Valuable feedback in the form of an issue created over at Github has helped us identify a flaw in the authentication flow and gave us the idea to add two scenarios to the plugin: ‘Intranet’ and ‘Internet’.
Release 1.7 available now
With version 1.7 we have added the concept of scenarios to our plugin. Using one of two scenarios you can now decided whether authentication is required for all users including readers or only for authors who access the WordPress backend. Obviously, in an intranet scenario – which is our default scenario – you would want all users to have authenticated successfully with your Office 365 tenant’s Azure Active Directory, as most content is likely to be at least classified for internal use only. However, to accomodate for scenarios where such authentication would not be required and you only want the authors to use the Azure Active Directory integration you can now select an ‘Internet’ scenario.
Furthermore we added a few more options to the WPO365-login plugin’s administration page:
- Default role for an Azure Active Directory / Office 365 User in WordPress (default is ‘Subscriber’)
- Prevent users to update their password (default is ‘Yes’)
- Prevent users to update their email address (default is ‘Yes’)
Curious? Go test our plugin and download it from the WordPress Plugin Directory.