Only a single instance of a certificateBasedAuthConfiguration can be created (the collection can only have one member). It always has a fixed ID with a value of '29728ade-6ae4-4ee9-9103-412912537da5'.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
Organization.ReadWrite.All
Not available.
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
Organization.ReadWrite.All
Not available.
Important
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. Global Administrator is the only role supported for this operation.
HTTP request
POST /organization/{id}/certificateBasedAuthConfiguration
Collection of certificate authorities that creates a trusted certificate chain. Each member of the collection must contain certificate and isRootAuthority properties.
Response
If successful, this method returns 201 Created response code and a new certificateBasedAuthConfiguration object in the response body.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new CertificateBasedAuthConfiguration
{
CertificateAuthorities = new List<CertificateAuthority>
{
new CertificateAuthority
{
IsRootAuthority = true,
Certificate = Convert.FromBase64String("Binary"),
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Organization["{organization-id}"].CertificateBasedAuthConfiguration.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewCertificateBasedAuthConfiguration()
certificateAuthority := graphmodels.NewCertificateAuthority()
isRootAuthority := true
certificateAuthority.SetIsRootAuthority(&isRootAuthority)
certificate := []byte("binary")
certificateAuthority.SetCertificate(&certificate)
certificateAuthorities := []graphmodels.CertificateAuthorityable {
certificateAuthority,
}
requestBody.SetCertificateAuthorities(certificateAuthorities)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
certificateBasedAuthConfiguration, err := graphClient.Organization().ByOrganizationId("organization-id").CertificateBasedAuthConfiguration().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
CertificateBasedAuthConfiguration certificateBasedAuthConfiguration = new CertificateBasedAuthConfiguration();
LinkedList<CertificateAuthority> certificateAuthorities = new LinkedList<CertificateAuthority>();
CertificateAuthority certificateAuthority = new CertificateAuthority();
certificateAuthority.setIsRootAuthority(true);
byte[] certificate = Base64.getDecoder().decode("Binary");
certificateAuthority.setCertificate(certificate);
certificateAuthorities.add(certificateAuthority);
certificateBasedAuthConfiguration.setCertificateAuthorities(certificateAuthorities);
CertificateBasedAuthConfiguration result = graphClient.organization().byOrganizationId("{organization-id}").certificateBasedAuthConfiguration().post(certificateBasedAuthConfiguration);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\CertificateBasedAuthConfiguration;
use Microsoft\Graph\Generated\Models\CertificateAuthority;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new CertificateBasedAuthConfiguration();
$certificateAuthoritiesCertificateAuthority1 = new CertificateAuthority();
$certificateAuthoritiesCertificateAuthority1->setIsRootAuthority(true);
$certificateAuthoritiesCertificateAuthority1->setCertificate(\GuzzleHttp\Psr7\Utils::streamFor(base64_decode('Binary')));
$certificateAuthoritiesArray []= $certificateAuthoritiesCertificateAuthority1;
$requestBody->setCertificateAuthorities($certificateAuthoritiesArray);
$result = $graphServiceClient->organization()->byOrganizationId('organization-id')->certificateBasedAuthConfiguration()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.certificate_based_auth_configuration import CertificateBasedAuthConfiguration
from msgraph.generated.models.certificate_authority import CertificateAuthority
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = CertificateBasedAuthConfiguration(
certificate_authorities = [
CertificateAuthority(
is_root_authority = True,
certificate = base64.urlsafe_b64decode("Binary"),
),
],
)
result = await graph_client.organization.by_organization_id('organization-id').certificate_based_auth_configuration.post(request_body)