allow to block site for visitors not in an ad group (skipping creation of subscriber user)

[OnkelM]

Hello,

please consider implementing a feature to not only create login users based on ad groups but also allow visiting the whole site only if in the defined ad groups.

currently when in permissions an authorization group is defined and a user is a member of this group, this user gets a login created, that is required for multiple tasks, thats ok.

but we would like to restrict viewing the site for visitors to allow only to certain users, without them created in wordpress as subscriber users for the purpose of not cluttering the wordpress users backend because of thousand ad users.

we hope this way we can remove the IIS ad group restrictions that is causing REST api issues because of that.

thank you for your input

[schakko]

Thanks for the issue. I understand the requirements, but such a change would have major implications (how to configure for which security group no users are created?; what happens if the user exists in both security groups? etc.).
If you need a custom solution for your specific use case, you could develop a WordPress filter that listens for the hook authorize. If the user is within one of your whitelisted security groups, it must dynamically remove the hook for the next_ad_int_login_succeeded filter - specifically LoginSucceededService::checkUserEnabled.