Synchronize only users belonging to a specific Azure AD group

Use this guide if you want to configure the WPO365 login plugin to synchronize users from a specific Azure AD group to WordPress.

To synchronize users from a specific group (and its nested groups) to your WordPress website, you can update the user sync query (see https://www.wpo365.com/user-sync-query/) as follows:

groups/5b3fe273-7ca1-49b4-b59f-b979a31ee341/transitiveMembers?$top=10

In this case the ID 5b3fe273-7ca1-49b4-b59f-b979a31ee341 should be replaced by the group ID of your specific Azure AD group and is to be considered an example. You can find the group ID when you look up the group's properties in Azure AD portal https://portal.azure.com.

Update for v13 Starting with v13 the plugin supports advanced queries for Microsoft Graph that make use of query parameters such as $count, $filter and $search. To enable such queries they must include the $count parameter and when they include that parameter the plugin will automatically add the mandatory ConsistencyLevel = eventual header. This means that starting with v13 you can now enhance the query to synchronize only users belonging to a specific Azure AD group as follows:

groups/5b3fe273-7ca1-49b4-b59f-b979a31ee341/transitiveMembers?$count=true&$filter=accountEnabled+eq+true&$top=10

Note To prevent users from other Azure AD groups to sign into your WordPress website / intranet you must also configure the Azure AD groups whitelist (see https://www.wpo365.com/role-based-access-using-azure-ad-groups/)

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us