2. Before you start
• You are a Global Administrator for your company’s Office 365 tenant / Azure AD
directory (or have at least the ability to update App registrations).
• You are an Administrator for your WordPress website.
• You have signed into your website using Microsoft (Single Sign-on).
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019
If you already configured your Azure AD App registration to send access tokens
then you can skip ahead to slide 9 or alternatively use the following instructions
simply to check and verify your configuration.
3. Portal Azure – App registration
• Navigate to WP Admin > WPO365 > Single Sign-on tab.
• Copy the Application (client) ID.
• Open a second browser tab and navigate to https://portal.azure.com/
• Navigate to Azure Active Directory > App registrations.
• Search the App registration for your website using the Application (client) ID.
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019
4. Portal Azure – Authentication
• Open the Authentication page of the App registration
• Check Access tokens to allow the plugin to request access tokens on your behalf
from Microsoft.
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019
5. Portal Azure – API Permissions
• Click + Add permission.
• Select Microsoft Graph > Delegated permissions and check
• email
• openid
• profile
• offline_access
• Click Add permissions.
• Click Grand admin consent for …
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019
6. Portal Azure – Certificates & secrets
• Open the Certificates & secrets page of the App registration
• Scroll down to Client secrets.
• Click + New client secret.
• Enter a descriptive name e.g. “WPO365 User synchronization”.
• Choose an expiry e.g. “Never”.
• Copy the secret’s value to the clipboard.
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019
7. Integration
• Navigate to WP Admin > WPO365 > Integration.
• Paste the secret copied in the previous step from the clipboard.
• Choose the desired Microsoft Graph version e.g. ”v1.0”.
Microsoft Graph’s beta version offers more versatile data endpoints and specifically would provide more user
profile information that can be used e.g. when synchronizing Office 365 profile fields.
• Click Delete tokens.
If you are previously configured the Integration between WordPress and Microsoft Graph and other Microsoft
Online Service you may see an error message stating that the authorization code is expired and an interactive
login is required. If that is the case, simply log out from WordPress and sign back in again with your Microsoft
Office 365 account.
• Click Save and test configuration.
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019
8. User Registration
• Open a second browser tab and navigate to https://portal.azure.com/
• Navigate to the section Custom domain names.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Domains
• Copy the your-tenant.onmicrosoft.com paste is in the Default domain field.
• Copy the other domains and paste them one after the other Custom domain field
and click + to add them.
• Click Save configuration.
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019
9. User Sync
• Navigate to WP Admin > WPO365 > User Sync.
• Check Show O365 user fields.
Configuration of user synchronization and retrieval of a user’s O365 Avatar is explained in a separate video.
• Open a second browser tab and navigate to https://docs.microsoft.com/en-
us/graph/api/user-get
• Now add O365 user fields that you want to retrieve from Microsoft Graph by
entering the graph property name in the first and your desired label for that
property in the second input box.
• Click Save configuration.
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019
10. O365 User fields - Test
• Since O365 User fields are automatically refreshed when a user signs in with
Microsoft you can test the current setup as follows:
• Log out of your WordPress website.
• Sign in again with Microsoft.
Obviously you can test this also with another user than your current administrative user.
• Navigate to the user’s profile page and scroll to the bottom.
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019
11. What’s next
• With the PROFESSIONAL or PREMIUM version you can now …
• Automatically register new users from your tenant, other tenants or with MSAL accounts
• Dual login (let users choose to login with Office 365 or with WordPress)
• Require authentication only for a few pages
• Require authentication for all pages but not for the homepage
• Redirect manual login attempts to Microsoft
• Sign out from Office 365
• [Sign in with Microsoft] button (shortcode)
• Extra (BuddyPress) profile fields from Azure AD
• Office 365 profile picture as WordPress Avatar
• Assign WordPress role(s) based on Azure AD group membership(s)
• Deny / allow access based on Azure AD group membership(s)
• Enroll / Update (new) users to WordPress from Azure AD
WordPress + Office 365 | wpo365-login | O365 User profile fields Guide June 2019