If you want to prevent users from signing into WordPress directly using a password, we recommend simply obfuscating the passwords in WordPress so that users don't know them. Just make sure the admin can still sign in using password.
- Sign into your WordPress account as a user who has privileges to install plugins
- Click Plugin in the left sidebar
- Now you can either search for OneLogin or you can upload the plugin attached to this article.
- Once the plugin is installed, activate it
- The next step is to configure your OneLogin X.509 certificate so the plugin can validate SAML responses coming from your OneLogin account. In OneLogin, go to Security -> SAML and copy.
- Click Settings in the sidebar in WordPress and then click SSO/SAML Settings
- Paste the certificate into the text field and click Save Changes. This completes the setup of WordPress.
- Now add WordPress to your OneLogin account. The Site URL should be the root URL of your wordpress site. VERY IMPORTANT: The URL must end with a slash (/) or the plugin will not pick up SAML responses.