Introduction
Enabling users to sign into your WordPress website with their Azure AD / Microsoft 365 account is an important first step when you want to provide your users with a seamless and integrated experience. And the WPO365 plugins help you achieve this.
But they can do more. For example can they automatically assign a WordPress role to a WordPress user based on the Azure AD group(s) that a user is a member of or deny access to users if they are not. Or automatically redirect a user to specific WordPress page, based on the (login) domain the user belongs to.
Supported features
Automatically assign WordPress role(s)
Each time when a user successfully signs in with Microsoft, WPO365 can be configured to retrieve all the Azure AD (security, Microsoft 365 or distribution list) groups that a user is a (transitive) member of and use this information to apply rules that map between Azure AD groups and WordPress roles.
Alternatively, WPO365 can be configured to assign a WordPress role based on any of the available Azure AD user profile attributes e.g. if department equals HR then assign a (custom WordPress) role HR Employee.
Last but not least, WPO365 can be configured to assign a WordPress role based on the user’s (login) domain.
Rules that would automatically assign WordPress roles to users are – by default – applied whenever a user signs in successfully with Microsoft or when a user is created or updated during User synchronization. However, if you have configured User synchronization and when it runs frequently, then you can decide to skip this step, simply by checking the option Express login and trusting that User synchronization will take care of this.
Restrict access to your WordPress website
Each time a user signs in with Microsoft, WPO365 can be configured to retrieve all the Azure AD (security, Microsoft 365 or distribution list) groups that a user is a (transitive) member of and use this information to deny access if the user is not a member of one or more groups that you have allow-listed.
Alternatively, WPO365 can be configured to deny access to users if their (login) domain is not allow-listed.
Please note that you can also configure WPO365 to restrict access to specific posts or pages using the Audiences feature.
Role update scenarios
WPO365 allows for flexibility and lets you decide, when and how to apply rules to update a user’s WordPress role(s). For example, it can be configured to always add new roles (but leave already assigned roles intact) or to always replace any existing roles and only add new roles according to the mapping rules that you defined. And last but not least, you can configure whether a default role should always be added or only, if none of your rules applies.
Plugins with these features
All supported features on this page are unlocked when you install the ROLES + ACCESS extension. Alternatively, the WPO365 | SYNC and WPO365 | INTRANET bundles also unlock all of the supported features.
Documentation
- Map from Azure AD groups to WordPress roles
- Map from Azure AD user profile properties to WordPress roles
- Map from user (login) domains to WordPress roles
- Map from Azure AD groups to Super Admin role (WordPress Multisite only)
- Restrict access to specific Azure AD groups
- Allow-list specific (login / email) domains
Videos
There are currently no videos available.