Click <strong>Save<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click the plus to add another parameter:\n<ul class=\"wp-block-list\">\n<li>Select <strong>Include in SAML assertion<\/strong><\/li>\n\n\n\n<li><strong>FieldName<\/strong>: lastName<\/li>\n\n\n\n<li>Click <strong>Save<\/strong><\/li>\n\n\n\n<li><strong>Value<\/strong>: Last Name<\/li>\n\n\n\n<li>Leave <strong>Include in SAML assertion<\/strong> checked<\/li>\n\n\n\n<li>Click <strong>Save<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Back on the Parameters tab, you should now have 4 entries, click save. For example:<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"538\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/onelogin-3.png\" alt=\"\" class=\"wp-image-120695\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/onelogin-3.png 936w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/onelogin-3-300x172.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/onelogin-3-768x441.png 768w\" sizes=\"auto, (max-width: 936px) 100vw, 936px\"><\/figure>\n\n\n\n<ol start=\"9\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>Go to the <strong>SSO<\/strong> tab:\n<ul class=\"wp-block-list\">\n<li>Set SAML Signature Algorithm encryption to <strong>SHA-256<\/strong><\/li>\n\n\n\n<li>Be sure <strong>Enable login hint<\/strong> is checked<\/li>\n\n\n\n<li>Click <strong>Save<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click the <strong>More Actions<\/strong> dropdown at the upper right<\/li>\n\n\n\n<li>Click to <strong>Download SAML Metadata<\/strong>.<\/li>\n\n\n\n<li>You will be prompted to upload this metadata file during the <strong>Integrate SAML<\/strong> step during the Single Sign-On setup in the WP Engine User Portal.<\/li>\n\n\n\n<li>Assign users to the SAML app:\n<ul class=\"wp-block-list\">\n<li>Customers often set up a group for this.<\/li>\n\n\n\n<li>Initially, at a minimum assign the app to the identified test user<\/li>\n\n\n\n<li>Prior to going live for all users in your SSO email domain(s), get a complete list of users by going to the Users &gt; Account Users tab in all accounts, and assign the app to each user.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/div><\/details><\/div>\n\n\n\n<div class=\"wp-block-genesis-blocks-gb-accordion gb-block-accordion\"><details><summary class=\"gb-accordion-title\"><h3>Okta SSO<\/h3><\/summary><div class=\"gb-accordion-text\">\n<p>For official documentation, see Okta\u2019s guide here: <a href=\"https:\/\/developer.okta.com\/docs\/guides\/build-sso-integration\/saml2\/create-your-app\/#create-a-saml-integration\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/developer.okta.com\/docs\/guides\/build-sso-integration\/saml2\/create-your-app\/#create-a-saml-integration<\/a><\/p>\n\n\n\n<ol style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>Navigate to <strong>Okta<\/strong> &gt; <strong>Admin<\/strong> &gt; <strong>Classic UI<\/strong> &gt; <strong>Applications<\/strong><\/li>\n\n\n\n<li>Click <strong>Add Application<\/strong><\/li>\n\n\n\n<li>Click <strong>Create New App<\/strong><\/li>\n\n\n\n<li>For Platform, leave <strong>Web<\/strong> selected<\/li>\n\n\n\n<li>For Sign on method, select <strong>SAML 2.0<\/strong><\/li>\n\n\n\n<li>Click <strong>Create<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"532\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/okta-1.png\" alt=\"\" class=\"wp-image-120687\" style=\"width:702px;height:399px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/okta-1.png 936w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/okta-1-300x171.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/okta-1-768x437.png 768w\" sizes=\"auto, (max-width: 936px) 100vw, 936px\"><\/figure>\n\n\n\n<ol start=\"7\" class=\"wp-block-list\">\n<li>Under General settings:<ul><li><strong>App Name<\/strong>: WP Engine User Portal<\/li><li><strong>App Logo<\/strong>: On the WP Engine User Portal on the <strong>Create SAML app<\/strong> step of Single Sign-On Setup, download and extract <code>logos.zip<\/code>.&nbsp; Then upload <code>WPEngine-SSO-Okta-Logo.png<\/code> this file as the Logo icon.<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li><strong>App visibility<\/strong>: Leave both unchecked<\/li>\n\n\n\n<li>Click <strong>Next<\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>In the Configure SAML tab fill in the following. <em><em>The information used here will be available on the <\/em><strong><em>Create SAML app<\/em><\/strong><em> step of Single Sign-On setup in the WP Engine User Portal.&nbsp;<\/em><\/em><ul><li><strong>Single sign-on URL<\/strong>: Fill in with the Assertion Consumer Service URL provided<\/li><li><strong>Use this for Recipient URL and Destination URL<\/strong>: Leave default checked<\/li><li><strong>Allow this app to request other SSO URLs<\/strong>: Leave default unchecked<\/li><li><strong>Audience URI<\/strong>: Fill in with the Audience URI provided<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li><strong>Default Relay State<\/strong>: Fill in with the Relay State \/ start URL provided<\/li>\n\n\n\n<li><strong>Name ID format<\/strong>: Email Address<\/li>\n\n\n\n<li>A<strong>pplication username<\/strong>: Okta username<\/li>\n\n\n\n<li><strong>Update application username on<\/strong>: Create and Update<\/li>\n\n\n\n<li><strong>Attribute Statements<\/strong>:\n<ol start=\"1\" style=\"list-style-type:lower-roman\" class=\"wp-block-list\">\n<li>FirstName \/ user.firstName<\/li>\n\n\n\n<li>LastName \/ user.lastName<\/li>\n\n\n\n<li>Email \/ user.email<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li><strong>Group attribute statements<\/strong>: none<\/li>\n\n\n\n<li>Click <strong>Next<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"255\" height=\"512\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/09\/okta-saml-settings.png\" alt=\"\" class=\"wp-image-121168\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/09\/okta-saml-settings.png 255w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/09\/okta-saml-settings-149x300.png 149w\" sizes=\"auto, (max-width: 255px) 100vw, 255px\"><\/figure>\n\n\n\n<ol start=\"9\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>On the Feedback page, you don\u2019t have to select anything.<\/li>\n\n\n\n<li>Click <strong>Finish<\/strong><\/li>\n\n\n\n<li>Select the <strong>Assignments<\/strong> tab and assign <strong>your WP Engine users<\/strong><\/li>\n\n\n\n<li>Under the application, click <strong>Sign On<\/strong>, then under settings select <strong>View Setup Instructions<\/strong><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"842\" height=\"860\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/okta-3.png\" alt=\"\" class=\"wp-image-120690\" style=\"width:632px;height:645px\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/okta-3.png 842w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/okta-3-294x300.png 294w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/okta-3-768x784.png 768w\" sizes=\"auto, (max-width: 842px) 100vw, 842px\"><\/figure>\n\n\n\n<ol start=\"13\" style=\"list-style-type:1\" class=\"wp-block-list\">\n<li>Download the <strong>Identity Provider metadata<\/strong>.<\/li>\n\n\n\n<li>You will be prompted to upload this metadata file during the <strong>Integrate SAML<\/strong> step during the Single Sign-On setup in the WP Engine User Portal.<\/li>\n<\/ol>\n<\/div><\/details><\/div>\n\n\n\n<div class=\"wp-block-genesis-blocks-gb-accordion gb-block-accordion\"><details><summary class=\"gb-accordion-title\"><meta charset=\"utf-8\"><h3>Google Single Sign-on<\/h3><\/summary><div class=\"gb-accordion-text\">\n<p>For Google\u2019s official documentation, see their guide here: <a href=\"https:\/\/support.google.com\/a\/answer\/60224?hl=en\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/support.google.com\/a\/answer\/60224<\/a><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>From your Google Apps menu, launch the <strong>Admin<\/strong> app<\/li>\n\n\n\n<li>Click the <strong>Apps<\/strong> icon<\/li>\n\n\n\n<li>Select <strong>Web and mobile apps<\/strong><\/li>\n\n\n\n<li>Click <strong>Add App<\/strong> then select <strong>Add custom SAML app<\/strong><\/li>\n\n\n\n<li>Fill in the following App details:\n<ul class=\"wp-block-list\">\n<li><strong>App Name<\/strong>: WP Engine User Portal<\/li>\n\n\n\n<li><strong>Description<\/strong>: <em>The WordPress Digital Experience Platform. Bring your vision to life in breakthrough experiences, built on the best platform for developing and hosting fast, reliable, and secure hosting for WordPress sites.<\/em><\/li>\n\n\n\n<li><strong>App Icon<\/strong>: Download and save the <code><a href=\"https:\/\/wpengine.com\/wp-content\/uploads\/2021\/08\/WPEngine-SSO-Google-Logo.png\" target=\"_blank\" rel=\"noreferrer noopener\">WPEngine-SSO-Google-Logo.png<\/a><\/code> file here. Then upload this file as the app icon.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Under Google Identity Provider Details, click <strong>Download Metadata<\/strong>. Save this XML file to your computer, you will be prompted to upload this metadata file during the <strong>Integrate SAML<\/strong> step during the Single Sign-On setup in the WP Engine User Portal.<\/li>\n\n\n\n<li>Under Service Provider Details, fill in the values available on the <strong>Create SAML app<\/strong> step of Single Sign-On setup in the WP Engine User Portal:\n<ul class=\"wp-block-list\">\n<li><strong>ACS URL<\/strong>: Paste the \u201cAssertion Consumer Service URL\u201d provided<\/li>\n\n\n\n<li><strong>Entity ID<\/strong>: Paste the \u201cAudience URI \/ Entity ID\u201d provided<\/li>\n\n\n\n<li><strong>Start URL<\/strong>: Paste the \u201cRelayState \/ Start URL\u201d provided<\/li>\n\n\n\n<li>Check the <strong>Signed Response<\/strong> checkbox<\/li>\n\n\n\n<li><strong>Name ID Format<\/strong>: EMAIL<\/li>\n\n\n\n<li><strong>Name ID<\/strong>: Basic Information &gt; Primary email<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Set up the needed attribute mapping. The values need to match exactly on both sides. EX:<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"936\" height=\"468\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/google-sso-1.png\" alt=\"\" class=\"wp-image-120677\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/google-sso-1.png 936w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/google-sso-1-300x150.png 300w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/google-sso-1-768x384.png 768w\" sizes=\"auto, (max-width: 936px) 100vw, 936px\"><\/figure>\n\n\n\n<ol start=\"9\" class=\"wp-block-list\">\n<li>Click <strong>Finish<\/strong><\/li>\n<\/ol>\n\n\n\n<p>Once we have completed the SSO setup on the WP Engine side, we can begin testing. For the \u201cTest launching User Portal from your system\u201d step, you will need to pick this app from your Google Apps menu:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"364\" height=\"514\" src=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/google-sso-wpe.png\" alt=\"\" class=\"wp-image-120678\" srcset=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/google-sso-wpe.png 364w, https:\/\/wpengine.com\/support\/wp-content\/uploads\/2021\/08\/google-sso-wpe-212x300.png 212w\" sizes=\"auto, (max-width: 364px) 100vw, 364px\"><\/figure>\n<\/div><\/details><\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\">\n\n\n\n<h2 class=\"wp-block-heading\">Multi-Domain SSO<\/h2>\n\n\n\n<p>Configuring SSO for multiple domains on a single account cannot currently be configured through the User Portal, and requires Support assistance to finalize the set up. If you need to configure SSO for multiple email domains on a single account, please take the following actions, and then reach out to the WP Engine Support team to have them complete this process.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Complete the setup of your first domain through the User Portal using the steps above.\n<ul class=\"wp-block-list\">\n<li>This includes going live with the configuration.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Click the three dot menu on your live SSO configuration and choose \u201cAdd Domain\u201d. This will display the TXT records to be used to verify ownership for your additional domains.<\/li>\n\n\n\n<li>Add the TXT record entry in your DNS provider for <em>all<\/em> of the domains that you want to configure SSO for.<\/li>\n\n\n\n<li><a href=\"https:\/\/my.wpengine.com\/support\">Contact WP Engine Support<\/a> to request multi-domain SSO setup.\n<ul class=\"wp-block-list\">\n<li>Include the list of the additional domains you want to configure.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n\n\n\n<p><strong>NEXT STEP: <a href=\"https:\/\/wpengine.com\/support\/seamless-login\/\">Enable seamless login to WordPress<\/a><\/strong><\/p>","protected":false},"excerpt":{"rendered":"<p>SSO for WP Engine allows you to use your own identity provider to authenticate User Portal logins. Learn how it works and how to enable it for your domain.<\/p>\n","protected":false},"featured_media":126216,"template":"","meta":{"_acf_changed":false,"mediapress_authors_byline":[],"mediapress_draft_name":"","_mediapress_is_draft_copy":false},"support-categories":[14,16],"support-tag":[],"mediapress_author":[],"class_list":["post-108118","support","type-support","status-publish","has-post-thumbnail","hentry","support-categories-account","support-categories-security-3"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Single Sign-On (SSO) for WP Engine User Portal - Support Center<\/title>\n<meta name=\"description\" content=\"SSO for WP Engine allows you to use your own identity provider to authenticate User Portal logins. Learn how it works and how to enable it for your domain.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wpengine.com\/support\/sso-user-portal\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Single Sign-On (SSO) for WP Engine User Portal - Support Center\" \/>\n<meta property=\"og:description\" content=\"SSO for WP Engine allows you to use your own identity provider to authenticate User Portal logins. Learn how it works and how to enable it for your domain.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wpengine.com\/support\/sso-user-portal\/\" \/>\n<meta property=\"og:site_name\" content=\"Support Center\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-08T10:54:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"28 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/wpengine.com\\\/support\\\/sso-user-portal\\\/\",\"url\":\"https:\\\/\\\/wpengine.com\\\/support\\\/sso-user-portal\\\/\",\"name\":\"Single Sign-On (SSO) for WP Engine User Portal - Support Center\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/wpengine.com\\\/support\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/wpengine.com\\\/support\\\/sso-user-portal\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/wpengine.com\\\/support\\\/sso-user-portal\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/wpengine.com\\\/support\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/wp-engine-featured-image.png\",\"datePublished\":\"2020-07-22T18:16:12+00:00\",\"dateModified\":\"2026-04-08T10:54:11+00:00\",\"description\":\"SSO for WP Engine allows you to use your own identity provider to authenticate User Portal logins. Learn how it works and how to enable it for your domain.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/wpengine.com\\\/support\\\/sso-user-portal\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/wpengine.com\\\/support\\\/sso-user-portal\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/wpengine.com\\\/support\\\/sso-user-portal\\\/#primaryimage\",\"url\":\"https:\\\/\\\/wpengine.com\\\/support\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/wp-engine-featured-image.png\",\"contentUrl\":\"https:\\\/\\\/wpengine.com\\\/support\\\/wp-content\\\/uploads\\\/2019\\\/12\\\/wp-engine-featured-image.png\",\"width\":1200,\"height\":630,\"caption\":\"WP Engine\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/wpengine.com\\\/support\\\/sso-user-portal\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/wpengine.com\\\/support\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support Posts\",\"item\":\"https:\\\/\\\/wpengine.com\\\/support\\\/support\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Single Sign-On (SSO) for WP Engine User Portal\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/wpengine.com\\\/support\\\/#website\",\"url\":\"https:\\\/\\\/wpengine.com\\\/support\\\/\",\"name\":\"Support Center\",\"description\":\"WP Engine&#039;s Support Center\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/wpengine.com\\\/support\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Single Sign-On (SSO) for WP Engine User Portal - Support Center","description":"SSO for WP Engine allows you to use your own identity provider to authenticate User Portal logins. Learn how it works and how to enable it for your domain.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wpengine.com\/support\/sso-user-portal\/","og_locale":"en_US","og_type":"article","og_title":"Single Sign-On (SSO) for WP Engine User Portal - Support Center","og_description":"SSO for WP Engine allows you to use your own identity provider to authenticate User Portal logins. Learn how it works and how to enable it for your domain.","og_url":"https:\/\/wpengine.com\/support\/sso-user-portal\/","og_site_name":"Support Center","article_modified_time":"2026-04-08T10:54:11+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"28 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wpengine.com\/support\/sso-user-portal\/","url":"https:\/\/wpengine.com\/support\/sso-user-portal\/","name":"Single Sign-On (SSO) for WP Engine User Portal - Support Center","isPartOf":{"@id":"https:\/\/wpengine.com\/support\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wpengine.com\/support\/sso-user-portal\/#primaryimage"},"image":{"@id":"https:\/\/wpengine.com\/support\/sso-user-portal\/#primaryimage"},"thumbnailUrl":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","datePublished":"2020-07-22T18:16:12+00:00","dateModified":"2026-04-08T10:54:11+00:00","description":"SSO for WP Engine allows you to use your own identity provider to authenticate User Portal logins. Learn how it works and how to enable it for your domain.","breadcrumb":{"@id":"https:\/\/wpengine.com\/support\/sso-user-portal\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wpengine.com\/support\/sso-user-portal\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wpengine.com\/support\/sso-user-portal\/#primaryimage","url":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","contentUrl":"https:\/\/wpengine.com\/support\/wp-content\/uploads\/2019\/12\/wp-engine-featured-image.png","width":1200,"height":630,"caption":"WP Engine"},{"@type":"BreadcrumbList","@id":"https:\/\/wpengine.com\/support\/sso-user-portal\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wpengine.com\/support\/"},{"@type":"ListItem","position":2,"name":"Support Posts","item":"https:\/\/wpengine.com\/support\/support\/"},{"@type":"ListItem","position":3,"name":"Single Sign-On (SSO) for WP Engine User Portal"}]},{"@type":"WebSite","@id":"https:\/\/wpengine.com\/support\/#website","url":"https:\/\/wpengine.com\/support\/","name":"Support Center","description":"WP Engine&#039;s Support Center","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wpengine.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support\/108118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/types\/support"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/media\/126216"}],"wp:attachment":[{"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/media?parent=108118"}],"wp:term":[{"taxonomy":"support-categories","embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support-categories?post=108118"},{"taxonomy":"support-tag","embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/support-tag?post=108118"},{"taxonomy":"mediapress_author","embeddable":true,"href":"https:\/\/wpengine.com\/support\/wp-json\/wp\/v2\/mediapress_author?post=108118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}