R&A | Dynamically assign WordPress roles based on Azure AD group memberships

Update ID token configuration

Steps in this Topic


Please note You can skip this step if you configured SAML 2.0 based single sign-on. In any case is updating your ID token configuration – so that the ID token contains a list of all the Azure AD group IDs that the user is a member of – an optional step. Instead, configuring WPO365 to request a list of Group IDs from Microsoft Graph is the preferred way, because the ID token’s capacity is restricted, making the ID token an unreliable option.


Perform the following steps to update the configuration of the ID token, so that the ID token contains a list of all the Azure AD group IDs that the user is a direct or indirect member of.

  • Navigate to the plugin’s Integration configuration page.
  • Scroll down to the Application Access section and click View in Azure Portal link for (App-only) Application (Client) ID. This will open the Overview page of the registered application in Azure AD / Microsoft Entra ID.

Please note If the Application Access section on the plugin’s Integration page appears to be unconfigured, then please first configure application-permissions to support application-only scenarios.


  • Click Token configuration from the ‘App registration’ menu on the left.
  • Click + Add groups claim.
  • Select All groups.
  • Click Add.