Roles + Access

Introduction

WPO365 plugins enable dynamic assignment of WordPress roles to users based on one of the following user properties:

  • App Roles
  • Azure AD groups Security / M365 / Distribution Lists
  • User Attributes E.g. department:HR
  • Domains Login / Email

Other Role Based Access (RBA) features implemented by the WPO365 plugins are:

  • Restrict access to users of specific Azure AD groups and / or domains
  • Azure AD group based dynamic redirection of a user

Supported features

Dynamic assignment of WordPress roles

Each time when a user successfully signs in with Microsoft, WPO365 can dynamically assign WordPress roles to users based on one of the following user properties:

  • App Roles
  • Azure AD groups Security / M365 / Distribution Lists
  • User Attributes E.g. department:HR
  • Domains Login / Email

Please note Rules that would automatically assign WordPress roles to users are – by default – applied whenever a user signs in successfully with Microsoft or when a user is created or updated during User synchronization. However, if you have configured User synchronization and when it runs frequently, then you can decide to skip this step, simply by checking the option Express login and trusting that User synchronization will take care of this.

WPO365 can either look in the ID token for information concerning a user’s app roles, Azure AD groups and user attributes, or it can retrieve this information from Microsoft Graph.

Restrict access to your WordPress website

Each time a user signs in with Microsoft, WPO365 can check whether access has been restricted to specific Azure AD groups or (login / email) domains. If the user is not a member of any allow-listed groups or domains, they will be redirected to the logged-out page with an error message indicating that access was denied.

Please note You can also configure WPO365 to restrict access to specific posts or pages using the Audiences feature.

Redirection after (successful) login

WPO365 can redirect a user to a specific page based on a user’s group memberships.

Role update scenarios

WPO365 allows for flexibility and lets you decide, when and how to apply rules to update a user’s WordPress role(s). For example, it can be configured to always add new roles (but leave already assigned roles intact) or to always replace any existing roles and only add new roles according to the mapping rules that you defined. And last but not least, you can configure whether a default role should always be added or only, if none of your rules applies.

Plugins with these features

All supported features on this page are unlocked when you install the ROLES + ACCESS extension. Alternatively, the WPO365 | SYNC and WPO365 | INTRANET bundles also unlock all of the supported features.

Documentation

Videos

There are currently no videos available.