2. Before you start
• You are a Global Administrator for your company’s Office 365 tenant / Azure AD
directory (or have at least the ability to update App registrations).
• You are an Administrator for your WordPress website.
• You have signed into your website using Microsoft (Single Sign-on).
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
3. Portal Azure – App registration
• Navigate to WP Admin > WPO365 > Single Sign-on tab.
• Copy the Application (client) ID.
• Open a second browser tab and navigate to https://portal.azure.com/
• Navigate to Azure Active Directory > App registrations.
• Search the App registration for your website using the Application (client) ID.
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
4. Portal Azure – Authentication
• Open the Authentication page of the App registration
• Check Access tokens to allow the plugin to request access tokens on your behalf
from Microsoft.
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
5. Portal Azure – API Permissions
• Click + Add permission.
• Select Microsoft Graph > Delegated permissions and check
• email
• openid
• profile
• offline_access
Scroll down to Group and check
• Group.Read.All
Scroll down to User and check
• User.Read.All
• Click Add permissions.
• Click Grand admin consent for …
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
6. Portal Azure – Certificates & secrets
• Open the Certificates & secrets page of the App registration
• Scroll down to Client secrets.
• Click + New client secret.
• Enter a descriptive name e.g. “WPO365 User synchronization”.
• Choose an expiry e.g. “Never”.
• Copy the secret’s value to the clipboard.
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
7. Integration
• Navigate to WP Admin > WPO365 > Integration.
• Paste the secret copied in the previous step from the clipboard.
• Choose the desired Microsoft Graph version e.g. ”v1.0”.
Microsoft Graph’s beta version offers more versatile data endpoints and specifically would provide more user
profile information that can be used e.g. when synchronizing Office 365 profile fields.
• Click Delete tokens.
If you are previously configured the Integration between WordPress and Microsoft Graph and other Microsoft
Online Service you may see an error message stating that the authorization code is expired and an interactive
login is required. If that is the case, simply log out from WordPress and sign back in again with your Microsoft
Office 365 account.
• Click Save and test configuration.
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
8. User Registration
• Open a second browser tab and navigate to https://portal.azure.com/
• Navigate to the section Custom domain names.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Domains
• Copy the your-tenant.onmicrosoft.com paste is in the Default domain field.
• Copy the other domains and paste them one after the other Custom domain field
and click + to add them.
• Click Save configuration.
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
9. User Sync
• Navigate to WP Admin > WPO365 > User Sync.
• Check Enable user sync.
Configuration of displaying and synchronizing Office 365 fields and retrieval of a user’s O365 Avatar is
explained in a separate video.
• Click Save configuration.
• Refresh the page.
• Navigate to WP Admin > Users > WPO365 User Sync.
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
10. WPO365 User Sync – Test / First time
• To test your setup simply click Start synchronization without checking the options
• Create users
• Update users
• Delete users
• Wait for synchronization to complete.
Synchronization runs asynchronously and therefore may not have finished when the page has finished loading
after you clicked Start synchronization. The administrator of the site will be notified per email.
• To view the logged results of the synchronization click all three options
• Office 365 Azure AD users without a corresponding WordPress user
• WordPress users without a corresponding Office 365 Azure AD user
• Existing WordPress users with a corresponding Office 365 Azure AD user
If less than 10 users have been found and you expected more than 10 then please verify that you haven’t enable
additional security measures for WP Admin e.g. basic authentication.
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
11. WPO365 User Sync – Manual sync
• To manually enroll some users from Office 365 / Azure AD to your WordPress
website simply click Start synchronization without checking the options
• Create users
• Update users
• Delete users
• Wait for synchronization to complete.
Synchronization runs asynchronously and therefore may not have finished when the page has finished loading
after you clicked Start synchronization. The administrator of the site will be notified per email.
• View the Office 365 Azure AD users without a corresponding WordPress user result.
• Select the users you want to enroll and click “Create users”.
When the users are enrolled successfully their corresponding status will have changed from logged to created.
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
12. WPO365 User Sync – Full sync
• To enroll all users from Office 365 / Azure AD to your WordPress website simply
click Start synchronization and check the option
• Create users
• Wait for synchronization to complete.
Synchronization runs asynchronously and therefore may not have finished when the page has finished loading
after you clicked Start synchronization. The administrator of the site will be notified per email.
• View the Office 365 Azure AD users without a corresponding WordPress user result.
When the users are enrolled successfully their corresponding status will show as created.
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019
13. What’s next
• With the PROFESSIONAL or PREMIUM version you can now …
• Automatically register new users from your tenant, other tenants or with MSAL accounts
• Dual login (let users choose to login with Office 365 or with WordPress)
• Require authentication only for a few pages
• Require authentication for all pages but not for the homepage
• Redirect manual login attempts to Microsoft
• Sign out from Office 365
• [Sign in with Microsoft] button (shortcode)
• Extra (BuddyPress) profile fields from Azure AD
• Office 365 profile picture as WordPress Avatar
• Assign WordPress role(s) based on Azure AD group membership(s)
• Deny / allow access based on Azure AD group membership(s)
• Enroll / Update (new) users to WordPress from Azure AD
WordPress + Office 365 | wpo365-login | User Synchronization Guide June 2019