OpenID Connect based Single Sign-on will allow the plugin to request an ID token for a user that successfully authenticated with Microsoft.
Perform the following steps to configure some of the fields (so-called claims) of that ID token.
- Click Token configuration from the App registration’s menu on the left.
- Click + Add optional claim.
- Select ID.
- From the list check the following options
- family_name
- given_name
- upn
- Click Add to save the optional claims.
If you are asked to add the email and profile permissions required for these fields to be sent in the ID Token, then confirm by clicking yes.
- Optionally, you can also add the Groups claim to the ID token, as shown below. If added, Entra will add a claim that lists all the Object IDs of all the Entra Groups that a user belongs to (or a link to retrieve a list of those group IDs from Microsoft Graph if the list is too long).
Adding the Groups claim to the ID token is only necessary if you intend to set up site or page access restrictions based on Entra Groups, or WordPress role assignments, without wanting WPO365 to query Microsoft Graph for the user’s Entra Group memberships.