Create allowedValue

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Create a new allowedValue object.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) CustomSecAttributeDefinition.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application CustomSecAttributeDefinition.ReadWrite.All

The signed-in user must also be assigned the Attribute Definition Administrator directory role. By default, Global Administrator and other administrator roles do not have permissions to read, define, or assign custom security attributes.

HTTP request

POST /directory/customSecurityAttributeDefinitions/{customSecurityAttributeDefinitionId}/allowedValues

Request headers

Name Description
Authorization Bearer {token}. Required.
Content-Type application/json. Required.

Request body

In the request body, supply a JSON representation of the allowedValue object.

The following table shows the properties that are required when you create the allowedValue.

Property Type Description
id String Identifier for the predefined value. Can be up to 64 characters long and include Unicode characters. Can include spaces, but some special characters are not allowed. Cannot be changed later. Case sensitive. Required.
isActive Boolean Indicates whether the predefined value is active or deactivated. If set to false, this predefined value cannot be assigned to any additional supported directory objects. Required.


If successful, this method returns a 201 Created response code and an allowedValue object in the response body.


Example: Add a predefined value

The following example adds a predefined value to a custom security attribute definition.

  • Attribute set: Engineering
  • Attribute: Project
  • Predefined value: Alpine


Content-Type: application/json



HTTP/1.1 201 Created
Content-Type: application/json

    "@odata.context": "$metadata#directory/customSecurityAttributeDefinitions('Engineering_Project')/allowedValues/$entity",
    "id": "Alpine",
    "isActive": true