Version Supported
Personal Blog (free) No
Commercial / School / Non-profit (premium) Yes

Feature description

Please note This capability applies to User Registration as well as User Synchronization.

If you want to turn your WordPress website into a corporate Intranet and you would like to control access and WordPress role assignment through Azure AD (security) groups, you can do this with the help of:

  • A set of Azure AD group to WordPress role mappings to control the WordPress role assigned to a user when signing into your website.
  • An Azure AD Groups Whitelist to effectively deny users (who are not member of whitelisted Azure AD groups) access to your website. The use of this whitelist is, however, not required. For example, the aforementioned Azure AD group to WordPress role mappings also work fine when the Azure AD Groups Whitelist is left empty.

Required Configuration

For the plugin to receive all the user’s Azure AD Group Memberships, you need to update your Azure AD Application Registration manifest, to provoke the ID token sent by Microsoft to include this information. You can follow this instruction to update the registered application’s manifest.

Please note that you can reference nested Azure AD groups. The ID token received from Microsoft will contain all Azure AD Group IDs of all groups the user is a member of and all group IDs of all groups those groups are member of etc. In other words, Microsoft will resolve the nested Azure AD Group hierarchy, if any.

It’s also worth mentioning that the Azure AD Group to WordPress role mappings will only resolve the first mapping that matches. So if a user is a member of multiple Azure AD Groups and for more than one of these Azure AD Groups you have defined a valid mapping to a WordPress role, only the first one will be used to update the WordPress user’s role.

Furthermore you can configure role based access with the help of the following settings:

Setting Free Premium Use Default
Azure AD to WordPress role mappings No Yes No
update the user’s role No Yes No
update existing user’s when their role is administrator No Yes No
Azure AD Groups Whitelist No Yes No

Leave a Reply

Your email address will not be published. Required fields are marked *