Use Descope With WordPress

Using WordPress to create web applications offers flexibility and control over your design and functionality. This guide will help you implement Descope's advanced authentication features into your WordPress project. We have developed the Descope WordPress Auth Plugin to simplify this integration.

Install the Descope WordPress Auth Plugin

1. Download the Descope WordPress Auth Plugin as a .zip file from our repository.

2. Go to your WordPress dashboard, choose Plugins > Add New > Upload Plugin, and upload the plugin you downloaded.

3. Go to your WordPress dashboard, choose Plugins > Installed Plugins, and activate the Descope WordPress Auth Plugin if it is not already activated.

Configure Descope Settings

1. Return to your WordPress dashboard and go to the Descope Settings tab.

2. Under Descope Configuration, set the Descope Project Id you want to use on your WordPress site.

3. If you are utilizing the SSO functionality, provide your Descope SAML or OIDC Configuration details under the SSO Configuration tab. You must first set up a SAML or OIDC application in your Descope console, as described in our SSO Applications Guide.

Shortcodes

You can utilize our shortcodes to add Embedded Flows, SAML/OIDC SSO, and Google OneTap to your WordPress site.

Embedded Flows

Add the [descope-wc] shortcode on the page where you want to display your flow. If you don't specify a Flow Id, it will default to "sign-up-or-in". To run a different flow, you can pass the Flow Id directly in the shortcode.

This shortcode will make the specified Descope Flow appear directly on the WordPress page it is embedded in. You can customize styling in the Descope Console to make the flow seamlessly blend into your WordPress page.

You can customize your flow to include any of our Authentication Methods from the Descope Console.

SAML/OIDC SSO

First, make sure you have set up your SSO application in your Descope console, as described in our SSO Applications Guide. Then, make sure to provide your SAML or OIDC Configuration Details in the Descope Settings page of your WordPress dashboard. Some values have been masked below, but make sure to provide all the values in the relevant column.

Add the [saml_login_form] or [oidc_login_form] shortcode to your main page to add the SSO capabilities.

When the user is not logged in, the shortcode will display a login button, and when the user is logged in, a logout button will be displayed instead.

Google One Tap

Use the [onetap_form] shortcode to add Google One Tap to your WordPress page. You can add it anywhere you want the user to be able to sign in from, and it will only show up when the user is not already authenticated. You'll have to configure a custom Google Provider as described in our One Tap documentation, and pass the Provider Id to the shortcode. If no Provider Id is given, the shortcode will default to the "google" Provider Id.

When properly configured, this shortcode will render as a One Tap popup, and the Google One Tap sign in will be synced with WordPress.

User Syncing

The WordPress user table is the source of truth for your site's users. The user table is synced with Descope every 24 hours, but you can also manually sync users under Sync Users in the Descope Settings tab of your WordPress dashboard.

This is also where you can map WordPress custom fields to a Descope custom attribute you have already created. Any WordPress custom fields mapped here will show up in the Descope user table as custom attributes.

Final Thoughts

The Descope WordPress Plugin is the ideal solution for anyone looking to improve the security and user experience of their WordPress site. With advanced features like passwordless login, MFA, and SSO, you can protect your site while providing a seamless experience for your users.

If you have any questions or require further assistance, please contact our support team at Descope.