Map and Sync Microsoft 365 User Attributes to WordPress at SSO

Synchronize user profile information from Microsoft Entra ID (Azure AD) directly to WordPress using the miniOrange All-in-One Microsoft Office 365 Apps Plugin. The plugin syncs key directory attributes such as userPrincipalName, givenName, email, department, job title, employee number and many more, and makes them available within WordPress user profiles.

These user attributes can be used to personalize profile pages, define user roles, and provide attribute-based access. The plugin also supports both automatic and Just-in-Time (JIT) provisioning, giving you full control over how user profile data flows into WordPress.

Attribute Mapping and Storage

With this plugin, you can map Microsoft Entra ID (Azure AD) user attributes to WordPress to reflect important directory data within user profiles. Attributes like department, job title, and employee number are stored as custom user meta in WordPress.

The plugin provides robust support for Azure AD attribute mapping, allowing administrators to exert fine control over how each attribute is matched and stored. You can define exactly which directory fields to map and where they appear in WordPress, ensuring profile data is always consistent with your identity source.

Synchronization Methods

To keep user information up to date, the plugin offers two main methods to sync Microsoft 365 user attributes with WordPress.

The first method is Just-in-Time (JIT) synchronization, which occurs during Single Sign-On (SSO). Each time a user logs into WordPress, their profile is updated with the latest attribute values from Microsoft Entra ID. If the user is signing in for the first time, the plugin creates a WordPress account automatically. If the account already exists, the plugin syncs the latest attributes during login. This method relies on user interaction and ensures that the data is current at the time of access.

The second method is Real-Time User Provisioning through the Microsoft Graph API or Entra ID SCIM. In this method, user accounts and attribute changes are sent directly from the Entra ID to WordPress as they occur. It does not require the user to log in for updates to take place. This allows continuous synchronization of user data, which is especially useful for organizations that need to keep WordPress aligned with their Identity Provider (IDP) at all times.

Administrators can configure these flexible sync rules and map Azure AD attributes to specific fields in WordPress. This ensures that user profiles remain accurate, secure, and aligned with organizational policies.

Key Benefits

Maintain accurate and unified directory data across Microsoft Entra ID and WordPress.

• Keep user profiles updated with the latest Microsoft 365 attributes
• Centralize and streamline identity management across platforms
• Enhance personalization, role-based access control, and reporting with real-time updates
• Ensure alignment between cloud-based and on-premises directories for improved security and governance

Before you begin, make sure:

• The miniOrange All-in-One Microsoft Office 365 Apps Plugin is installed and active. (Refer to the Getting Started – Installation guide for help.)
• SAML-based Single Sign-On (SSO) is configured, or Microsoft Graph API/Entra SCIM provisioning is enabled.
• You have Global Administrator rights in Entra ID (Azure AD).
• You have Admin access to your WordPress site. Refer - WordPress User Roles

To demonstrate attribute synchronization during SSO login, follow the steps below:

• Login to your Microsoft Azure portal and navigate to the Users page from the dashboard.



• Click on New User and then select Create new user.



• Enter the required profile details such as User principal name, Display name, Password, etc. After filling in the details, click on the Review + create button.



• Review the entered details and click on Create. You should now see the newly created user listed on the Users page.



• On your WordPress login page, click on the SSO Login button provided by the miniOrange plugin. This will initiate SSO and redirect you to the Azure login page.



• Login to Azure using the credentials of the newly created user. Once authenticated, you will be redirected back to your WordPress site.
• The newly created Azure user will be automatically provisioned in WordPress.

Note: A new user is created in WordPress only if it does not already exist. If the user already exists, their attributes will be synced with the details from Azure.