Map between Azure AD user properties and (itthinx) Groups

Use this guide if you want to configure mappings between Azure AD User properties and (itthinx) Groups (see https://wordpress.org/plugins/groups/ for details) using the WPO365 | SYNC or WPO365 | INTRANET edition of the WordPress + Office 365 plugin.

Before you start

  • You must already have configured the single sign-on capability of the WordPress + Office 365 plugin.
  • You must also already have configured the integration capability of the plugin.
  • You are a Global Administrator for your company’s Office 365 tenant / Azure AD directory (or have at least the ability to edit the Azure Active Directory App registration that was created previously when the single sign-on capability was configured).
  • You are an Administrator for your WordPress website.

App registration

Perform the following steps to navigate to the  App registration for your WordPress website in Azure Active Directory.

  • Navigate to WP Admin > WPO365 > Single sign-on.
  • Scroll to the Application id and click View in Azure Portal.

If you do not see the "View in Azure Portal" link then please upgrade to v10.9 or higher. The link will only be visible when you entered a (valid) Application ID.

API Permissions

  • Click API permissions from the 'App registration' menu on the left
  • Click + Add permission.
  • Select Microsoft Graph > Delegated permissions.
  • Scroll down to Users and check
    • User.Read.All
  • Click  Add permissions.
  • Wait until Grant admin consent for … has become available, then click to grant consent for all users in your tenant to use this ‘App registration’.
Please note that it can take up to several minutes before the consent button becomes available and can be clicked. And even after that you may see a red warning that consent could not be granted. If you see this warning, please repeat the sequence and click to gran consent for all users in your tenant again.
After you clicked to grant consent please wait until any spinner has disappeared to ensure that consent has been granted.

Even after waiting for several minutes and all indicators showing you that consent has been granted, it may take a few more minutes before the App registration becomes fully functional.

Delete all tokens 

  • In WordPress, navigate to WP Admin > WPO365 and click Integration.
  • Click Delete tokens.
  • Sign out of your WordPress website.
  • Sign back in with Microsoft.

This step is needed to ensure that the plugin refreshes the access token previously retrieved so that the updated permissions are reflected in your personal access token that the plugin retrieves when you sign back into your website with Microsoft.

Create a mapping

Perform the following steps to create mappings between Azure Active Directory and (itthinx) Groups.


Please note Before you can perform the steps below to create a mapping, you must select a WP role(s) update scenario e.g. Add or Replace on the plugin's User Registration configuration page.


  • Navigate to the plugin's wizard WP Admin > WPO365 and click User registration.
  • Scroll down to Azure AD user property to (itthinx) Group mappings.
  • Enter the Azure AD User property with the value that should trigger the mapping being applied in the form of userPropertyName:value e.g. department:Communications and please be aware that the values that you enter are case sensitve.
  • Select the (itthinx) group that the Azure AD User property / value should be mapped to.
  • Click "+" to add the mapping.
  • Click Save configuration.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us