Skip to main content
Version: v2

Integrate with WordPress

This guide provides information on how to set up Beyond Identity as a passwordless authentication provider for a Wordpress site.

In this guide, you'll:

  1. Configure Beyond Identity as an Identity Provider
  2. Install and configure the Beyond Identity Passwordless Plugin

Prerequisites

Before continuing, make sure that the following prerequisites have been met:

Set up Beyond Identity as an Identity Provider

To set up Beyond Identity as an Identity Provider, you need to create a Realm to hold identities and configuration. Inside that realm, you'll need to create an Application that contains the authentication flow configuration. These can be configured in your Admin Console that was created for you when you signed up for a developer account.

Create a Realm

Creating a realm from the Beyond Identity Admin Console is easy.

  1. In the Admin Console, under Tenant Management, select Go to realm > Create new realm.

    Admin Console Create new realm

  2. Enter a name for your realm and click Create realm.

  3. In the confirmation dialog, switch to the new realm.

    Create new realm confirmation success

Create an Application

  1. From the Admin Console, under Authentication, select Apps > Add new app.

    Admin Console Apps Add new app

  2. Give your application a name.

    Admin Console Add a new application window

  1. On the External Protocol tab, use the following values to complete this tab.


    Client Configuration

PropertyValue
ProtocolOIDC

Why OIDC?

OAuth2 is primarily an authorization framework for resource access, while OIDC builds on OAuth2 to provide an identity layer for authentication, allowing client applications to obtain information about the authenticated user. Both protocols are often used together in modern applications to provide a comprehensive solution for secure authentication and authorization.

Client TypeConfidential

Why Confidential?

A "confidential" client type is ideal when your application can securely store a client secret and requires enhanced security features for token exchange and accessing user-specific resources. If your application runs in an untrusted environment or you cannot securely manage a client secret, a "public" client type might be more appropriate.

PKCEDisabled
Redirect URIsYour redirect URI follows the pattern:

https://${your-website-domain.com}/wp-admin/admin-ajax.php?action=openid-connect-authorize
Token Endpoint Auth MethodClient Secret Post
Grant TypeAuthorization Code

Why Authorization Code?

The "authorization_code" grant type is suitable for confidential clients, especially when your application needs to access user-specific resources, requires Single Sign-On (SSO) support, and prioritizes security in the authentication process. It provides a secure and standardized way to obtain access to user data and resources without exposing user credentials to the client application.

All other optionsUse the default values for the remaining options

  1. Click the Authenticator Config tab and use the following values.
PropertyValue
Configuration TypeHosted Web

Why Hosted Web?

Hosted Web handles passkey registration and authentication for you, including generating new passkeys, presenting users with authenticator choice options as needed, and validating passkey assertions. With this model, your app simply needs to redirect to Beyond Identity's hosted web authenticator, and we do the rest.

Authentication ProfileUse the recommended values for the remaining options
  1. Click Submit to save the new app.

At this point, your Beyond Identity Admin Console should be configured with a realm and an application set up. The Hosted Web handles passkey registration and authentication for you, including generating new passkeys, presenting users with authenticator choice options as needed, and validating passkey assertions. You are now ready to configure the OpenID Connect WordPress plugin.

Configure the Beyond Identity Passwordless Plugin

Install the plugin

note

You must have administrative privileges in WordPress.

The easiest way to install and activate the plugin is directly from your admin dashboard:

  1. Log into your Wordpress admin console.
  2. Tap on the dashboard Plugins tab.
  3. Search for Beyond Identity Passwordless in the seach field.
  4. Tap Install and then Active on the plugin card.

wordpress-dashboard-install

You can also follow the installation steps specified in the Beyond Identity Passwordless Installation Guide.

Configure the plugin

After you've installed the plugin, you'll need to configure the plugin.

  1. Tap on the dashboard Beyond Identity tab.

wordpress-settings

WordPress Settings FieldBeyond Identity value
Issuer URLCopy and paste the Issuer URL value from your application's External Protocol tab.
Client IDCopy and paste the Client ID value from your application's External Protocol tab.
Client Secret KeyCopy and paste the Client Secret value from your application's External Protocol tab.
  1. Click Save Changes.

Congratulations! You have configured the Beyond Identity Passwordless plugin.

Try it out

In this final step, you'll attempt to log in and verify successful authentication.

  1. Go to http://your_hostname/wp-login.php to test authentication.

  2. Click the Continue with Passwordless button. You'll be redirected to the Beyond Identity Hosted Web Authenticator.

  3. At the conclusion of a successful authentication, you'll be redirected to your WordPress admin console or to your site depending on your current role.

  4. From the Beyond Identity Admin Console, go to Events to view several successful authentication events.

login

note

New users are added to your WordPress database with the default user role. Existing user's roles are unchanged. Both types of users will be associated with a Beyond Identity ID (a.k.a "sub" claims from the

The fallback content to display on prerendering
)

users