Office 365 Profile and Avatar Synchronization

Feature description

Please note This capability applies to User Registration as well as User Synchronization.

Extra user profile fields

The WordPress + Office 365 Login plugin not only serves the purpose of delegating the authentication of a WordPress user to Microsoft but it has also a handful of highly useful capabilities that enrich the user’s profile in WordPress or BuddyPress. For one, the plugin can, when enabled through configuration, retrieve additional user profile fields from Office 365 (actually: Azure AD) and add these fields as additional user meta fields in WordPress. The user is able to add fields that are not populated and save those fields manually. However, these fields may be overwritten when you as an administrator choose to synchronize users and whilst doing so to update the user information already stored in WordPress.

Extra user profile fields example

Through configuration you can choose the (technical) fields that you’d like to retrieve from Microsoft Graph and set their corresponding title in WordPress. The table shows an example of this configuration.

TitleTechnical name
Job titlejobTitle
Office locationofficeLocation
Mobile phonemobilePhone
Business PhonesbusinessPhones

See the online documentation regarding the Get user API.

Please note that you can optionally change the Microsoft Graph version and select beta in which case Microsoft Graph would sent more fields than v1.0.

Avatar

Furthermore the plugin is capable of retrieving a user’s Office 365 profile image and save it in WordPress and set it as that user’s avatar. Once it retrieved a user’s profile image it will refresh it after a configurable period of time, to reduce the number of calls made to Microsoft Graph.

Required Configuration

For this feature to work correctly, you must change the permissions that you initially granted to the registered app for the WordPress + Office 365 Login plugin. To do so, proceed as follows:

  • Sign into your Azure Portal
  • Navigate to Azure Active Directory, click App registrations followed by View all applications and select your application registration
  • For your application registration click Settings in the left upper corner and select Required permissions from the available Settings
  • Click Add and then 1 Select API and check Microsoft Graph
  • Scroll down to the section Delegated permissions and check Read all users’ full profiles
  • Save your changes and finally click Grant permissions
Updated permissions for registered app

Please note that if you select User.Read.Basic instead of User.Read.All synchronization of extra profile fields will fail.