|Personal Blog (free)||No|
|Commercial / School / Non-profit (premium)||Yes|
Please note This capability applies to User Registration as well as User Synchronization.
If you want to turn your WordPress website into a corporate Intranet and you would like to control access and WordPress role assignment through Azure AD (security) groups, you can do this with the help of:
- A set of Azure AD group to WordPress role mappings to control the WordPress role assigned to a user when signing into your website.
- An Azure AD Groups Whitelist to effectively deny users (who are not member of whitelisted Azure AD groups) access to your website. The use of this whitelist is, however, not required. For example, the aforementioned Azure AD group to WordPress role mappings also work fine when the Azure AD Groups Whitelist is left empty.
For the plugin to receive all the user’s Azure AD Group Memberships, you need to update your Azure AD Application Registration manifest, to provoke the ID token sent by Microsoft to include this information. You can follow this instruction to update the registered application’s manifest.
Please note that you can reference nested Azure AD groups. The ID token received from Microsoft will contain all Azure AD Group IDs of all groups the user is a member of and all group IDs of all groups those groups are member of etc. In other words, Microsoft will resolve the nested Azure AD Group hierarchy, if any.
It’s also worth mentioning that the Azure AD Group to WordPress role mappings will only resolve the first mapping that matches. So if a user is a member of multiple Azure AD Groups and for more than one of these Azure AD Groups you have defined a valid mapping to a WordPress role, only the first one will be used to update the WordPress user’s role.
Furthermore you can configure role based access with the help of the following settings:
|Azure AD to WordPress role mappings||No||Yes||No|
|update the user’s role||No||Yes||No|
|update existing user’s when their role is administrator||No||Yes||No|
|Azure AD Groups Whitelist||No||Yes||No|