All sites in the OIT-managed WordPress environment now use Princeton University's Central Authentication Service (CAS) for authorizing access to protected pages, including the WordPress admin dashboard. This replaces the LDAP-integrated WordPress login page.
Accessing /wp-admin or wp-login.php will automatically redirect to the CAS login page. After authentication through CAS with a Princeton netID and password, a logged-in user will be directed back to the original WordPress site. If a netID uses Duo two-factor authentication, Duo will work the same here as with any other CAS-enabled site.
One feature that is not available with the new CAS solution is the ability to bulk add authorized users to a site. We hope to find or write a plugin that will re-enable this feature.
Enabling CAS was one of the last milestones before migrating all of the sites in our managed WordPress environment to a cloud hosting provider.