Azure AD B2B based single sign-on

Use this guide if you want to configure the Azure AD B2B based single sign-on capability of the WordPress + Microsoft Office 365 / Azure AD plugin.

Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data. See for details. To understand the differences between Azure AD B2B and Azure AD B2C please read this article

If you are in doubt whether you should configure Azure AD B2C based single sign-on or  just  single sign-on then please refer to the plugin's   default single sign-on configuration guide

What you can expect

When you configure the WPO365 | LOGIN plugin to invite external users to collaborate with your organization using Azure AD B2B you can either 

  • Choose to invite external users (this is initiated by you and users can not simply sign up to access resources in your organization including your WordPress website) or
  • Allow users to sign up for your WordPress website (and potentially other applications) themselves by enabling self-service sign-up.

Let's assume for the rest of this article that you want to allow users to sign up themselves and that you have knowledge of User flows and self-service sign-up as explained in this article

Before you start

  • You have reviewed the installation prerequisites and have installed and activated the WPO365 | LOGIN plugin (see Getting started - Installation).
  • In order to support Azure AD B2B you must have at least purchased the WPO365 | LOGIN+ extension or any of the bundles ( WPO366 | SYNC or WPO365 | INTRANET).
  • You are a Global Administrator for your company’s Office 365 tenant / Azure AD directory (or you have at least obtained approval for your plans from your company's Global Administrator ).
  • You are an Administrator for your WordPress website.
  • Your website uses SSL and the internet address starts with https://.

Configure Azure AD B2B

The first step is optional and only needed if you want to configure federation with Gmail users so that users with a Gmail account to be able sign-up for your WordPress website.

User experience

Now that a self-service sign-in / sign-up User flow has been associated with the WordPress Application in Azure AD (in other words, with the App registration) the user experience will change. First of all, a new line No account? Create one! has been added when a user signs in with Microsoft.

Users who already signed up e.g. with their Google account and who now want to sign in with their Google account can click on Sign-in options.

Here users can select alternative Identity providers, for example Google, if configured.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us