How to Configure Attribute/Role Mapping?

Attribute Mapping

  • After successfully configuring your OAuth/OpenID application, click on “Test Configuration” Button.
  • You will be shown a table containing the user attributes. You can use the values in the column of “Attribute Name” to map the attributes.
  • You can map Username, FirstName, LastName, Email, Display name in this section. So that attributes received from your OAuth / OpenID provider will be mapped to the WordPress user profile. Simply add the appropriate values like shown below:
    attribute-mapping

Group/Role Mapping

  • Click on “Test Configuration” and you will get the list of Attribute Names and Attribute Values that are sent by your OAuth provider.
  • From the Test Configuration window, map the Attribute Names in the Attribute Mapping section of the plugin. Refer to the screenshot for more details.
    attribute-mapping
  • Enable Role Mapping: To enable Role Mapping, you need to map Group Attributes Name. Select the attribute name from the list of attributes which returns the roles from your provider application.
  • Eg: Role
    attribute-mapping
  • Assign WordPress role to the Provider role: Based on your provider application, you can allocate the WordPress role to your provider roles. It can be a student, teacher, administrator or any other depending on your application. Add the provider roles under Group Attribute Value and assign the required WordPress role in front of it under WordPress Role.
  • For example, in the below image. Teacher has been assigned the role of Administrator.
    attribute-mapping
  • Once you save the mapping, the provider role will be assigned the WordPress administrator role after SSO.
  • Example: As per the given example, Users with role ‘teacher’ will be added as Administrator in WordPress and ‘student’ will be added as Subscriber.

Keep existing user role
This feature prevents role updation of the existing user after SSO. It means if the user already exists in WordPress, then after SSO, their old role will not be updated regardless of the role mapping done in the role mapping section of the plugin.

Do Not allow login if roles are not mapped here
This feature prevents the user from login if his role retrieved from the provider side does not match with the role as used for mapping in the role mapping section of the plugin.

Default Role
Default role will be assigned to all users for which mapping is not specified.

You can refer to this link for the same: https://faq.miniorange.com/knowledgebase/map-roles-usergroup/