Azure AD Group to Super Admin (WPMU) mappings
Use this guide if you want to promote WordPress users that belong to one (or more) specific Azure AD group(s) to WordPress Multisite Super Admins using the PREMIUM or INTRANET edition of the WordPress + Office 365 plugin.
The ability of the plugin to promote members of certain Azure AD groups to the WordPress role of Super Admins is basically an extension of the plugin's ability to map between Azure AD groups and WordPress roles. Therefore please ensure that you have followed the steps in this article prior to configuring Azure AD group to Super Admin (WPMU) mappings
Create a mapping
- Open (in a new browser tab) Azure Portal and click the 'hamburger' (icon with three horizontal lines in the upper corner) to open the menu.
- Navigate to Azure Active Directory > Groups.
- Click the group you want to create a mapping for and from the Overview page copy the group's Object ID.
- Navigate to the plugin's wizard WP Admin > WPO365 > User registration.
- Scroll down to the Roles + Access section and look up the list with the Azure AD Group to Super Admin (WPMU) mappings.
- Paste the Object ID of group on a new line and click "+" to add the mapping.
- Click Save configuration.
Revoke Super Admin privileges
If you have added one or more mappings to the list, you may want to check the option to revoke Super Admin privileges. The plugin will explicitly try to revoke the Super Admin privileges from those users who are not a member of any of the groups added to the list of Azure AD Group to Super Admin (WPMU) mappings (but only if mappings are provided).
Before you check this option you must ensure that you have taken precaution to prevent your own administrator account from being demoted e.g.
- You have created an additional administrator account that does not synchronize with Azure AD because its user name and its email address do not have a domain component that matches with any of the domains in the Custom domains list on the plugin's User registration configuration page.
- You have created a mapping to dynamically assign the WordPress administrator role for an Azure AD group where your Azure AD account is a member of.