objectIdentity resource type
Namespace: microsoft.graph
Represents an identity used to sign in to a user account. An identity can be provided by Microsoft, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account. This enables the user to sign in to the user account with any of those associated identities.
The identities property of the user resource is an objectIdentity object.
Properties
Property | Type | Description |
---|---|---|
issuer | string | Specifies the issuer of the identity, for example facebook.com .For local accounts (where signInType isn't federated ), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com .For guests from other Microsoft Entra organization, this is the domain of the federated organization, for example contoso.com .Supports $filter . 512 character limit. |
issuerAssignedId | string | Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).When signInType is set to:
$filter . 64 character limit. |
signInType | String | Specifies the user sign-in types in your directory, such as emailAddress , userName , federated , or userPrincipalName . federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Other validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName . This property can also be set to any custom string. |
Filtering
When filtering on the identities property for an issuerAssignedId, you must supply both issuer and issuerAssignedId. In addition:
- Filtering for entries with a signInType of
federated
requires a valid issuer and issuerAssignedId. - Filtering for entries with a signInType of
userName
oremailAddress
ignores the issuer value. This is by design. - Filtering for entries with a signInType of
userPrincipalName
isn't supported. This can instead be accomplished by filtering on the userPrincipalName property on the user object.
Filtering on issuer alone is supported for the following values: google.com
, facebook.com
, mail
, and phone
.
JSON representation
Here's a JSON representation of the resource.
{
"signInType": "string",
"issuer": "string",
"issuerAssignedId": "string"
}
Feedback
Submit and view feedback for