Microsoft Entra External ID


With WPO365, you can create / update users from WordPress in Microsoft Entra External ID, keep them synchronized and enable them to sign in with their email address.

About Microsoft Entra External ID

Microsoft Entra External ID for customers, also known as Azure Active Directory (Azure AD) for customers, is Microsoft’s new customer identity and access management (CIAM) solution. For organizations and businesses that want to make their public-facing applications available to consumers, Azure AD makes it easy to add CIAM features like self-service registration, personalized sign-in experiences, and customer account management. Because these CIAM capabilities are built into Azure AD, you also benefit from platform features like enhanced security, compliance, and scalability.

A good start for understanding Microsoft’s new Entra External ID (Azure AD for Customers) is this overview.

About Azure AD B2C

If you’re a new customer, you might be wondering which solution is a better fit, Azure AD B2C or Microsoft Entra External ID (preview). Choose the current Azure AD B2C product if:

  • You have an immediate need to deploy a production ready build for customer-facing apps.

Keep in mind that the next generation Microsoft Entra External ID platform represents the future of CIAM for Microsoft, and rapid innovation, new features and capabilities will be focused on this platform. By choosing the next generation platform from the start, you will receive the benefits of rapid innovation and a future-proof architecture.

Choose the next generation Microsoft Entra External ID platform if:

  • You’re starting fresh building identities into apps or you’re in the early stages of product discovery.
  • The benefits of rapid innovation, new features and capabilities are a priority.

A couple of “nice” features from Azure AD B2C are currently not supported by Entra External ID / Azure AD for Customers:

  • Use of a custom login domain
  • Embedded login experience
  • Support for multiple User Flows with individual endpoints e.g. Sign-up, Sign-in, Password reset, Profile update
  • Enable sign-up for everyone

Supported features

Single Sign-on for Azure AD B2C users

The WPO365 | LOGIN plugin supports – out of the box – Microsoft based Single Sign-on for Azure AD, Azure AD B2C and Entra External ID.

Support for Entra External ID (Azure AD for Customers) based single sign-on
Create / update users in Azure AD B2C / for Customers from WordPress

If your WordPress website offers features that require users to register – for example when you sell products or online-courses – then WPO365’s solution for Azure AD B2C / Entra External ID can help you create (and update) users in either platform from WordPress. To achieve this, WPO365 will intercept WordPress, just before it creates a new user (by hooking into the wp_pre_insert_user_data filter). It will take the user data and use it to create a new user in the targeted cloud platform using Microsoft Graph.

WPO365 will create a new “local” user identity in Azure AD B2C / Entra External ID who will then be able to sign in with his / her email address and password.

Please note Administrators that implement Entra External ID (Azure AD for Customers) can select users to authenticate using a One Time Passcode (instead of a password).

Since WPO365 creates the Entra External ID user before the WordPress user is created, administrators can choose to change a user’s WordPress username (e.g. use the Object ID instead of the email address) and a user’s password – to ensure all your WordPress users have very strong passwords. Since users will sign in with their Entra External ID account using their email address (and possibly receive a One Time Passcode) they don’t need to know and remember their WordPress username and password.

In addition to users being automatically created in Entra External ID when they interactively register in WordPress, administrators can (bulk) create users individually and on-demand from the default WordPress user list, if this feature is enabled. The status of the last attempt to create a WordPress user in Entra External ID (or update an existing user) can be seen just below the send-button.

(Bulk) Create users in Azure AD B2C / for Customers (Entra External ID)
User synchronization from Azure AD B2C to WordPress

The WPO365 | LOGIN plugin is capable of registering a new WordPress user for each new Entra External ID user that signs in successfully. And when that user signs in again, the plugin is able to update some of the user’s attributes. But this is “just in time” and leaves a website owner with hardly any control over the quality of the user data in WordPress.

WPO365’s user synchronization, closes this gap. It gives website owners an advanced tool that allows them to update the WordPress user data at regular intervals e.g. one time per day. It also allows for (soft) deletion of users that have closed their account and that should no longer be eligible to sign in.

Plugins with these features

Just Azure AD for Customers / Entra External ID based single sign-on (SSO) is supported by WPO365 | LOGIN that is available at no cost.

All other features on this page require the CUSTOMERS addon.



There are currently no videos available.

Quick Links