Protect complete site with sso (Forced authentication)

Applies to : Premium or Higher version

  • This feature allows you to restrict site to non-logged in user.
  • Here, enabling restrict site to non- logged in users will auto redirect the user to login page of OAuth /OpenID provider if user is not already logged in. After performing sso user can access the site.
  • Along with protecting complete site (all pages) with SSO, we also provides an option to exclude the URL from auto redirect.
    You can configure or exclude some URLs from protecting with SSO such that non-logged in users can access those page URLs without SSO.
  • Click here to learn more about the usecases for Force Authentication.

How to configure?

  • You can configure this option by turning on (checking) the option “Restrict site to logged in users” in the Sign In Settings tab -> Advanced Settings
  • When you save the settings, you will be presented with this screen:
    restrict-site-to-logged-in-users
  • Here, you can also configure the URLs that you want to allow the non-logged in users to be able to see.
  • Enter these URLs on separate lines like shown above.
  • There is also a backdoor URL for administrative purposes.
  • This URL is in this format:
      <wordpress-site-url>.com/wp-login.php?oauthlogin=false

    In this Example, URL is: https://example.com/wp-login.php?oauthlogin=false

  • With this feature enabled, when a user is not logged in and tries to access the WordPress site, user will be auto redirected to the oauth provider's login page and they will see the message 'Redirecting to the default login Page'. You can change this message by doing the below settings.
    restrict-site-to-logged-in-users

Restrict Only Configured URLs

  • Enable this option to restrict access to the URLs configured in the text box.

  • With this enabled, your entire site will remain accessible, but only the URLs specified in the textbox will be restricted for non-logged-in users.

  • When users who are not logged in attempt to access these restricted URLs, they will be redirected to the login page of the OAuth/OpenID provider. After performing sso user can access the site/page.
    restrict-site-to-logged-in-users