Introduction
WPO365 plugins enable dynamic assignment of WordPress roles to users based on one of the following user properties:
- App Roles
- Azure AD groups Security / M365 / Distribution Lists
- User Attributes E.g. department:HR
- Domains Login / Email
Other Role Based Access (RBA) features implemented by the WPO365 plugins are:
- Restrict access to users of specific Azure AD groups and / or domains
- Azure AD group based dynamic redirection of a user
Supported features
Dynamic assignment of WordPress roles
Each time when a user successfully signs in with Microsoft, WPO365 can dynamically assign WordPress roles to users based on one of the following user properties:
- App Roles
- Azure AD groups Security / M365 / Distribution Lists
- User Attributes E.g. department:HR
- Domains Login / Email
Please note Rules that would automatically assign WordPress roles to users are – by default – applied whenever a user signs in successfully with Microsoft or when a user is created or updated during User synchronization. However, if you have configured User synchronization and when it runs frequently, then you can decide to skip this step, simply by checking the option Express login and trusting that User synchronization will take care of this.
WPO365 can either look in the ID token for information concerning a user’s app roles, Azure AD groups and user attributes, or it can retrieve this information from Microsoft Graph.
Restrict access to your WordPress website
Each time a user signs in with Microsoft, WPO365 can check whether access has been restricted to specific Azure AD groups or (login / email) domains. If the user is not a member of any allow-listed groups or domains, they will be redirected to the logged-out page with an error message indicating that access was denied.
Please note You can also configure WPO365 to restrict access to specific posts or pages using the Audiences feature.
Redirection after (successful) login
WPO365 can redirect a user to a specific page based on a user’s group memberships.
Role update scenarios
WPO365 allows for flexibility and lets you decide, when and how to apply rules to update a user’s WordPress role(s). For example, it can be configured to always add new roles (but leave already assigned roles intact) or to always replace any existing roles and only add new roles according to the mapping rules that you defined. And last but not least, you can configure whether a default role should always be added or only, if none of your rules applies.
Plugins with these features
All supported features on this page are unlocked when you install the ROLES + ACCESS extension. Alternatively, the WPO365 | SYNC and WPO365 | INTRANET bundles also unlock all of the supported features.
Documentation
- Tutorial: Map from Azure AD groups to WordPress roles
- Map from app roles to WordPress roles
- Map from Azure AD user profile properties to WordPress roles
- Map from user (login) domains to WordPress roles
- Map from Azure AD groups to Super Admin role (WordPress Multisite only)
- Restrict access to specific Azure AD groups
- Allow-list specific (login / email) domains
- Redirect users based on their Azure AD group membership
Videos
There are currently no videos available.