Single Sign Out is a feature of Azure AD that will try to sign out a user from all Azure AD applications he / she has previously signed into when that users signs out of Microsoft.
To support this feature, you must update the configuration of your Azure AD App registration for your WordPress website and set the so-called Logout URL on the one hand side. On the other hand side you must tell WordPress that users can logout without confirmation by checking this option.
To configure Single Sign Out you must first update your Azure AD App registration as follows:
- Navigate to Azure Portal.
- In the Azure Active Directory pane, click on App registrations and choose the app you have registered for your WordPress website.
- Click on Authentication.
- First the logout URL for your website e.g. https://www.example.com/wp-login.php?action=logout as a Redirect URI.
- Then add the logout URL for your website as Logout URL.
Important You must add the logout URL exactly as shown in the example but obviously you should change the URL’s hostname part (www.example.com) and replace it with your website’s hostname instead.
Important You must add the Logout URL also as a Redirect URI or else it won’t work.
For Single Sign Out to work correctly, you must check the option Enable logout without confirmation. If you do not enable this, WordPress will ask the user for a confirmation. However, Azure AD will call the Logout URL in an iframe and therefore the user cannot interact with the request.