Before you continue, please ensure that you have configured (application-level) API Permissions for your App Registration in Entra ID (AAD) for User.Read.All and optionally for GroupMember.Read.All. This last permissions is needed when you a) would like to synchronize users that are (transitive) members of a specific Entra ID (AAD) group or b) if during synchronization WPO365 should update WP role assignments based on the user’s group membership(s). Refer to the step Configure API Permissions of the Integration | Application permissions tutorial.
Perform the following steps to create and test a Microsoft Graph query to retrieve users when you configure WPO365 to synchronize users to WordPress.
Update the query so it selects exactly those users that you want to synchronize to your WordPress website. You can click Show sample queries to see examples of such queries. Each time when you change your query you must test the query. You cannot save the job if the query is not tested successfully.
Please note The default query filters for userType eq ‘member’ but when you synchronize users from Active Directory (on-premise) the userType may actually be null and the query does not return any users.
Writing advanced queries for Microsoft Graph
You may notice that the plugin automatically adds a $count= parameter which you should not remove. The count (= total rows) helps the plugin being able to track progress. The plugin automatically detects a Microsoft Graph $count query and adds the ConsistencyLevel = True header and thus allowing for advanced queries with $filter using endsWith and $search (see this article if you want to build advanced queries).This means that you can write a User sync query that includes all users from a specific domain as follows: myorganization/users?$count=true&$filter=endsWith(userPrincipalName,%27@example.com%27)&$top=10.
Choose your page size wisely
If you customize the query you must include the $top= query parameter e.g. $top=10 or $top=20. The $top parameter defines the page size and will force Microsoft Graph to return the full result in pages. The user sync processor is aware of such pages and after processing a result page will request the next page until there are no pages left. Omitting the query parameter or defining pages with too many results may cause a time-out error and the user sync job will not be completed as expected.