Microsoft Entra ID (Azure AD) User Attributes to WordPress Role Mapping

Our All‑in‑One Microsoft Office 365 Apps Plugin allows the automatic assignment of WordPress roles based on Microsoft Entra ID (Azure AD) user properties. When users sign in with their Microsoft Entra ID credentials, their WordPress access permissions are determined dynamically according to the most recent details stored in the Microsoft Entra ID directory, automatically reflecting any organizational changes.

The All‑in‑One Microsoft Office 365 Apps Plugin can retrieve these properties from:

• Claims in ID tokens during OpenID Connect or OAuth 2.0 sign-in
• Attributes in SAML 2.0 responses for SAML-based SSO
• Profile data from the Microsoft Graph API
• Data provided through SCIM-based provisioning

When a user logs into WordPress through Azure Single Sign On (SSO) or is provisioned from Entra ID, the plugin evaluates their current user attributes against the mapping rules you have configured. These rules can check a single property or a combination of user attributes to determine the correct WordPress role.

For instance, if the Department attribute is set to Sales and the Location attribute is set to London, the mapping rule may assign the Regional Sales Editor (custom WordPress role created by the organization) role. Another rule could specify that if the job title is Project Manager or the user is a member of the Leadership Team group, the Administrator role (a default WordPress role) is assigned.

This evaluation takes place in real time during login or provisioning. If any of the relevant user attributes change in Entra ID, the assigned WordPress role is updated automatically on the next login or sync.

How This Differs from App Roles Mapping

• App Roles Mapping assigns WordPress roles based on static application roles created in Entra ID, which must be managed manually.
• User Properties Role Mapping assigns roles using live profile data from Entra ID, so permissions adapt automatically whenever relevant user properties change, without altering App Roles in the directory.

Key Benefits

Keep WordPress permissions in sync with your organization's current structure.

• Map WordPress roles from multiple Entra ID attributes, such as department, job title, location, or group membership, for fine‑grained access control.
• Combine different user attributes in a single mapping rule to create highly targeted permissions.
• Automatically reflect organizational changes in WordPress, such as department transfers, title updates, or group reassignments, without changing WordPress Roles.
• Maintain accurate and consistent access across all sign‑in scenarios by retrieving attribute data from token claims, SAML attributes, Microsoft Graph API, or SCIM‑based provisioning.

Requirements

Before configuring user attributes role mapping in the All‑in‑One Microsoft Office 365 Apps Plugin, please ensure:

• The plugin is installed and active on your WordPress site, and Single Sign On (SSO) is enabled.
• Optional but recommended for real-time sync: SCIM‑based provisioning or Microsoft Graph API sync is enabled for real‑time updates.
• You have Global Administrator or equivalent privileges in Entra ID to view and manage user properties.
• You have WordPress Administrator rights to create and manage user attribute‑to‑role mapping rules.