Create certificateBasedAuthConfiguration

Namespace: microsoft.graph

Create a new certificateBasedAuthConfiguration object.

Note

Only a single instance of a certificateBasedAuthConfiguration can be created (the collection can only have one member). It always has a fixed ID with a value of '29728ade-6ae4-4ee9-9103-412912537da5'.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Organization.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application Organization.ReadWrite.All

For delegated scenarios, the calling user must have the Global Administrator Azure AD role.

HTTP request

POST /organization/{id}/certificateBasedAuthConfiguration

Request headers

Name Description
Authorization Bearer {token}. Required.
Content-Type application/json. Required.

Request body

The following properties are required to create the certificateBasedAuthConfiguration object.

Property Type Description
certificateAuthorities certificateAuthority collection Collection of certificate authorities that creates a trusted certificate chain. Each member of the collection must contain certificate and isRootAuthority properties.

Response

If successful, this method returns 201 Created response code and a new certificateBasedAuthConfiguration object in the response body.

Examples

Request

The following is an example of the request.

POST https://graph.microsoft.com/v1.0/organization/{id}/certificateBasedAuthConfiguration
Content-type: application/json

{
  "certificateAuthorities": [
    {
      "isRootAuthority": true,
      "certificate": "Binary"
    }
  ]
}

Response

The following is an example of the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-type: application/json

{
  "id": "id-value",
  "certificateAuthorities": [
    {
      "isRootAuthority": true,
      "certificate": "Binary",
      "issuer": "issuer-value",
      "issuerSki": "issuerSki-value"
    }
  ]
}