Set-EntraUserCBACertificateUserId
Sets certificate-based authentication user IDs for a user in Microsoft Entra ID using a certificate file or object.
Syntax
Default (Default)
Set-EntraUserCBACertificateUserId
-UserId <string>
[-CertPath <string>]
[-Cert <System.Security.Cryptography.X509Certificates.X509Certificate2>]
-CertificateMapping <string[]>
[<CommonParameters>]
Description
Configures certificate-based authentication user IDs for a user in Microsoft Entra ID. Accepts a certificate file path or object, and one or more certificate mapping types to apply to the user's authorization information.
Update-EntraUserCBACertificateUserId is an alias of Set-EntraUserCBACertificateUserId.
In delegated scenarios using work or school accounts, the signed-in user must have a Microsoft Entra role or custom role with the necessary permissions. The following least privileged roles support this operation:
- Privileged Authentication Administrator (for Cloud-only users)
- Hybrid Identity Administrator (for synchronized users)
Parameters
-Cert
Certificate object used to extract certificate user IDs.
Parameter properties
| Type: | System.Security.Cryptography.X509Certificates.X509Certificate2 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | CertificateObject, Certificate |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-CertificateMapping
One or more certificate mapping types to be applied. Valid values are: PrincipalName, RFC822Name, IssuerAndSubject, Subject, SKI, SHA1PublicKey, and IssuerAndSerialNumber.
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-CertPath
Path to the certificate file.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | CertificatePath |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-UserId
Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId, UPN, Identity, UserPrincipalName |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.