User role(s) update scenario

Version Available
Personal Blog (free) No
Commercial / School / Non-profit (premium) Yes
Properties Value
Group User Management
Mandatory No

Setting description

Each time a user signs into your website the plugin will verify whether the user’s login information contains additional (Azure AD Security Group) membership information. If this is the case and if you have configured mappings between Azure AD Security Groups on the one hand and WordPress roles on the other hand (see online documentation) then the plugin can update the user’s WordPress role(s) in one of the following two ways:

  • Deleting all existing roles and then add the new ones
  • Add any possible new roles (default behaviour)

The plugin is capable of assigning multiple WordPress roles to a user and when it analyzes which roles to add, it will try and add the Default role main site first and additionally try adding any role that maps to any of the Azure AD Security Groups that the user is a member of. So without any mapping between Azure AD Security Groups and WordPress roles the user will at least receive the role that you configured as default for the main site.

Usage / Example(s)

Use the dropdown to change the selected scenario from “Add” (default) to “Replace”.

wp-config.php configuration

You can use the following wp-config.php setting:

// Enable dynamically updating a user's role
define( 'WPO_REPLACE_OR_UPDATE_USER_ROLE', '1' ); // '1' => Add, '2' => Replace

When you choose no to use the Redux Framework (premium version only).


There is limitation of the number of groups sent by Microsoft. If the user is member of a large number of groups, vital information may be truncated.

Microsoft will not only send the IDs of the groups the user is direct member of but also the IDs of those groups that encapsulate groups he / she is a member of (nested groups).

Leave a Reply

Your email address will not be published. Required fields are marked *