kerberosSignOnSettings resource type
Namespace: microsoft.graph
Important
APIs under the /beta
version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the Keberos Constrained Delegation (KCD) settings for the onPremisesPublishingSingleSignOn resource when publishing an on-premises application via Microsoft Entra application proxy. Application Proxy uses Kerberos Constrained Delegation (KCD) to support single-sign on to Integrated Windows Authentication applications. For more information, see Kerberos Constrained Delegation for single-sign on to your apps with Application Proxy.
Note
Do not use this property for configuring SAML or password-based single-sign on. If you are configuring SAML single-sign-on this must be set on the servicePrincipal. If you are configuring password-based single-sign this must be set using createPasswordSingleSignOnCredentials.
Properties
Property | Type | Description |
---|---|---|
kerberosServicePrincipalName | String | The Internal Application SPN of the application server. This SPN needs to be in the list of services to which the connector can present delegated credentials. |
kerberosSignOnMappingAttributeType | kerberosSignOnMappingAttributeType | The Delegated Login Identity for the connector to use on behalf of your users. For more information, see Working with different on-premises and cloud identities . Possible values are: userPrincipalName , onPremisesUserPrincipalName , userPrincipalUsername , onPremisesUserPrincipalUsername , onPremisesSAMAccountName . |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"kerberosServicePrincipalName": "String",
"kerberosSignOnMappingAttributeType": "String"
}