Introduction
WPO365 Audiences will help you to restrict access to individual WordPress posts and pages either by requiring that a user is signed in or by demanding that the user is a member of an (Azure AD Groups based) Audience.
Each audience is a group of users that is dynamically populated with members of one or more Azure AD groups. When you create or edit Audiences you give them a name e.g. “All internal Employees” and you enter one or more Azure AD group IDs. Audiences is a feature that you must be enabled before they can be created, edited and deleted and before they become effective.
Supported features
Audiences for Authors
For the author to use Audiences is as simple as adding a new WPO365 Audiences Gutenberg block to a page or by managing Audiences using the dedicated WordPress Metabox for Audiences in the page’s sidebar.
An administrator can choose whether authors should use an Audience Gutenberg Block or a classic Meta Box to configure Audiences for a page.
If the user has no permissions to see the page, then the WPO365 plugin will:
- Show a 404 NOT FOUND error when the user has entered the URL directly in the address bar of the browser.
- Remove the page from possible search results.
- Not show the page on archive pages.
Audiences for administrators
Administrators can create, edit and delete audiences and is a simple as defining a name for the audience and adding one or more Azure AD group IDs to the corresponding list. In addition, you can configure required audiences for a post type. This way, authors don’t need to take individual pages with audiences.
Users are automatically assigned to an audience by WPO365 whenever they sign in with Microsoft or whenever users are synchronized from Azure AD.
Whenever the feature is enabled a new column Audiences is automatically added to the default WordPress Users list, helping administrators to track the current audience assignments on a per-user basis.
Private pages
Instead of requiring a user to be a member of specific Audience, authors can mark a page as private. Doing so will hide the page from your site’s regular visitors, unless they have signed in prior to visiting the page.
Alternatively, administrators can define all posts of a certain type as private. This way, authors don’t need to take individual pages with audiences.
For private pages, administrators can also define the default response. They can select from the following options:
- Redirect to the default 404 not found page.
- Redirect to the login page (and show a message that the page requested requires login)
- Force SSO by redirecting the user directly to Microsoft.
Plugins with this feature
The following plugins allow you to enable the Audience feature: