Setting Up Single Sign-On in WordPress with AWS Cognito: A Step-by-Step Guide

In this tutorial, we will guide you through the process of setting up Single Sign-On (SSO) in WordPress using AWS Cognito as the OAuth provider. SSO enhances user experience and security by allowing users to log in once and access multiple services seamlessly. By the end of this guide, you’ll have WordPress integrated with AWS Cognito for secure and efficient user authentication.


Before you begin, make sure you have the following:

  1. A WordPress website with administrator access.
  2. Access to your WordPress dashboard.
  3. The Mini Orange OAuth Single Sign-On plugin installed. You can find installation steps in the setup guide linked in the video description.

Step 1: Installing the Mini Orange OAuth SSO Plugin

First, go to your WordPress dashboard. In the left-hand menu, navigate to “Plugins” and click “Add New.” Search for “Mini Orange OAuth Single Sign-On” and install the plugin.

Step 2: Adding a New Application

Once the plugin is installed, you’ll see a new menu item labeled “Mini Orange OAuth” in your WordPress dashboard. Click on it. Here, you’ll find an “Add New Application” button; click on it.

Step 3: Selecting the AWS Cognito Application

You will be presented with a list of available applications. Locate “AWS Cognito” in the list and select it. Then, click “Next.”

Step 4: Note the Callback URL

At this stage, you’ll see the Callback URL. Keep this URL handy, as you will need it later to configure your Cognito app. Click “Next” to proceed.

Step 5: Configuring AWS Cognito

Now, let’s configure AWS Cognito. Follow these steps:

Step 5.1: Access the AWS Cognito Console

Log in to your AWS console using your credentials. In the AWS Services search bar, search for “Cognito” and click on it.

Step 5.2: Create a User Pool

Click on “Create User Pool.” Choose “Email” as the sign-in option, allowing users to sign in using their email addresses.

Step 5.3: Define Password Policy

You can define the length and complexity of passwords using the password policy. You can either use the default policy or customize it as needed.

Step 5.4: Configure Multi-Factor Authentication (MFA)

Scroll down to the multi-factor authentication option. Enable “No MFA” if you want users to sign in with a single authentication factor.

Step 5.5: Select Required Attributes

Under the “Required Attributes” option, select the attributes you want to display when a new user is created. You can also add custom attributes.

Step 5.6: Configure User Account Recovery

Configure how your user pool sends email messages to users and click “Next.”

Step 5.7: Configure User Pool

Enter a name for your user pool and under “Hosted Authentication Pages,” check the option to use the Cognito hosted UI. Then, under “Domain,” choose “Use a Cognito domain” and enter a domain name for your Cognito app.

Step 5.8: Configure App Client Settings

Under “App client,” enter a name for your app. Enable “Generate client secret” to generate a client secret. Now, you’ll need to enter the Redirect Callback URL, which you copied earlier from the Mini Orange OAuth SSO plugin.

Step 5.9: Advanced App Client Settings

Under “Advanced app client settings,” select “Authentication flow” as “Allow user SRP (Secure Remote Password) off.”

Step 5.10: Review and Create User Pool

Review your selections and click “Create user pool” to confirm and create your user pool.

Step 6: Create a User

In the AWS Cognito console, go to the “Users” tab and click “Create user.” Fill in the required user details and click “Create user.”

Step 7: Retrieve Client ID and Client Secret

Under “App Integration” in your user pool settings, you’ll find your client ID and client secret. Keep these credentials handy as you’ll need them for configuration.

Step 8: Configure the Mini Orange OAuth SSO Plugin

Now, go back to the Mini Orange OAuth Single Sign-On plugin in your WordPress dashboard. Replace the “Cognito domain” with the endpoints you configured in AWS Cognito. Click “Next.”

Step 9: Configure OAuth Settings

Paste the client ID and client secret that you copied from your AWS Cognito app. The scope “Open ID” should already be filled in. Click “Next.”

Step 10: Summary and Test Configuration

Review the summary of your app details. Verify that everything is correct and click “Finish.”

Step 11: Log in with AWS Cognito

Log in with your AWS Cognito credentials using the AWS Cognito SSO login button on the WordPress login page.

Congratulations! You have successfully set up Single Sign-On in WordPress using AWS Cognito as the OAuth provider.

Additional Functionality

If you’re looking for additional functionality like user profile mapping and role mapping, you can reach out to us at

That’s it! You’ve learned how to configure SAML SSO in WordPress with AWS Cognito. Enjoy the benefits of streamlined and secure authentication for your WordPress site. If you have any questions or need further assistance, feel free to reach out to us.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top