Create identityProvider

Article
03/02/2023

Namespace: microsoft.graph

Create an identity provider object that is of the type specified in the request body.

Among the types of providers derived from identityProviderBase, you can currently create a socialIdentityProvider resource in Azure AD. In Azure AD B2C, this operation can currently create a socialIdentityProvider, or an appleManagedIdentityProvider resource.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	IdentityProvider.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	IdentityProvider.ReadWrite.All

The work or school account needs to belong to one of the following roles:

Global Administrator
External Identity Provider Administrator

HTTP request

POST /identity/identityProviders

Request headers

Name	Description
Authorization	Bearer {token}. Required.
Content-Type	application/json. Required.

Request body

In the request body, provide a JSON representation of socialIdentityProvider object in Azure AD.

In Azure AD B2C provide a JSON representation of socialIdentityProvider, or an appleManagedIdentityProvider object.

socialIdentityProvider object

Property	Type	Description
clientId	String	The client identifier for the application obtained when registering the application with the identity provider.
clientSecret	String	The client secret for the application that is obtained when the application is registered with the identity provider. This is write-only. A read operation returns `****`.
displayName	String	The display name of the identity provider.
identityProviderType	String	For a B2B scenario, possible values: `Google`, `Facebook`. For a B2C scenario, possible values: `Microsoft`, `Google`, `Amazon`, `LinkedIn`, `Facebook`, `GitHub`, `Twitter`, `Weibo`, `QQ`, `WeChat`.
scope	String	Scope defines the information and permissions you are looking to gather from your custom identity provider.

appleIdentityProvider object

Property	Type	Description
displayName	String	The display name of the identity provider.
developerId	String	The Apple developer identifier.
serviceId	String	The Apple service identifier.
keyId	String	The Apple key identifier.
certificateData	String	The certificate data which is a long string of text from the certificate, can be null.

Response

If successful, this method returns a 201 Created response code and a JSON representation of a socialIdentityProvider object in the response body for an Azure AD tenant.

For an Azure AD B2C tenant, this method returns a 201 Created response code and a JSON representation of a socialIdentityProvider, or an appleManagedIdentityProvider object in the response body.

If unsuccessful, a 4xx error will be returned with specific details.

Examples

Request

The following is an example of the request.

POST https://graph.microsoft.com/v1.0/identity/identityProviders
Content-type: application/json

{
  "@odata.type": "microsoft.graph.socialIdentityProvider",
  "displayName": "Login with Amazon",
  "identityProviderType": "Amazon",
  "clientId": "56433757-cadd-4135-8431-2c9e3fd68ae8",
  "clientSecret": "000000000000"
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new IdentityProviderBase
{
	OdataType = "microsoft.graph.socialIdentityProvider",
	DisplayName = "Login with Amazon",
	AdditionalData = new Dictionary<string, object>
	{
		{
			"identityProviderType" , "Amazon"
		},
		{
			"clientId" , "56433757-cadd-4135-8431-2c9e3fd68ae8"
		},
		{
			"clientSecret" , "000000000000"
		},
	},
};
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Login with Amazon"
requestBody.SetDisplayName(&displayName) 
additionalData := map[string]interface{}{
	"identityProviderType" : "Amazon", 
	"clientId" : "56433757-cadd-4135-8431-2c9e3fd68ae8", 
	"clientSecret" : "000000000000", 
}
requestBody.SetAdditionalData(additionalData)

result, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

SocialIdentityProvider identityProviderBase = new SocialIdentityProvider();
identityProviderBase.displayName = "Login with Amazon";
identityProviderBase.identityProviderType = "Amazon";
identityProviderBase.clientId = "56433757-cadd-4135-8431-2c9e3fd68ae8";
identityProviderBase.clientSecret = "000000000000";

graphClient.identity().identityProviders()
	.buildRequest()
	.post(identityProviderBase);


const options = {
	authProvider,
};

const client = Client.init(options);

const identityProviderBase = {
  '@odata.type': 'microsoft.graph.socialIdentityProvider',
  displayName: 'Login with Amazon',
  identityProviderType: 'Amazon',
  clientId: '56433757-cadd-4135-8431-2c9e3fd68ae8',
  clientSecret: '000000000000'
};

await client.api('/identity/identityProviders')
	.post(identityProviderBase);


<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new IdentityProviderBase();
$requestBody->set@odatatype('microsoft.graph.socialIdentityProvider');

$requestBody->setDisplayName('Login with Amazon');

$additionalData = [
		'identityProviderType' => 'Amazon', 
		'clientId' => '56433757-cadd-4135-8431-2c9e3fd68ae8', 
		'clientSecret' => '000000000000', 
];
$requestBody->setAdditionalData($additionalData);




$result = $graphServiceClient->identity()->identityProviders()->post($requestBody);


Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "microsoft.graph.socialIdentityProvider"
	displayName = "Login with Amazon"
	identityProviderType = "Amazon"
	clientId = "56433757-cadd-4135-8431-2c9e3fd68ae8"
	clientSecret = "000000000000"
}

New-MgIdentityProvider -BodyParameter $params

Response

The following is an example of the response.

HTTP/1.1 201 Created
Content-type: application/json

{
    "@odata.type": "microsoft.graph.socialIdentityProvider",
    "id": "Amazon-OAUTH",
    "displayName": "Login with Amazon",
    "identityProviderType": "Amazon",
    "clientId": "56433757-cadd-4135-8431-2c9e3fd68ae8",
    "clientSecret": "000000000000"
}

Example 2: Retrieves Apple identity provider (only for Azure AD B2C)

Request

The following is an example of the request.

POST https://graph.microsoft.com/v1.0/identity/identityProviders
Content-type: application/json

{
  "@odata.type": "microsoft.graph.appleManagedIdentityProvider",
  "displayName": "Sign in with Apple",
  "developerId": "UBF8T346G9",
  "serviceId": "com.microsoft.rts.b2c.test.client",
  "keyId": "99P6D879C4",
  "certificateData": "******"
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new IdentityProviderBase
{
	OdataType = "microsoft.graph.appleManagedIdentityProvider",
	DisplayName = "Sign in with Apple",
	AdditionalData = new Dictionary<string, object>
	{
		{
			"developerId" , "UBF8T346G9"
		},
		{
			"serviceId" , "com.microsoft.rts.b2c.test.client"
		},
		{
			"keyId" , "99P6D879C4"
		},
		{
			"certificateData" , "******"
		},
	},
};
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewIdentityProviderBase()
displayName := "Sign in with Apple"
requestBody.SetDisplayName(&displayName) 
additionalData := map[string]interface{}{
	"developerId" : "UBF8T346G9", 
	"serviceId" : "com.microsoft.rts.b2c.test.client", 
	"keyId" : "99P6D879C4", 
	"certificateData" : "******", 
}
requestBody.SetAdditionalData(additionalData)

result, err := graphClient.Identity().IdentityProviders().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AppleManagedIdentityProvider identityProviderBase = new AppleManagedIdentityProvider();
identityProviderBase.displayName = "Sign in with Apple";
identityProviderBase.developerId = "UBF8T346G9";
identityProviderBase.serviceId = "com.microsoft.rts.b2c.test.client";
identityProviderBase.keyId = "99P6D879C4";
identityProviderBase.certificateData = "******";

graphClient.identity().identityProviders()
	.buildRequest()
	.post(identityProviderBase);


const options = {
	authProvider,
};

const client = Client.init(options);

const identityProviderBase = {
  '@odata.type': 'microsoft.graph.appleManagedIdentityProvider',
  displayName: 'Sign in with Apple',
  developerId: 'UBF8T346G9',
  serviceId: 'com.microsoft.rts.b2c.test.client',
  keyId: '99P6D879C4',
  certificateData: '******'
};

await client.api('/identity/identityProviders')
	.post(identityProviderBase);


<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new IdentityProviderBase();
$requestBody->set@odatatype('microsoft.graph.appleManagedIdentityProvider');

$requestBody->setDisplayName('Sign in with Apple');

$additionalData = [
		'developerId' => 'UBF8T346G9', 
		'serviceId' => 'com.microsoft.rts.b2c.test.client', 
		'keyId' => '99P6D879C4', 
		'certificateData' => '******', 
];
$requestBody->setAdditionalData($additionalData);




$result = $graphServiceClient->identity()->identityProviders()->post($requestBody);


Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "microsoft.graph.appleManagedIdentityProvider"
	displayName = "Sign in with Apple"
	developerId = "UBF8T346G9"
	serviceId = "com.microsoft.rts.b2c.test.client"
	keyId = "99P6D879C4"
	certificateData = "******"
}

New-MgIdentityProvider -BodyParameter $params

Response

The following is an example of the response.

HTTP/1.1 201 Created
Content-type: application/json

{
  "@odata.type": "microsoft.graph.appleManagedIdentityProvider",
  "id": "Apple-Managed-OIDC",
  "displayName": "Sign in with Apple",
  "developerId": "UBF8T346G9",
  "serviceId": "com.microsoft.rts.b2c.test.client",
  "keyId": "99P6D879C4",
  "certificateData": "******"
}

Create identityProvider

Permissions

HTTP request

Request headers

Request body

socialIdentityProvider object

appleIdentityProvider object

Response

Examples

Request

Response

Example 2: Retrieves Apple identity provider (only for Azure AD B2C)

Request

Response

Feedback

Additional resources

Additional resources

Create identityProvider

Permissions

HTTP request

Request headers

Request body

socialIdentityProvider object

appleIdentityProvider object

Response

Examples

Example 1: Create a specific social identity provider (Azure AD and Azure AD B2C)

Request

Response

Example 2: Retrieves Apple identity provider (only for Azure AD B2C)

Request

Response

Feedback

Additional resources

Additional resources