Microsoft 365 profile picture as WP avatar
Use this guide if you want to update the WordPress avatar picture with the Microsoft 365 / Azure AD user's equivalent.
Before you start
- You must already have configured the single sign-on capability of the WordPress + Office 365 plugin.
- You must also have configured the integration capability of the plugin.
- You are a Global Administrator for your company’s Office 365 tenant / Azure AD directory (or have at least the ability to edit the Azure Active Directory App registration that was created previously when the single sign-on capability was configured).
- You are an Administrator for your WordPress website.
App registration
- To go to the App registration in Azure AD, navigate to WP Admin > WPO365 > Single sign-on and click the link View in Azure Portal for the Application (client) ID.
- A new browser tab opens and loads the App registration in Azure AD.
API Permissions
- Switch to the newly opened tab and to edit the permissions of the App registration.
- Click API permissions from the 'App registration' menu on the left
- Click + Add permission.
- Select Microsoft Graph > Delegated permissions.
- Scroll down to Users and check
-
- User.Read.All
-
Click Add permissions.
- Wait until Grant admin consent for … has become available, then click to grant consent for all users in your tenant to use these permissions when they sign into this app.
Please note If you would like the plugin to be able to update a user's avatar when the user is not currently logging in / logged in, then please do not select Microsoft Graph > Delegated permissions but instead choose Microsoft Graph > Application permissions.
Plugin configuration
- Switch back to the previous tab and the plugin's configuration pages.
- Go WP Admin > WPO365 > User registration and make sure that you added your (custom) domains to the Custom domain(s) list. Click the link to View custom domain names in Azure Portal.
- Continue to WP Admin > WPO365 > User sync.
- Scroll down and check to Use O365 avatar.
- If you have configuration application-level permissions then you can configure the plugin to Only refresh avatar for logged-in user. If checked, the plugin will not try to update the WordPress profile picture of other users.
Please note If the option to Only refresh avatar for logged-in user is not checked and you have configured application-level permissions then the plugin may update the profile pictures of max. 5 other users. This limitation prevents your website from getting stuck when visiting - for example - a large WordPress user list.
- Optionally, if you want the plugin also to update the BuddyPress avatar picture for users also check the option to Use O365 Avatar (Buddy Press).
- Optionally - if you know what you're doing - you can choose to update the HTML Avatar template used by the plugin to display the avatar.
- Optionally - if you know what you're doing - you can change the amount of time (in seconds) that the plugin will wait before it will refresh the user's profile picture by updating the Avatar refresh value.
- If you experience issues and the WordPress avatar is not showing the Azure AD / Microsoft 365 profile picture, then you may want to try and experiment with different Avatar hook priority values.
Please note
- Additional profile fields including the user's profile picture will be updated (when the Avatar refresh waiting period has ended) whenever the user signs into your WordPress website (but only if you did not check the Express login option) or whenever the administrator runs User synchronization.