Dominic Zarelli
Hello - We are attempting to implement this plugin into our test environment to test OKTA for our WordPress instance. I have added the client ID and secret to the env.php file and configured our OKTA instance, however, when activating the plugin and attempting to login I just get “Unable to connect to the server. Please check your network connection.”. Is there any logging anywhere that might offer more information? Any suggestions on what I should check? Any advice is appreciated. Thanks!
Enzo Giannone
@aaronpk@aaronpk i want to add a login for viewing the homepage…do i need a wordpress login plugin before i configure Okta?
Rabie Khabouze
You have to add your domain name in the trusted origins in Okta -> Security -> Api -> Trusted origins, allow CORS.
Montez Lacey
Hi I have a question. Does this work for a production environment? or is this exclusive to a dev environment. Currently trying to follow these steps and not getting the same results.
Dominic Zarelli
+1 for this ask. We are looking at using this plugin for a production instance of WordPress (Multi-Site). The language “We’ve created a proof of concept WordPress plugin” in this document suggests that this plugin is not ready for prime time? Any feedback on this? Thanks!
aaronpk
Our team doesn’t have the resources to support a production-ready product, but that said, the plugin should still work in an Okta production environment. Depending on your Okta account you might need to change the authorization server URL and such, but it should still work. If that’s not the case, please file an issue on the GitHub repo with more details and we’ll see what we can do.
Dominic Zarelli
Thank you. When adding this I’m asked to provide “Organization Origin Name” and “Origin URL”. Assuming that the “Origin URL” is the wp-login URL, correct? Does it matter what I use for “Organization Origin Name”? Thanks
Rabie Khabouze
That’s correct. It doesn’t matter. The URL is the main domain name without the full path.
Marc Beinder
It worked with a little bit of finesse. You have to login on the primary site and then you can switch between the different sites in the system. I was building a company intranet and the different sites had different permission sets and functions on them. So this worked out perfectly!
One thing to note is that I did have to create a Must-Use Plugin that runs when a login page is visited and then redirects the user to the primary site’s login page. Once Okta has finished the authentication the MU Plugin then takes over a redirects them to the content they were trying to access.
Let me know if you have any other questions.
Janne Savikko
Hi,
Based on the video, it seems that I have to input my Okta password to the WP site, not to the Okta login site (domain in the URL doesn’t seem to change).
Is this correct? If yes, I think this plugin teaches users to input their Okta credentials to a 3rd party site (seems like “reusing login credentials”) which is against security practices. Sure there is MFA to hinder attackers, but the habit of reusing credentials might be stuck in users head.
Best,
Janne
aaronpk
Yes you’re correct on both counts. It’s generally better to redirect users over to the authorization server so they’re only entering their password in one place. This demo is what you could do if you want to just swap out the Wordpress user management with Okta’s, not necessarily using it for single-sign-on, just changing how login works for the one Wordpress site.
Kris Mendoza
Has anyone tried using this recently? I’m getting CORS errors in console log. Does this have to do with the cross-site limitations in both Chrome and FF?
davidbitton
Are there provisions for migrating users from the WP users table to Okta?
sabith pocker
Some guide for Okta Paid Account to configure with Wordpress
For each External Application that needs to be configured with Okta one Application needs to be created in the Okta Admin section. External Application can be Wordpress or any other application supporting Okta.
To add a Wordpress Application:
Login and move to Admin Dashboard
Select Applications from Navigation Menu
Click on “Add Application” Button
You will reach Add Application Page
Click on the “Create New App” button in the right top, you will get a popup as shown below. Select Platform as “Web” and Sign on method as “OpenID Connect”
You will see a screen to enter application related data.
Enter Application Name as any Name that describes your application like “Wordpress Website”.
Enter Login redirect URI as the login page URI of Wordpress/Application. Eg: https://mywordpresssitecom/wp-login.php
Enter Logout Redirect URI as URI to be redirected to after Logout.
Save the application.
Allow CORS for the Wordpress URI
Once the application is setup we should configure Okta to allow calls from the Wordpress Domain. To do the same:
Login to Okta as Admin and go to Admin Dashboard
Go to Security → API from the Navigation
Go to Trusted Origins Tab
Click on “Add Origin”
Enter any name that helps you to identify the URi
Enter URI of the main domain
Select CORS and Redirection
Click “Save”
To configure Wordpress with Okta
Install Okta Wordpress Plugin
Make sure that you have an Application configured for this Wordpress website in your Okta account and at least one Admin user is Assigned to this application.
Go to the Application page General tab in Okta and look for client ID and client Secret at the bottom.
Keep the following 3 credentials ready:
Okta Domain - https://myaccount.okta.com
ClientID - Copy from application page shown above.
Client Secret - Copy from application page shown above.
Go to wordpress installation and go to
wordpress/wp-content/plugins/okta-wordpress-sign-in-widget-master1/env.php
Open the file in text editor, enter details kept ready
Save the file / upload back to the server if edited in local.
Sign in to Wordpress as Administrator
Go to Plugins → Installed Plugins and Activate “Okta Sign-in Widget”.
Log out from Wordpress using Logout link at top right.
Go to https://mywordpresssite.com…
You should be able to see the Okta login page here.
Enter your Okta Email and password to login to Wordpress that is assigned to this app in Okta.
You can sign in to Wordpress using Okta now.
sabith pocker
You have to export users as CSV, then import them to Okta. Users will have to sign up in Okta and set Okta password which they can use going forward. New users will have to be added in Wordpress and Okta as far as i know or do some setup to hook into wordpress create user and link the same to okta API as well.
CSV template can be obtained from Okta CSV import popup, it has a link to download CSV template. For my case I wrote a Wordpress plugin for the same.
sabith pocker
Once the application is setup we should configure Okta to allow calls from the Wordpress Domain. To do the same:
Login to Okta as Admin and go to Admin Dashboard
Go to Security -> API from the Navigation
Go to Trusted Origins Tab
Click on “Add Origin”
Enter any name that helps you to identify the URi
Enter URI of the main domain
Select CORS and Redirection
Click “Save”
davidbitton
How do I migrate my existing WP users to Okta? I’d like then be able to allow users to log in to our WP/Woo site and any other site of our choosing.
davidbitton
The new user signup process in WP doesn’t add the user to Okta?
Jenny Veens
It looks like this plugin has changed quite a bit since this article was written.
Is there an updated guide anywhere?