[Image via Pexels]
A popular feature of Google Apps Login Enterprise version has always been the ability to specify role mapping rules – so that members of different Google Groups can have different WordPress roles assigned to them.
The only problem was that some companies didn’t have relevant Google Groups already set up (e.g., for firstname.lastname@example.org to contain their Marketing team) but instead had their G Suite domain arranged around different Organizational Units to control access to various G Suite features.
In our latest release (Enterprise version 3.1), we have extended the ‘Role Mapping Rules’ to allow you to specify Organizational Unit Paths as well as Google Groups. In this piece, we give a quick overview of why these distinctions are so important — and then show you how our changes will improve your user experience and security.
The Importance of Assigning Roles
In today’s flexible working environment, it can be difficult to keep track of who has access to your system. When all employees worked under the same roof, it was easier for a manager to assign individuals to projects and monitor their progress. Yet with employees logging in from different locations and devices, it’s more challenging to confirm their identities.
When you assign roles to users in WordPress, you add an extra layer of security between people logging into your site and sensitive projects. For example, if you’re a non-profit collaborating on confidential documents, you might assign Editor roles to the C-Suite but Contributor roles to junior staff.
These roles aren’t set in stone. As an admin, you can re-configure them at any time based on your organizational needs. The most important thing is to integrate them into your workflow quickly.
New data from Statista shows that the number of exposed records via data breaches in 2018 topped 440 million — more than double the number of exposed records in 2017.
Even if you’re a small team, you don’t want to be part of the 2019 Statista chart. Below we detail how our new features streamline the process of granting permissions to different groups of users.
WPg’s Extended Role Mapping Rules
An OrgUnitPath is just how G Suite specifies the hierarchy of OrgUnits. For example, if you want to specify an OrgUnit called Marketing that is located in a top-level OrgUnit called Staff, the OrgUnitPath to that would be /Staff/Marketing.
We have also improved the user interface so that rules can now be dragged-and-dropped to change the order in which they are applied, and it is easy to delete existing rules and add new ones.
In the example rules shown above, you can see we want members of the Google Group email@example.com to become Admins in WordPress; and members of the Group firstname.lastname@example.org to become Editors. If the user is in neither of those Groups, then they may become Contributors if they belong to the /HardwareDivision OrgUnitPath (or below – e.g., /HardwareDivision/Mobile). Finally, if they do not match any of the rules, they will be assigned the ‘Default Role’ of Subscriber.