Connecting WordPress with Azure AD and Microsoft 365

Feature description

WPO365’s Azure Active Directory User Synchronization for WordPress will help you automate a number of otherwise error-prone and cumbersome tasks, such as

• Creating new WordPress user accounts when onboarding users.
• Keeping existing WordPress user accounts up-to-date.
• Deleting or de-activating of WordPress user accounts when offboarding users.

WPO365’s Azure Active Directory User Synchronization for WordPress is easy to configure. Simply define a query to select users from your Azure Active Directory e.g. All (transitive) members from a given Azure AD security group.

When WPO365 processes the results of that query it tries to match users from Azure AD with existing WordPress users. Matching users is performed by comparing usernames and email addresses with the following possible outcomes:

• When no existing WordPress user is found, a new user will be created
• When an existing WordPress is found, the user will be updated

WPO365’s Azure Active Directory User Synchronization for WordPress will (soft) delete existing WordPress users as soon as all the results of the query are processed. It will select existing WordPress users with a username or email address that ends with any of your custom (login / email) domains and that were neither created nor updated during the current user synchronization cycle.

WPO365’s Azure Active Directory User Synchronization for WordPress is highly configurable.

• A Microsoft Graph query is used to select users from your Azure Active Directory and it supports advanced query options such as $filter and $search. It is also possible to select all (transitive) members of an Azure AD group.
• User synchronization can be scheduled, started manually or triggered by an external task scheduling service.
• Actions to create, update and delete users can be activated and deactivated. If no action is activated, the synchronization simply logs the action it identified and thus allows you to preview the result.
• You can opt to ignore Guest users (external identities).
• Optionally an email summarizing the user synchronization results can be sent each time a job finishes.
• It is possible to define multiple synchronization jobs (but this automatically disables the ability to (soft) delete users).
• When deleting users content can be re-assigned to another user.

WPO365’s Azure Active Directory User Synchronization for WordPress is transparent and after each job a full tabular log with a search function is available for inspection and analysis.

Plugins with this feature

The following plugins unlock the WPO365 User synchronization feature:

• WPO365 | SYNC
• WPO365 | INTRANET

Documentation

The following knowledge-base article(s) will help with the implementation:

• Synchronize users from Azure AD to WordPress
• Microsoft 365 profile picture as WP avatar
• Synchronize Microsoft 365 / Azure AD profile fields
• Map between Azure AD groups and WordPress roles
• Hooking WP-Cron into a task scheduling service

Please note

• Since WordPress servers do not allow processes to run for a long time, users are fetched from Microsoft Graph in batches of a configurable size. e.g. 10 or 20. After the first batch has been processed, a new task is created to process the next batch and so on until all users are processed.
• Internally the plugin uses WordPress CRON jobs to process user synchronization batches. Unfortunately, this system is not very reliable because WordPress CRON jobs are only triggered when a visitor requests a page. So if no one visits your site then tasks may not be executed on time and errors may occur. Consult this article to improve the reliability of WordPress CRON jobs you have several alternatives.