Set WordPress roles based on Organizational Unit Paths

[Image via Pexels]

A popular feature of Google Apps Login Enterprise version has always been the ability to specify role mapping rules – so that members of different Google Groups can have different WordPress roles assigned to them.

The only problem was that some companies didn’t have relevant Google Groups already set up (e.g., for [email protected] to contain their Marketing team) but instead had their G Suite domain arranged around different Organizational Units to control access to various G Suite features.

In our latest release (Enterprise version 3.1), we have extended the ‘Role Mapping Rules’ to allow you to specify Organizational Unit Paths as well as Google Groups. In this piece, we give a quick overview of why these distinctions are so important — and then show you how our changes will improve your user experience and security.

The Importance of Assigning Roles

In today’s flexible working environment, it can be difficult to keep track of who has access to your system. When all employees worked under the same roof, it was easier for a manager to assign individuals to projects and monitor their progress. Yet with employees logging in from different locations and devices, it’s more challenging to confirm their identities.

When you assign roles to users in WordPress, you add an extra layer of security between people logging into your site and sensitive projects. For example, if you’re a non-profit collaborating on confidential documents, you might assign Editor roles to the C-Suite but Contributor roles to junior staff.

These roles aren’t set in stone. As an admin, you can re-configure them at any time based on your organizational needs. The most important thing is to integrate them into your workflow quickly.

New data from Statista shows that the number of exposed records via data breaches in 2018 topped 440 million — more than double the number of exposed records in 2017.

Data breach statistics

Even if you’re a small team, you don’t want to be part of the 2019 Statista chart. Below we detail how our new features streamline the process of granting permissions to different groups of users.

WPg’s Extended Role Mapping Rules

An OrgUnitPath is just how G Suite specifies the hierarchy of OrgUnits. For example, if you want to specify an OrgUnit called Marketing that is located in a top-level OrgUnit called Staff, the OrgUnitPath to that would be /Staff/Marketing.

We have also improved the user interface so that rules can now be dragged-and-dropped to change the order in which they are applied, and it is easy to delete existing rules and add new ones.

In the example rules shown above, you can see we want members of the Google Group [email protected] to become Admins in WordPress; and members of the Group [email protected] to become Editors. If the user is in neither of those Groups, then they may become Contributors if they belong to the /HardwareDivision OrgUnitPath (or below – e.g., /HardwareDivision/Mobile). Finally, if they do not match any of the rules, they will be assigned the ‘Default Role’ of Subscriber.

For more information about setting up rules, please see the Enterprise Configuration instructions or get in touch.

Google Apps Login is trusted by thousands of organizations from small businesses to NASDAQ-listed companies and government organizations.

Users click their way through Login via Google (just one click after the first time)

Users click their way through Login via Google (just one click after the first time)

You can try it out by clicking below to auto-create a test account on this site! This will show you the basic Google login process.
Try out Google login

Logging in is only the start – Google Apps Login takes care of all your WordPress user management. Find out more here.


See [user_first_name] – that was easy!

Your account has been created, and you are now logged in. On your own site, you will specify your Google Apps domain – e.g. – and only users on that domain will be allowed to auto-create accounts.

Logging in is only the start – Google Apps Login takes care of all your WordPress user management.

Find out more