x509CertificateAuthenticationMethodConfiguration resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the details of the Microsoft Entra native Certificate-Based Authentication (CBA) in the tenant, including whether the authentication method is enabled or disabled and the users and groups who can register and use it.
Inherits from authenticationMethodConfiguration.
Methods
| Method | Return type | Description |
|---|---|---|
| Get | x509CertificateAuthenticationMethodConfiguration | Read the properties and relationships of a x509CertificateAuthenticationMethodConfiguration object. |
| Update | None | Update the properties of a x509CertificateAuthenticationMethodConfiguration object. |
| Delete | None | Delete the tenant-customized x509CertificateAuthenticationMethodConfiguration object and restore the default configuration. |
Properties
| Property | Type | Description |
|---|---|---|
| authenticationModeConfiguration | x509CertificateAuthenticationModeConfiguration | Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings. |
| certificateUserBindings | x509CertificateUserBinding collection | Defines fields in the X.509 certificate that map to attributes of the Microsoft Entra user object in order to bind the certificate to the user. The priority of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored. |
| excludeTargets | excludeTarget collection | Groups of users that are excluded from the policy. |
| id | String | The identifier for the authentication method policy. The value is always X509Certificate. Inherited from authenticationMethodConfiguration. |
| issuerHintsConfiguration | x509CertificateIssuerHintsConfiguration | Determines whether issuer(CA) hints are sent back to the client side to filter the certificates shown in certificate picker. |
| state | authenticationMethodState | The possible values are: enabled, disabled. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| includeTargets | authenticationMethodTarget collection | A collection of groups that are enabled to use the authentication method. |
The following JSON representation shows the resource type. The following is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
"id": "String (identifier)",
"state": "String",
"excludeTargets": [
{
"@odata.type": "microsoft.graph.excludeTarget"
}
],
"certificateUserBindings": [
{
"@odata.type": "microsoft.graph.x509CertificateUserBinding"
}
],
"authenticationModeConfiguration": {
"@odata.type": "microsoft.graph.x509CertificateAuthenticationModeConfiguration"
},
"issuerHintsConfiguration": {
"@odata.type": "microsoft.graph.x509CertificateIssuerHintsConfiguration"
}
}