Don’t try bypassing (server side) cache

The setting “Don’t try to bypass (server side) cache” is not checked by default. This means that by default the plugin will always add an extra redirect before sending the user to Microsoft’s Identity Provider to prevent caching plugins and solutions from replaying an old request with a stale NONCE value, resulting in the dreaded “Your login might be tampered with.” error message. If you haven’t been affected by this issue, you can open the Miscellaneous Tab and check the box and by doing so manually disable the plugin tying to bypass server side caching.

Custom errors

You can customize the error message for each error code with your own text. The error message will be shown just above the login form when the user’s attempt to sign into your website failed.

Check nonce

When checked the plugin will ensure that a so-called NONCE is generated and verified each time a client-solution requests an access token. For more information see [Pintra Framework](

Enable token service

When checked the plugin enable its built-in WordPress AJAX service that can be consumed by client-side (e.g. JavaScript) solutions to request access tokens for Azure AD secured resources e.g. SharePoint Online and Microsoft Graph. For more information see [Pintra Framework](

Microsoft Graph version

Microsoft offers a beta version of its graph, which offers experimental features and optionally returns more data. This can be especially interesting in combination with the retrieval of Office 365 user information.

Do not update existing admins

Version Available Personal Blog (free) No Commercial / School / Non-profit (premium) Yes Properties Value Group User Management Mandatory No Setting description This setting enhances the update user role behavior and if checked would instruct the plugin to skip checking the role and possibly updating it when Azure AD group to WordPress role mapping are […]