So far we have covered how to keep unwanted visitors out, and also how to ensure your employees’ accounts allow them to access everything they should – presuming they have an account they can log into in the first place! This article covers some possible ways to create user accounts for all your employees, and make sure those accounts are closed when employees leave or change roles.
There are three main ways you are likely to manage your WordPress user accounts: manual account creation, self-registration, and automatic sync from another source of user accounts.
As an example for the third case – automatic sync – we will talk through the use of our premium Google Apps Login plugin, showing how to make user management simple if your organization already has a Google Apps domain.
Manual Account Creation
All we are talking about here is you as the WordPress admin using the admin panel to manually create users when needed (i.e. go to Users -> Add New).
This will work, but of course takes up time for the admin. It also means that users need to ask you – and wait for you to get round to creating their account – before they can access the intranet. In our experience, employees will often decide that their reason for accessing the intranet on this occasion wasn’t ‘important enough’ to warrant disturbing you and waiting for their account to be set up. And in any case, they know they will have moved on to some other work by the time their account is ready…
The admin is also likely to be inconsistent when choosing usernames, leading to a patchy intranet in the future, and may not remember to deactivate user accounts when employees leave the organization.
The manual approach isn’t ideal, but can work if you already have a well-organized induction and termination process in place. It can also feel appropriate, especially in the early stages, if you have a wide-ranging intranet in which different users often need different permissions and access levels to different parts of the site.
This is a step up from doing everything yourself as admin, but only really works for multisite installations. It means your employees can follow a link and set up their own account on the intranet.
For a single-site WordPress installation, you may remember the option Settings -> General -> Anyone can register. Unfortunately it means exactly that – anyone on the web can create an account on your site by visiting /wp-register.php. So we still recommend that is disabled.
However, for multisite installations, things are a bit more flexible. In your Network Admin panel, look under Settings -> Network Settings -> Registration Settings. Next to ‘Allow new registrations’, you can select ‘User accounts may be registered’ (or a higher setting if you also want employees to be able to register new sub-sites). Straight off, this will introduce the same security problem as for single-site WordPress – namely, that anyone, and not just staff members, will be able to register an account. But a bit further down the page you will see ‘Limited Email Registrations’. This allows you to enter your company domain name, to ensure that all self-registrations are made by people with an email address in your company’s domain.
This method still retains the downsides of manual account creation – that it is a hassle for your users, likely causing them to defer their account creation; they will be even more inconsistent in choosing usernames; and when they leave your organization, their account will remain open.
Automatic Sync from another source
As you can tell, we have grown tired of the two labor-intensive methods for user management discussed above. Even if starting with the best intentions, before long we see a disorganized intranet: no-one really remembers how to access the intranet – if they ever even got round to it at some point in the distant past. And you don’t really know if there are user accounts that should be disabled as a security risk. After all, that is why we created the Google Apps Login plugin, to solve this problem for organizations using Google Apps domains!
For an organization with more than a handful of employees, we recommend a more stable approach to WordPress user management. Assuming all your employees have an email account, that is likely to be the best source of account data to sync to WordPress. Try to find out the options for your setup – maybe you have a Microsoft Active Directory server, and can find a plugin or service that will allow your employees to login to WordPress using their email username/password, automatically creating a WordPress account first if necessary.
Let’s walk through how you would do this if you have a Google Apps domain and would like to use the premium version of our Google Apps Login plugin. First, purchase the appropriate license from our website, download the ZIP file you are given, and then (from your Admin panel’s Plugins page) Upload the ZIP and activate the plugin.
We won’t talk through the configuration details here – hopefully the instructions you have from purchasing the download will guide you through, and in any case we will be happy to help if you email us – but basically, you just need to register your site with Google, tell the plugin what your Google Apps domain name is, and then your WordPress site will have a new way for users to access it. The ‘Login with Google’ button will appear on your intranet’s login page, as shown below.
If you’ve configured the plugin to automatically create new user accounts, then any of your employees can click Login with Google. They will be taken to a Google sign-in page if necessary (if not already logged into their Gmail account), and then an account will be created on WordPress and the user will be immediately logged in! They don’t need a separate password for WordPress (which, in our experience, would need resetting all the time…), and they don’t even need to remember a different username.
Their WordPress accounts will inherit their first and last names from their Google accounts, which gives your intranet a personal feel. Their WordPress username will just be their email address, and they will have a random (unknown) password to start with. They might need to set a password if they want to use the WordPress mobile app. But for logging in to the intranet directly, it will be more consistent to insist they use Google Login every time.
Our plugin can be set up to disable regular WordPress username/password login for users in your Google Apps domain. This forces them to use Google Login for consistency, and has the added benefit that they won’t be able to login to your intranet after they leave your organization, presuming you remember to disable their Google Apps account. This is the final piece in the puzzle ensuring that all your current employees can easily access your intranet – but no-one else can.
For more information about the Google Apps Login plugin, see our home page: http://wp-glogin.com/
This completes your training! You now have a fully-functioning self-contained intranet for your employees. In our next article, we’ll list a few plugins and other extras that will enable you to get the most out of your intranet. Now available here!
Since writing this intranet guide, we received a lot of feedback asking if there was a simpler way to turn WordPress into a typical corporate intranet instead of having to cherry-pick features from a series of free plugins. So we released our own All-In-One Intranet plugin. If you want to cut to the chase and set up your intranet quickly and easily, backed by expert support from ourselves, see more details and purchase here: All-In-One Intranet product page.