WPO365 can enrich a user’s WordPress profile with (custom) Azure AD user profile attributes. Examples of such attributes include the user’s mobile phone and office phone numbers, the office location, the department he / she is in and the job title.
Custom user fields can be updated on various occasions:
- A user interactively signs in with Microsoft
- WPO365 synchronizes users from Microsoft Azure AD to WordPress
- Azure AD User provisioning updates user attributes using the WPO365 SCIM client
Basic user fields
WPO365 differentiates between updating basic WordPress user profile fields and custom user attributes that WordPress will store in so-called user meta fields.
Basic WordPress user fields are:
- First name
- Last name
- Display name
- Email address
Custom user fields
Examples of custom user attributes are:
- Employee ID
- Job title
- Mobile phone
A full list of custom user attributes is available from Microsoft here.
WPO365 can be configured to look for custom user attributes in the ID token it receives when a user signs in with Microsoft using OpenID Connect or in the SAML response when a user signs in with Microsoft using SAML 2.0. By default, however, will the plugin try and connect to Microsoft Graph to retrieve a complete set of user attributes.
BuddyPress Extended Profile Fields
If you configured custom user attributes such as Job title or Mobile phone and you are using BuddyPress, then you can configure the WPO365 plugin to update so-called BuddyPress Extended Profile Fields.
Custom security attributes
Custom security attributes is a new category of attributes that Microsoft has recently introduced and that are supported by WPO365. It requires additional configuration in Azure AD. An administrator must create separate attribute sets and grant specific permissions to assign, read and define attribute sets and their values. You must – for example – assign the App registration that you created for application-level access in Azure AD the role of Attribute Assignment Reader.
Plugins with this feature
If the WPO365 | LOGIN shall automatically update the basic WordPress user fields, when a user interactively signs in with Microsoft, you would need to WPO365 | PROFILE+ extension.
Updating basic WordPress user fields as well as custom user attributes when a user signs in interactively with Microsoft is a feature unlocked by the WPO365 | LOGIN+ extension.
On-demand and scheduled user synchronization updates basic WordPress user fields as well as custom user attributes. This feature requires one of the two bundles WPO365 | SYNC or WPO365 | INTRANET.
Updating BuddyPress’ Extended Profile Fields is feature that is unlocked by the WPO365 | LOGIN+ extension and the WPO365 | SYNC and WPO365 | INTRANET bundles.