How to Use Single Sign On (SSO) to Enhance the Member Experience

Creating and maintaining new account credentials for every website and application you use can be tiresome. This is especially true for membership site users, who might need to use different apps or services in order to make complete use of your membership.

Single Sign-On (SSO) solves this problem by allowing users to access multiple applications or services with a single set of credentials. With one username and one password, users can access all desired applications or websites, without logging into them one by one.

This simplifies the login process for users and reduces the number of passwords they need to remember. If you maintain several separate external sites that include members-only features, SSO can greatly improve the user experience. And a good user experience is central to the success of any business—especially when it comes to membership sites.

Want to implement SSO for your own members? In this post, we’ll talk about how to add single sign-on (SSO) to a WordPress membership site.

What is Single Sign On?

With SSO, users only log in one time using their credentials. They can then access all of the applications and services associated with their accounts.

This can be done with a central authentication service or federation protocols such as SAML (Security Assertion Markup Language).

3 Ways Single Sign-On Benefits Membership Businesses

1. Better Member Experience

If your membership relies on additional applications or websites, things can get complicated for your members. SSO brings all of these tools and services together in one place: Your membership site.

Members end up saving a lot of time and energy they would otherwise spend logging into multiple services and managing passwords.

Streamlining the login process and overall use of your site creates a better, more effortless user experience for your members. And a better user experience means more happy members who want to continue paying for your membership over time.

2. Better Security

With SSO, all login credentials are stored exclusively within your Identity Provider and nowhere else. This reinforces your membership site’s security, which is increasingly important across today’s digital landscape.

When members feel their sensitive data is secure, they are more likely to remain loyal to your membership site.

3. Flexible Levels of Access

Let’s say you run a membership site with multiple tiers and you want your users to easily access multiple applications or websites. SSO makes this a lot easier, by letting you assign members varying levels of access based on their membership level. 

WordPress Plugins For Single Sign-On

If you run a membership site using WordPress and you want to add single sign-on functionality, there are several open source plugins that you can choose from: 

1. WordPress SAML SSO: This plugin allows you to enable SSO on your WordPress site and supports various authentication methods, including SAML, OAuth, and OpenID Connect. It also offers multi-factor authentication and integrates with popular identity providers like Google, Facebook, and Azure AD.
2. WP SAML SSO: This plugin allows you to authenticate users on your WordPress site using SAML. It supports multiple identity providers and allows you to customize the login and logout process.
3. OneLogin SAML SSO: This plugin integrates with the OneLogin identity platform to provide SSO for your WordPress site. It supports SAML and offers features like automatic user provisioning and group mapping.

If you are already using Paid Memberships Pro, we recommend using WordPress SSO by miniOrange. This plugin not only integrates with the world’s leading Identity Providers; it also specifically integrates SSO with PMPro’s membership levels.

miniOrange WordPress SAML SSO Plugin

miniOrange WordPress SAML SSO is a Single Sign-On plugin that provides a seamless login and authentication process for WordPress websites. WordPress membership sites can leverage the Paid Memberships Pro SSO Integration with additional features, allowing users to:

• Simplify the login experience for their members using SSO
• Assign members varying levels of access based on membership level
• Consolidate access to multiple applications and websites on a single platform
• Seamlessly integrate all of this with major identity providers like Okta and GoogleApps

How Paid Memberships Pro and miniOrange Work Together

Paid Memberships Pro is designed for managing all kinds of membership sites with recurring payments—from premium content sites and training-based memberships, to clubs and associations, paid newsletters, and more.

PMPro supports membership sites with features like content restriction, robust membership management, payments & invoicing, admin reports, administration tools, and a rich library of Add Ons and code recipes for customization and site enhancement.

To add single sign-on to your Paid Memberships Pro membership site, you’ll need to use the miniOrange WordPress Paid Memberships Pro Integrator. This plugin allows you to map your users to particular Paid Memberships Pro membership levels, depending on the user group attribute sent by the Identity Provider (IDP) when they perform the SSO.

miniOrange’s Paid Memberships Pro integration provides features such as:

• Membership mapping: assign membership levels to your users based on their groups in your Identity Provider. Set up your Identity Provider with pre-defined groups mapped to your PMPro membership levels. Users are automatically assigned a membership level at the time of single sign-on, without having to complete a new membership checkout.
• Support for Multiple IDPs: configure each IDP and membership level mapping separately, so the user groups from one IDP can be assigned a different membership level than user groups in another configured IDP.
• Single Sign-On for Paid Memberships Pro users: configure SSO using the most popular SAML 2.0 or OAuth compliant Identity Providers, including Okta, Azure, Google Apps (GSuite/Google Workspace), Ping, and more.

How to Set Up SSO with miniOrange WordPress SAML SSO and Paid Memberships Pro

To set up the miniOrange WordPress SAML SSO plugin with Paid Memberships Pro, follow these steps:

1. Find the miniOrange WordPress SAML SSO plugin in the WordPress repository and install it. Then, activate it.
2. Navigate to SAML 2.0 SSO in the WordPress admin panel and go to Plugin Configuration
3. Click on the Service Provider Setup tab and select your IDP of choice.
4. Once selected, the plugin will have a link to that IDP’s specific setup guide. Click the Setup Guide link to get more help configuring the IDP.
5. On the Attribute/Role Mapping tab, map the attributes of the user in the IDP to the corresponding fields in your WordPress site. This ensures that the user’s information is properly transferred between the IDP and your site.
6. Save your changes. Be sure to test the SSO setup to make sure it’s working as expected.

If you want to leverage the advanced integration features such as membership level mapping, you’ll also need to install and configure the Paid Memberships Pro Integrator. Note that this plugin is not required to use SSO with your WordPress membership site. You should only use it if you require the specific features outlined in their documentation.

It’s important to note that the exact steps and options may vary depending on the IDP you are using and the specific version of the miniOrange WordPress SAML SSO plugin you have installed. You can refer to the miniOrange WordPress SAML SSO plugin documentation for additional guidance.

SSO and Membership Sites: Two Real-World Examples

Let’s look at a few examples of membership sites that use SSO with their WordPress membership site.

Simplify and Secure Members-Only Content Access: Certara

The Goal

Certara wanted a simpler way to provide access to their members-only content based on membership level. They also wanted to make sure that only authorized users could access this content.

The Solution

They decided to use miniOrange to add SSO to their WordPress membership. This meant that Certara users could only access content based on the membership level—more specifically, the IDP group that was assigned to them during sign-on.

Using Okta as an IDP with WordPress

The Goal

An organization wanted to do two primary things:

1. Authenticate users into WordPress using identity provider Okta
2. Provide a set number of users access to their WordPress content based on membership level

The Solution

The organization was already using the Paid Memberships Pro plugin to manage the membership levels on their WordPress site. So, they installed the Paid Memberships Pro Integrator for miniOrange SSO to achieve single sign-on and membership level mapping.

Okta already had pre-defined groups for the membership levels that users would be assigned at the time of SSO. Then, users would be assigned a membership level in WordPress based on their group in Okta.

Using SSO, the user could log into the WordPress membership site through Okta and they would be assigned memberships at WordPress according to the IDP group they belonged to. This would give them access to content that was limited according to their subscription.

Single Sign On and WordPress Multisites

In a WordPress Network or Multisite environment, user login credentials are stored in the database tables for the main network site.

For this setup, the user will always use the same username or email address and password to sign in to every site in your network.

If the user’s password or email address changes on one site on the network, the change is made across every site in the network.

Essentially, you don’t need SSO for a WordPress Multisite environment.

Some things to keep in mind for this use case:

• If your multisite uses subdomains (i.e. site1.domain.com and site2.domain.com) OR has custom domains (i.e. domain1.com and domain2.com) for each site in the network, users will need to “log in” and have their authentication cookie created for each unique domain/subdomains. This is required even though their login information is the same.
  • If you want to authenticate the user across all subdomains, refer to the COOKIE_DOMAIN and COOKIEPATH constants documentation for the wp-config.php file for help setting the login cookie across all subdomains.
• If you have a multisite setup that uses subfolders (i.e. domain.com/site1 and domain.com/site2), the authentication cookie will be created for the main TLD and users will automatically be logged in to every site in the network.

Continue reading about Paid Memberships Pro and WordPress Multisite Networks in this guide »

Build an Extendable Membership Site With Paid Memberships Pro

Single sign-on (SSO) is just one example of how you can customize and extend a membership site. You can build your own game-changing membership solution, too! 

As a 100% open source GPL plugin, we designed Paid Memberships Pro to be highly customizable and developer-friendly. This makes PMPro a powerful enterprise-ready choice for people building all kinds of different membership sites—as well as related tools and services.

With PMPro, you can build any kind of member-focused business or organization with the features you need today or down the road. The software itself has been written in a way that allows you to customize and extend its functionality in diverse ways.

Download Paid Memberships Pro today and get an open source solution that will help you build just about anything.