Synchronize only users belonging to a specific Azure AD group

Use this guide if you want to configure the WPO365 login plugin to synchronize users from a specific Azure AD group to WordPress.

To synchronize users from a specific group (and its nested groups) to your WordPress website, you can update the user sync query (see https://www.wpo365.com/user-sync-query/) as follows:

groups/5b3fe273-7ca1-49b4-b59f-b979a31ee341/transitiveMembers?$top=10

In this case the ID 5b3fe273-7ca1-49b4-b59f-b979a31ee341 should be replaced by the group ID of your specific Azure AD group and is to be considered an example. You can find the group ID when you look up the group's properties in Azure AD portal https://portal.azure.com.


Please note Before you continue, please ensure that you have configured (application-level) API Permissions for your App Registration in Entra ID (AAD) for User.Read.All and optionally for GroupMember.Read.All. This last permissions is needed when you a) would like to synchronize users that are (transitive) members of a specific Entra ID (AAD) group or b) if during synchronization WPO365 should update WP role assignments based on the user’s group membership(s). Refer to the step Configure API Permissions of the Integration | Application permissions tutorial.. 

WPO365 supports advanced queries for Microsoft Graph that make use of query parameters such as $count, $filter and $search. To enable such queries they must include the $count parameter and when they include that parameter the plugin will automatically add the mandatory ConsistencyLevel = eventual header. This means that starting with v13 you can now enhance the query to synchronize only users belonging to a specific Azure AD group as follows:

groups/5b3fe273-7ca1-49b4-b59f-b979a31ee341/transitiveMembers?$count=true&$filter=accountEnabled+eq+true&$top=10
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us