federatedTokenValidationPolicy resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents a policy to control enabling or disabling validation of federation authentication tokens. It allows matching an on-premises federated account and a mapped Microsoft Entra ID account's root domain. When enabled, Microsoft Entra ID rejects an authentication request if the on-premises federated account and the mapped Microsoft Entra ID account's root domain don't match.
Inherits from directoryObject.
Methods
| Method | Return type | Description |
|---|---|---|
| List | federatedTokenValidationPolicy collection | Get a list of the federatedTokenValidationPolicy objects and their properties. |
| Get | federatedTokenValidationPolicy | Read the properties and relationships of a federatedTokenValidationPolicy object. |
| Update | federatedTokenValidationPolicy | Update the properties of a federatedTokenValidationPolicy object. |
Properties
| Property | Type | Description |
|---|---|---|
| deletedDateTime | DateTimeOffset | Date and time when this object was deleted. Always null when the object wasn't deleted. Inherited from directoryObject. |
| ID | String | The unique identifier for the object. Key. Not nullable. Read-only. Inherited from directoryObject. |
| validatingDomains | validatingDomains | Verified Microsoft Entra ID domains that Microsoft Entra ID validates that the federated account's root domain matches with the mapped Microsoft Entra account's root domain. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.federatedTokenValidationPolicy",
"id": "String (identifier)",
"deletedDateTime": "String (timestamp)",
"validatingDomains": {
"@odata.type": "microsoft.graph.validatingDomains"
}
}