Khoi Pro Announcing SSO for Microsoft Entra — A Free, Open-Source WordPress Plugin
I’ve just published SSO for Microsoft Entra, a free and open-source WordPress plugin that brings single sign-on (SSO) to WordPress via Microsoft Entra ID (formerly Azure Active Directory).
It’s available now on both WordPress.org and GitHub.
Why I Built This
At CODE TOT, we manage WordPress sites for businesses that run on Microsoft 365. Every time we onboarded a new client, the same pain points surfaced:
- Setting up separate WordPress accounts for every team member
- Resetting forgotten passwords
- Worrying about ex-employees who still had active accounts
- Paying for expensive proprietary SSO plugins that did more than what most teams actually needed
The existing solutions were either expensive (miniOrange, WPO365 — $49 to $499/year) or technically outdated. There wasn’t a free, modern, and well-documented open-source option that used OpenID Connect with PKCE — the current security best practice.
So I built one.
What It Does
SSO for Microsoft Entra lets users sign in to WordPress using their Microsoft 365 work account. No separate WordPress password required.
| Feature | Detail |
|---|---|
| OIDC + PKCE | Most secure OAuth 2.0 flow — no client secret exposure on the frontend |
| Auto provisioning | WordPress accounts created on first SSO login (Subscriber role by default) |
| Encrypted secrets | Client secrets stored with libsodium or AES-256-GCM |
| Rate limiting | Built-in protection against brute-force SSO attempts |
| Auto-redirect | Optionally skip the WordPress login page entirely |
| Contextual help | Step-by-step Azure Portal setup guide built into the settings page |
| Vietnamese translation | Full translation included |
How It Compares
| Factor | SSO for Microsoft Entra | miniOrange | WPO365 |
|---|---|---|---|
| Price | Free ($0) | $49–$499/yr | €99–€399/yr |
| Open source | ✅ GPL-2.0 | ❌ | ❌ |
| OIDC + PKCE | ✅ Native | ❌ (SAML) | ✅ |
| Encrypted secrets | ✅ libsodium/AES-256-GCM | ❌ | ✅ |
| Vietnamese | ✅ | ❌ | ❌ |
| Rate limiting | ✅ Built-in | ❌ (addon) | ✅ |
Setting It Up (5 Minutes)
- Install the plugin from WordPress.org or GitHub
- Register an app in Azure Portal (App registrations → New registration — set redirect URI to
https://yoursite.com/sso/callback) - Configure in WordPress: Settings → Entra SSO → enter Tenant ID, Client ID, Client Secret
- Set permissions: Microsoft Graph → Delegated:
openid,profile,email - Test in an incognito window
Detailed documentation is available on the settings page itself (click the Help button) and in the GitHub README.
Get Involved
- Download: WordPress.org | GitHub Releases
- Report bugs: GitHub Issues
- Security issues: GitHub Security Advisories
- Star the repo: GitHub
If you’re running WordPress for a business on Microsoft 365, give it a try. It’s free, it’s open source, and it just works.
Built by Khoi Pro — WordPress Core Contributor, Plugin Developer, and founder of CODE TOT.
