The Reply URL together with the Application ID is used by Azure Active Directory to authenticate requests that come from your WordPress application. It is also used by Microsoft to redirect the user after that user successfully signed into your WordPress website using Microsoft.
You should enter here the default landing page of your WordPress backend and include a trailing slash e.g. https://www.my-website.com/wp-admin/ and this entry must match exactly one of the Reply URLs you entered for your registered the App in Azure Active Directory.
Please note that in earlier versions of this documentation it was recommended to redirect to your (front-end) website landing page. However, as it turns out there are possible issues with caching services either offered by plugins such as WP Rocket or by dedicated WordPress hosters.
- When you initially set the Sign-on URL, its value is used twice: To set the Homepage URL of your app registration and to add the (first) Reply URL for that same app registration. When you at a later moment need to update this URL, make sure you update the Reply URL and not the Homepage URL.
- The Sign-on URL must end with a slash “/” if you have configured URL-Rewrite for your WordPress installation. If you don’t know what this is, then it’s probably configured, because by default WordPress adds this rewrite-rule to your .htaccess file (when you’re using Apache). This will cause a redirect when the user navigates to https://www.your-website.com/wp-admin to https://www.your-website.com/wp-admin/. And when this redirect happens, we’ll loose all important login information sent across the wire by Microsoft. As a result the plugin will keep redirecting the user to https://login.microsoftonline.com… in an infinite loop.
- Make sure that the protocol (http or https) and hostname (your-website.com or www.your-website) for the URLs that you have entered in WordPress (see WP Admin > Settings > General > WordPress Address / Site Url) and the URL you’ve entered as Sign-on URL are the same. So if your WordPress Address / Site URL is https://www.your-website.com then your Sign-on URL must start with https://www.your-website.com/ and not with http://your-website.com (protocol wrong, missing www and missing trailing slash). Another example: if your WordPress Address / Site URL ist https://your-website.com then your Sign-on URL must start with https://your-website.com/**.