Title: WordPress Application Passwords
Last modified: March 19, 2025

---

# WordPress Application Passwords

 *  Resolved [alexwbaumann](https://wordpress.org/support/users/alexwbaumann/)
 * (@alexwbaumann)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/wordpress-application-passwords/)
 * I want our users to login using Azure w/ SAML 2.0 but I also have applications
   outside of WP that POST or GET info that do not rely on anything related to O365.
   These currently use a users Application Password for authentication. Is it possible
   to allow these for REST endpoints?

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Plugin Author [Marco van Wieren](https://wordpress.org/support/users/wpo365/)
 * (@wpo365)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/wordpress-application-passwords/#post-18371895)
 * Hi [@alexwbaumann](https://wordpress.org/support/users/alexwbaumann/)
 * Thank you for reaching out!
 * WPO365 does not have logic to secure those endpoints by validating the application
   password. But if you have selected the **Intranet** _Authentication scenario_
   on the plugin’s “Single Sign-on” configuration page, then you can exempt the 
   WP REST endpoint by adding “/wp-json/wp/v2” (or a more specific path) to the 
   list of _Pages freed from authentication_, which you can find on the same configuration
   page.
 * Hope that helps! Please let me know if you any further questions.
 * -Marco
 *  Thread Starter [alexwbaumann](https://wordpress.org/support/users/alexwbaumann/)
 * (@alexwbaumann)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/wordpress-application-passwords/#post-18373387)
 * Thank you. I did forget to mention that we have the Intranet option set. I can
   whitelist those endpoints. Since I want those endpoints to remain protected, 
   I will need to handle my own authentication.
 *  Plugin Author [Marco van Wieren](https://wordpress.org/support/users/wpo365/)
 * (@wpo365)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/wordpress-application-passwords/#post-18373514)
 * Hi Alex
 * Yes, I believe this what you would indeed need to do: Allow-list those endpoints
   in WPO365 so it doesn’t interfere with requests to that endpoint and then have
   another customization / plugin deal with those requests (e.g. check for and verify
   an application password).
 * Hope that helps!
 * -Marco

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘WordPress Application Passwords’ is closed to new replies.

 * ![](https://ps.w.org/wpo365-login/assets/icon-256x256.png?rev=2683314)
 * [WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN)](https://wordpress.org/plugins/wpo365-login/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wpo365-login/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wpo365-login/)
 * [Active Topics](https://wordpress.org/support/plugin/wpo365-login/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wpo365-login/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wpo365-login/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [Marco van Wieren](https://wordpress.org/support/users/wpo365/)
 * Last activity: [1 year, 2 months ago](https://wordpress.org/support/topic/wordpress-application-passwords/#post-18373514)
 * Status: resolved