WPO365’s Azure Active Directory User Synchronization for WordPress will help you automate a number of otherwise error-prone and cumbersome tasks, such as
- Creating new WordPress user accounts when onboarding users.
- Keeping existing WordPress user accounts up-to-date.
- Deleting or de-activating of WordPress user accounts when offboarding users.
WPO365 User synchronization also unlocks features found in other WPO365 extensions e.g.
- Avatar Update a user’s WordPress avatar with the user’s Azure AD profile picture
- Custom User Fields Synchronize advanced user attributes from Azure AD e.g. mobile phone, employee ID
- Roles + access Assign WordPress roles based on the user’s Azure AD group memberships
To select users from your Azure Active Directory e.g. All (transitive) members from a given Azure AD security group you can simply query against Microsoft’s unified API, called Microsoft Graph.
Since WordPress servers do not allow processes to run for a long time, users are fetched from Microsoft Graph in batches of a configurable size. e.g. 10 or 20. After the first batch has been processed, a new task is created to process the next batch and so on until all users are processed.
Look up users
When the plugin processes the results of the Microsoft Graph Query, it tries to match users from Azure AD with existing WordPress users. This matching is performed by looking up WordPress users by their Azure AD Object ID (which the plugin may have saved during a previous run) usernames (long and short versions are both supported) and / or email address.
You can configure the plugin to create, update and / or (soft) delete users, when executing the synchronization.
- When no existing WordPress user is found, a new user will be created
- When an existing WordPress is found, the user will be updated
WPO365’s Azure Active Directory User Synchronization for WordPress will (soft) delete existing WordPress users as soon as all the results of the query are processed. It will select existing WordPress users with a username or email address that ends with any of your custom (login / email) domains and that were neither created nor updated during the current user synchronization cycle.
If no actions are selected, the the results of the synchronization are logged and can be previewed to understand what actions the plugin would have applied.
User synchronization can be scheduled, started manually or triggered by an external task scheduling service.
Internally the plugin uses WordPress CRON jobs to process user synchronization batches. Unfortunately, this system is not very reliable because WordPress CRON jobs are only triggered when a visitor requests a page. So if no one visits your site then tasks may not be executed on time and errors may occur. Consult this article to improve the reliability of WordPress CRON jobs you have several alternatives.
- You can opt to ignore Guest users (external identities).
- Optionally an email summarizing the user synchronization results can be sent each time a job finishes.
- It is possible to define multiple synchronization jobs (but this automatically disables the ability to (soft) delete users).
- When deleting users content can be re-assigned to another user.
Plugins with these features
User synchronization is included in WPO365 | SYNC and WPO365 | INTRANET bundles.
- Synchronize users from Azure AD to WordPress
- Microsoft 365 profile picture as WP avatar
- Synchronize Microsoft 365 / Azure AD profile fields
- Map between Azure AD groups and WordPress roles
- Hooking WP-Cron into a task scheduling service