Map between Azure AD user properties and (itthinx) Groups
Use this guide if you want to configure mappings between Azure AD User properties and (itthinx) Groups (see https://wordpress.org/plugins/groups/ for details) using the WPO365 | SYNC or WPO365 | INTRANET edition of the WordPress + Office 365 plugin.
Before you start
- You must already have configured the single sign-on capability of the WordPress + Office 365 plugin.
- You must also already have configured the integration capability of the plugin.
- You are a Global Administrator for your company’s Office 365 tenant / Azure AD directory (or have at least the ability to edit the Azure Active Directory App registration that was created previously when the single sign-on capability was configured).
- You are an Administrator for your WordPress website.
Perform the following steps to navigate to the App registration for your WordPress website in Azure Active Directory.
- Navigate to WP Admin > WPO365 > Single sign-on.
- Scroll to the Application id and click View in Azure Portal.
If you do not see the "View in Azure Portal" link then please upgrade to v10.9 or higher. The link will only be visible when you entered a (valid) Application ID.
- Click API permissions from the 'App registration' menu on the left
- Click + Add permission.
- Select Microsoft Graph > Delegated permissions.
- Scroll down to Users and check
Click Add permissions.
Wait until Grant admin consent for … has become available, then click to grant consent for all users in your tenant to use this ‘App registration’.
Even after waiting for several minutes and all indicators showing you that consent has been granted, it may take a few more minutes before the App registration becomes fully functional.
Delete all tokens
- In WordPress, navigate to WP Admin > WPO365 and click Integration.
- Click Delete tokens.
- Sign out of your WordPress website.
- Sign back in with Microsoft.
This step is needed to ensure that the plugin refreshes the access token previously retrieved so that the updated permissions are reflected in your personal access token that the plugin retrieves when you sign back into your website with Microsoft.
Create a mapping
Perform the following steps to create mappings between Azure Active Directory and (itthinx) Groups.
- Navigate to the plugin's wizard WP Admin > WPO365 and click User registration.
- Scroll down to Azure AD user property to (itthinx) Group mappings.
- Enter the Azure AD User property with the value that should trigger the mapping being applied in the form of userPropertyName:value e.g. department:Communications and please be aware that the values that you enter are case sensitve.
- Select the (itthinx) group that the Azure AD User property / value should be mapped to.
- Click "+" to add the mapping.
- Click Save configuration.