homeRealmDiscoveryPolicy resource type

Namespace: microsoft.graph

Represents a policy to control Microsoft Entra authentication behavior for federated users, in particular for auto-acceleration and user authentication restrictions in federated domains. You can set homeRealmDiscoveryPolicy for all service principals in your organization, or for specific service principals in your organization. For more scenario and policy details, see Configure Microsoft Entra sign-in behavior for an application by using a Home Realm Discovery policy and Sign-in to Microsoft Entra ID using email as an alternate login ID.

Inherits from stsPolicy.


Method Return Type Description
List homeRealmDiscoveryPolicies homeRealmDiscoveryPolicy Read properties and relationships of homeRealmDiscoveryPolicies objects.
Create homeRealmDiscoveryPolicy homeRealmDiscoveryPolicy Create a homeRealmDiscoveryPolicy object.
Get homeRealmDiscoveryPolicy homeRealmDiscoveryPolicy Read properties and relationships of a homeRealmDiscoveryPolicy object.
Update homeRealmDiscoveryPolicy None Update a homeRealmDiscoveryPolicy object.
Delete homeRealmDiscoveryPolicy None Delete a homeRealmDiscoveryPolicy object.
List appliesTo directoryObject collection Get the list of directoryObjects that this policy has been applied to.


Property Type Description
definition String collection A string collection containing a JSON string that defines the rules and settings for this policy. See Properties of a home realm discovery policy definition for more details about the JSON schema for this property. Required.
description String Description for this policy.
displayName String Display name for this policy. Required.
id String Unique identifier for this policy. Read-only.
isOrganizationDefault Boolean If set to true, activates this policy. There can be many policies for the same policy type, but only one can be activated as the organization default. Optional, default value is false.

Properties of a home realm discovery policy definition

The properties below form the JSON object that represents a token lifetime policy. This JSON object must be converted to a string with quotations escaped to be inserted into the definition property. An example is shown below in JSON format:

"definition": [
        \"HomeRealmDiscoveryPolicy\": {
          \"AllowCloudPasswordValidation\": false,
Property Type Description
AccelerateToFederatedDomain Boolean Set to true for auto-acceleration (bypass home realm discovery). If true and there's only one verified and federated domain in the tenant, then users are taken straight to the federated identity provider (such as ADFS) for sign in. If true and there's more than one verified domain in the tenant, PreferredDomain must be specified. Optional.
AllowCloudPasswordValidation Boolean Set to true to allow an application to authenticate a federated user by presenting username/password credentials directly to the Microsoft Entra token endpoint. Only works if Password Hash Sync is enabled. Optional.
AlternateIdLogin Json Set to {\"Enabled\": true} to allow Microsoft Entra sign-in using email as an alternate login ID. Only works when IsOrganizationDefault is set to true. Optional.
PreferredDomain String Specifies a domain to accelerate sign-in to. It can be omitted if the tenant has only one federated domain. If it's omitted, and there's more than one verified federated domain, this policy has no effect. Required if AccelerateToFederatedDomain is true.


Relationship Type Description
appliesTo directoryObject collection The directoryObject collection that this policy has been applied to. Read-only.

JSON representation

The following JSON representation shows the resource type.

  "definition": ["String"],
  "description": "String",
  "displayName": "String",
  "id": "String (identifier)",
  "isOrganizationDefault": true