Single Sign-On (SSO) for WP Engine User Portal
The Single Sign-On (SSO) feature will allow customers to use their own identity provider (like Active Directory, Google, Okta, Shibboleth, etc.) to authenticate and log in to WP Engine’s User Portal (my.wpengine.com). SSO will give you the ability to set up custom security rules for the User Portal based on your own internal processes and security practices.
About WP Engine SSO
WP Engine uses SAML 2.0 to provide SSO to corporate identity systems. When you log in to the WP Engine User Portal, you are first prompted for your email. Our systems then use this email to route authentication to your business’s SAML app.
You can alternatively use the SAML app from your identity UI to push authentication from your company to WP Engine, so you are automatically logged in to WP Engine’s User Portal. Often this means you click a tile in your identity application to launch the WP Engine User Portal.
Once logged in to the User Portal, you can additionally use WP Engine’s Seamless Login feature to access the WordPress admin dashboards on your account.
Please reach out to the WP Engine Support team to have the SSO feature enabled. Support will get your request to the appropriate team internally to have SSO enabled for your domain.
Please provide the following information with your request:
- Domain name(s) attached to your email addresses
- EX: If your email is “[email protected]” we would need to know “acoolsite.com”
- The name and email of an initial test user
- We will use this address to test with prior to enabling SSO for the entire domain.
- Contact emails and phone numbers of the people doing the SSO setup for your domain.
- At least one of these should have admin access to your identity management system.
- Support PIN for an Owner of the hosting account
- The Owner user’s email must use the same domain that we’re enabling SSO for.
Add a New User with SSO
To add a new user using SSO for WP Engine, ensure you’ve added the user to the WP Engine User Portal as well as to your SAML application.
The email address on WP Engine should match the email in your identity system, and should use the domain for which SSO was enabled.
As long as these two requirements are met, the user will automatically be prompted to log in with SSO at my.wpengine.com and can log in remotely from your identity app.
SSO for WP Engine only supports the login process for accessing the WP Engine User Portal. This feature does not support SFTP, SSH, or API credentials.
At this time, we do not support OAuth or SCIM.
For SAML, we require email, first name, and last name attributes, and can optionally configure a mobile phone attribute to map through SAML. We do not map group attributes.
NEXT STEP: Enable seamless login to WordPress