Perform the following steps, to change how WPO365 should handle a user’s existing WordPress roles, when it processes the mapping rules that dynamically assign WordPress roles to users, based on Azure AD group memberships.
User role(s) update scenario
Each time a user signs in with Microsoft, or is created / updated by WPO365 User synchronization or by Azure AD User provisioning (using SCIM), the plugin will verify whether rules to dynamically assign WordPress roles based on Azure AD group memberships have been configured. If this is the case, the plugin will update the user’s WordPress role(s) in one of the following ways:
- Replace All existing roles of a WordPress user will be removed before new assigning new ones. If no rules apply, the configured default role will be assigned.
- Add (default) Any new WordPress roles will be added to the already existing collection of WordPress roles. If no WordPress roles were assigned, the configured default role will be assigned.
- Skip No changes will be applied to the collection of WordPress roles of the current user.
Perform the following steps to change this behavior.
- Go the plugin’s User registration configuration page, scroll down to the Roles & Access section and locate the User role(s) update scenario dropdown list.
- Select the desired scenario from the dropdown list.
- Click Save configuration
Default role as fallback
The plugin is capable of assigning multiple WordPress roles to a user. By default it will try and add the configured default role first and additionally try adding any role that maps to any of the Azure AD groups that the user is a member. So without any applicable mapping the user will at least receive the role that you configured as default one for the main site.
To change this default behavior and configure the plugin to only to add the Default role (main site / subsite) when no other WordPress roles are otherwise assigned to a user, perform the following steps.
- Go the plugin’s User registration configuration page, scroll down to the Roles & Access section and locate the Default role as fallback option.
- Check this option.
- Click Save configuration.