Connect WordPress and Microsoft Entra | Azure | 365

Advanced | Access for “anonymous” users

When you wish to embed a SharePoint Online Library in WordPress and allow users that do not have an enterprise account in your Microsoft Entra ID / Azure AD directory, you must configure support for an application-only scenario.

To grant permission for WordPress to read the content of a given site collection, you must now grant Read permissions to the application that is represented by the App registration in Microsoft Entra ID / Azure AD. In combination with the API permission Sites.Selected (see to Update API Permissions for steps to add that permission) this will result in only those sites that have had Read permission granted, being accessible from WordPress.

To grant Read permission to an App registration / application with display name “My WordPress based Intranet” and Application (Client) ID 50b593ab-6567-4bc0-9fba-xxxxxxxxxxx, you must execute the following Microsoft Graph query:

POST https://graph.microsoft.com/beta/sites/{siteId}/permissions
Content-Type: application/json
{
    "roles": ["read"],
    "grantedToIdentities": [{
            "application": {
                "id": "50b593ab-6567-4bc0-9fba-xxxxxxxxxxx",
                "displayName": "My WordPress based Intranet"
            }
        }
    ]
}

In the previous example you must replace  {siteId} with the full ID of the SharePoint site collection for which you want to grant WordPress Read permission for. To find the site ID for a SharePoint site with hostname  wpo365demo.sharepoint.com and a server relative path / managed path of sites/contoso you must execute the following Microsoft Graph query:

GET https://graph.microsoft.com/beta/sites/wpo365demo.sharepoint.com:/sites/contoso
Content-Type: application/json

To make this and the previous call you can use Microsoft’s Graph Explorer tool as shown below.

Please note that when using this tool you may need to Modify permissions and add and consent to Sites.FullControl.All permission to be able to make the call to create the Read permission.

With this configuration in place, any website visitor is now able to view SharePoint documents in this specific SharePoint site collection.


With the default column configuration, web visitors are not able to download documents from SharePoint. Please consult the paragraph Edit columns for anonymous access for steps how to update the column definition, so that your visitors are able to download documents from SharePoint.


Related Features