LearnDash is most likely the most powerful learning management system for WordPress and many customers have requested some light-weight integration between WPO365 and LearnDash.
What to expect
With LearnDash content managers can create engaging courses with just a few clicks. Once a course is online, users can take that course. Whether they need to register (and pay) is up to you. But if you require users to register, then all of a sudden, WPO365 may be able to help! If you use WPO365 to enable Sign in with Microsoft for your WordPress website, then WPO365 is able to:
- Dynamically enroll a new user who just successfully signed in with Microsoft onto one or more default courses and or add that user to one or more default LearnDash User Groups.
- Dynamically enroll a user who just successfully signed in with Microsoft onto one or more courses or add that user to one or more LearnDash User Groups based on their Azure AD group membership(s).
Before you start
- You have reviewed the installation prerequisites and have installed and activated the WPO365 | LOGIN plugin (see Getting started - Installation).
- You have also configured Microsoft (OpenID Connect or SAML 2.0) based Single Sign-on .
- To add support for the LearnDash integration, you must have at least purchased the WPO365 | ROLES + ACCESS extension or any of the bundles ( WPO366 | SYNC or WPO365 | INTRANET).
- You are a Global Administrator for your company’s Microsoft 365 tenant / Azure AD B2C directory (or you have at least obtained approval for your plans from your company's Global Administrator ).
- You are an Administrator for your WordPress website.
- Your website uses SSL and the internet address starts with https://.
Proceed as follows to navigate to the application that you registered in Azure AD when you configured OpenID Connect based Single Sign-on. If you configured SAML 2.0 instead, then scroll down to the blue box below this section.
- Go to the plugin's Single Sign-on page and click on the View in Azure Portal link for the Application (client) ID.
- Sign into Azure Portal and ensure that you have landed on the Overview page of the App registration that you created when you registered your WordPress application in Azure AD.
Please note If you configured SAML 2.0 based Single Sign-on, then chances are that you have not yet configured any integration with Microsoft 365 services. If that is the case, then please first proceed with the necessary steps to enable the integration with Microsoft 365 services. Once you registered your WordPress application in Azure AD, please continue here.
For WPO365 to be able to receive a list with all Azure AD groups that a user is a member of, you must ensure that sufficient permissions have been granted to the registered application in Azure AD. To do so, please follow the steps below.
- Navigate to the API Permissions page of your App registration.
- Click + Add a permission > Microsoft Graph > Application permissions and search for GroupMember.Read.All.
- Repeat the previous step for the User.Read.All permission.
- Click Add permission to close the panel and return to the overview of Configured permissions.
- Finally, click Grant admin consent for ...
Please note In this step you are adding Application permissions. Alternatively, you can add the same permissions as Delegated permissions. However, in that case the LearnDash mapping rules are only applied when a user signs in with Microsoft interactively. The rules won't be applied - for example - when you are synchronizing users regular using WPO365's User synchronization feature.
To verify that your integration with Microsoft Graph is working as expected and that you are ready to configure rules that would dynamically assign (new) users to LearnDash courses or User Groups, please proceed as follows.
- Navigate to WP Admin > WPO365 > Plugin self-test.
- Click Start self-test.
- Use a Microsoft 365 / Azure AD account to sign in with Microsoft when asked to do so.
- When the test completes, scroll down to the ROLES + ACCESS / AUDIENCES section and verify that at least one of the test cases for either delegated permissions or application permissions (recommended) has passed. Please note, that you can also view the list with Azure AD group IDs for that specific user, when you click the view link.
Please note If you configured OpenID Connect based Single Sign-on, then you can re-configure the ID token (that Microsoft sends along with a user who just successfully authenticated) to also include the Azure AD security groups that the user is a member of. Open your App registration in Azure Portal and open its Token configuration page. Now you can choose to + Add groups claim and choose what groups should be included e.g. Microsoft 365 groups (= Teams) and / or security groups. The other settings are OK and you need to click Add claim to complete this step. The only drawback of this approach is that the ID token can only include a limited number of groups. If the user is a member of more than 100-something groups, the ID token will instead include a reference to Microsoft Graph.
Once you confirmed that WPO365 can retrieve the Azure AD groups that a user is a member of, you can proceed to configuring LearnDash course and User Group assignments.
- Go to WP Admin > WPO365 > User registration and scroll to the section LearnDash Integration.
- In this section, you have 4 type of assignments that you can configure.
Azure AD Group based LD course assignments
This is where you configure the auto-assignments of users to LearnDash Courses based on Azure AD groups. First you should enter the Object ID of the Azure AD group in the text field (see below for instructions how you can find this Object ID). Then you can pick a LearnDash Course from the dropdown. The number in front of the course title is the course ID.
Azure AD Group based LD group assignments
To assign a user to a LearnDash User Group works similar and you should first enter the Object ID of the Azure AD group in the text field and then pick a LearnDash User Group from the dropdown. The number in front of the user group's name is the LearnDash User Group ID.
Default course assignments for new users
It is also possible to assign any new user who signs in with Microsoft to a LearnDash Course. In this case, the Azure AD group(s) that the user is a member of, do not play any role.
Default group assignments for new users
It is also possible to assign a new user to a LearnDash User Group, without considering the Azure AD groups that the user possibly is a member of.
Please don't forget to save your configuration, once you created your LearnDash assignments (or updated them).
Tip To find the Object ID of any Azure AD group, navigate to Azure Portal > Azure Active Directory > Groups. Here you will find all Azure AD groups that have been created for your organization. On the overview page of each group, you'll find the group's Object ID.