New-AzFederatedIdentityCredential
create a federated identity credential under the specified user assigned identity.
Syntax
CreateExpanded (Default)
New-AzFederatedIdentityCredential
-IdentityName <String>
-Name <String>
-ResourceGroupName <String>
[-SubscriptionId <String>]
[-Audience <String[]>]
[-Issuer <String>]
[-Subject <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
CreateViaJsonFilePath
New-AzFederatedIdentityCredential
-IdentityName <String>
-Name <String>
-ResourceGroupName <String>
-JsonFilePath <String>
[-SubscriptionId <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
CreateViaJsonString
New-AzFederatedIdentityCredential
-IdentityName <String>
-Name <String>
-ResourceGroupName <String>
-JsonString <String>
[-SubscriptionId <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
create a federated identity credential under the specified user assigned identity.
Examples
Example 1: Create a federated identity credential under the specified user assigned identity
New-AzFederatedIdentityCredential -ResourceGroupName azure-rg-test -IdentityName uai-pwsh01 `
-Name fic-pwsh01 -Issuer "https://kubernetes-oauth.azure.com" -Subject "system:serviceaccount:ns:svcaccount"
Name Issuer Subject Audience
---- ------ ------- --------
fic-pwsh01 https://kubernetes-oauth.azure.com system:serviceaccount:ns:svcaccount {api://AzureADTokenExchange}
This command creates a federated identity credential under the specified user assigned identity.
Example 2: Create a federated identity credential under the specified user assigned identity with 'Audience' override
New-AzFederatedIdentityCredential -ResourceGroupName azure-rg-test -IdentityName uai-pwsh01 `
-Name fic-pwsh01 -Issuer "https://kubernetes-oauth.azure.com" -Subject "system:serviceaccount:ns:svcaccount" `
-Audience @("api://AzureADTokenExchange-Modified")
Name Issuer Subject Audience
---- ------ ------- --------
fic-pwsh01 https://kubernetes-oauth.azure.com system:serviceaccount:ns:svcaccount {api://AzureADTokenExchange}
This command creates a federated identity credential under the specified user assigned identity with the custom audience
Parameters
-Audience
The list of audiences that can appear in the issued token.
Parameter properties
Type: String [ ]
Default value: @("api://AzureADTokenExchange") Supports wildcards: False DontShow: False
Parameter sets
CreateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The DefaultProfile parameter is not functional.
Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Parameter properties
Type: PSObject
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRMContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-IdentityName
The name of the identity resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Issuer
The URL of the issuer to be trusted.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
CreateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-JsonFilePath
Path of Json file supplied to the Create operation
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
CreateViaJsonFilePath
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-JsonString
Json string supplied to the Create operation
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
CreateViaJsonString
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
The name of the federated identity credential resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
The name of the resource group.
The name is case insensitive.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Subject
The identifier of the external identity.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
CreateExpanded
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SubscriptionId
The Id of the Subscription to which the identity belongs.
Parameter properties
Type: String
Default value: (Get-AzContext).Subscription.Id Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
Notes
ALIASES
New-AzFederatedIdentityCredentials
