A popular feature of Google Apps Login Enterprise version has always been the ability to specify role mapping rules – so that members of different Google Groups can have different WordPress roles assigned to them.
The only problem was that some companies didn’t have relevant Google Groups already set up (e.g. for email@example.com to contain their Marketing team), but instead had their G Suite domain arranged around different Organizational Units to control access to various G Suite features.
In our latest release (Enterprise version 3.1), we have extended the ‘Role Mapping Rules’ to allow you to specify Organizational Unit Paths as well as Google Groups. An OrgUnitPath is just a way that G Suite uses to specify the hierarchy of OrgUnits. For example, if you want to specify an OrgUnit called Marketing which itself is located in a top-level OrgUnit called Staff, the OrgUnitPath to that would be /Staff/Marketing.
We have also improved the user interface so that rules can now be drag-and-dropped to change the order in which they are applied, and it is easy to delete existing rules and add new ones.
In the example rules shown above, you can see we want members of the Google Group firstname.lastname@example.org to become Admins in WordPress; and members of the Group email@example.com to become Editors. If the user is in neither of those Groups, then they may become Contributors if they belong to the /HardwareDivision OrgUnitPath (or below – e.g. /HardwareDivision/Mobile). Finally, if they do not match any of the rules they will be assigned the ‘Default Role’ of Subscriber.