New-MgUserAuthenticationTemporaryAccessPassMethod
Create a new temporaryAccessPassAuthenticationMethod object on a user. A user can only have one Temporary Access Pass that's usable within its specified lifetime. If the user requires a new Temporary Access Pass while the current Temporary Access Pass is valid, the admin can create a new Temporary Access Pass for the user, the previous Temporary Access Pass will be deleted, and a new Temporary Access Pass will be created.
Note
To view the beta release of this cmdlet, view New-MgBetaUserAuthenticationTemporaryAccessPassMethod
Syntax
New-MgUserAuthenticationTemporaryAccessPassMethod
-UserId <String>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-CreatedDateTime <DateTime>]
[-Id <String>]
[-IsUsable]
[-IsUsableOnce]
[-LifetimeInMinutes <Int32>]
[-MethodUsabilityReason <String>]
[-StartDateTime <DateTime>]
[-TemporaryAccessPass <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-MgUserAuthenticationTemporaryAccessPassMethod
-UserId <String>
-BodyParameter <IMicrosoftGraphTemporaryAccessPassAuthenticationMethod>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-MgUserAuthenticationTemporaryAccessPassMethod
-InputObject <IIdentitySignInsIdentity>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-CreatedDateTime <DateTime>]
[-Id <String>]
[-IsUsable]
[-IsUsableOnce]
[-LifetimeInMinutes <Int32>]
[-MethodUsabilityReason <String>]
[-StartDateTime <DateTime>]
[-TemporaryAccessPass <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-MgUserAuthenticationTemporaryAccessPassMethod
-InputObject <IIdentitySignInsIdentity>
-BodyParameter <IMicrosoftGraphTemporaryAccessPassAuthenticationMethod>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Create a new temporaryAccessPassAuthenticationMethod object on a user. A user can only have one Temporary Access Pass that's usable within its specified lifetime. If the user requires a new Temporary Access Pass while the current Temporary Access Pass is valid, the admin can create a new Temporary Access Pass for the user, the previous Temporary Access Pass will be deleted, and a new Temporary Access Pass will be created.
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | UserAuthenticationMethod.ReadWrite.All | Not available. |
Examples
Example 1: Code snippet
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
startDateTime = [System.DateTime]::Parse("2022-06-05T00:00:00.000Z")
lifetimeInMinutes = 60
isUsableOnce = $false
}
New-MgUserAuthenticationTemporaryAccessPassMethod -UserId $userId -BodyParameter $paramsThis example shows how to use the New-MgUserAuthenticationTemporaryAccessPassMethod Cmdlet.
To learn about permissions for this resource, see the permissions reference.
Parameters
-AdditionalProperties
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BodyParameter
temporaryAccessPassAuthenticationMethod To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IMicrosoftGraphTemporaryAccessPassAuthenticationMethod |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CreatedDateTime
The date and time when the Temporary Access Pass was created.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Id
The unique identifier for an entity. Read-only.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | IIdentitySignInsIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IsUsable
The state of the authentication method that indicates whether it's currently usable by the user.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsUsableOnce
Determines whether the pass is limited to a one-time use. If true, the pass can be used once; if false, the pass can be used multiple times within the Temporary Access Pass lifetime.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LifetimeInMinutes
The lifetime of the Temporary Access Pass in minutes starting at startDateTime. Must be between 10 and 43200 inclusive (equivalent to 30 days).
| Type: | Int32 |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-MethodUsabilityReason
Details about the usability state (isUsable). Reasons can include: EnabledByPolicy, DisabledByPolicy, Expired, NotYetValid, OneTimeUsed.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StartDateTime
The date and time when the Temporary Access Pass becomes available to use and when isUsable is true is enforced.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TemporaryAccessPass
The Temporary Access Pass used to authenticate. Returned only on creation of a new temporaryAccessPassAuthenticationMethod object; Hidden in subsequent read operations and returned as null with GET.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserId
The unique identifier of user
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IIdentitySignInsIdentity
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphTemporaryAccessPassAuthenticationMethod
System.Collections.IDictionary
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphTemporaryAccessPassAuthenticationMethod
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphTemporaryAccessPassAuthenticationMethod>: temporaryAccessPassAuthenticationMethod
[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[CreatedDateTime <DateTime?>]: The date and time when the Temporary Access Pass was created.[IsUsable <Boolean?>]: The state of the authentication method that indicates whether it's currently usable by the user.[IsUsableOnce <Boolean?>]: Determines whether the pass is limited to a one-time use. If true, the pass can be used once; if false, the pass can be used multiple times within the Temporary Access Pass lifetime.[LifetimeInMinutes <Int32?>]: The lifetime of the Temporary Access Pass in minutes starting at startDateTime. Must be between 10 and 43200 inclusive (equivalent to 30 days).[MethodUsabilityReason <String>]: Details about the usability state (isUsable). Reasons can include: EnabledByPolicy, DisabledByPolicy, Expired, NotYetValid, OneTimeUsed.[StartDateTime <DateTime?>]: The date and time when the Temporary Access Pass becomes available to use and when isUsable is true is enforced.[TemporaryAccessPass <String>]: The Temporary Access Pass used to authenticate. Returned only on creation of a new temporaryAccessPassAuthenticationMethod object; Hidden in subsequent read operations and returned as null with GET.
INPUTOBJECT <IIdentitySignInsIdentity>: Identity Parameter
[ActivityBasedTimeoutPolicyId <String>]: The unique identifier of activityBasedTimeoutPolicy[AppManagementPolicyId <String>]: The unique identifier of appManagementPolicy[AuthenticationCombinationConfigurationId <String>]: The unique identifier of authenticationCombinationConfiguration[AuthenticationContextClassReferenceId <String>]: The unique identifier of authenticationContextClassReference[AuthenticationMethodConfigurationId <String>]: The unique identifier of authenticationMethodConfiguration[AuthenticationMethodId <String>]: The unique identifier of authenticationMethod[AuthenticationMethodModeDetailId <String>]: The unique identifier of authenticationMethodModeDetail[AuthenticationStrengthPolicyId <String>]: The unique identifier of authenticationStrengthPolicy[B2XIdentityUserFlowId <String>]: The unique identifier of b2xIdentityUserFlow[BitlockerRecoveryKeyId <String>]: The unique identifier of bitlockerRecoveryKey[CertificateBasedAuthConfigurationId <String>]: The unique identifier of certificateBasedAuthConfiguration[ClaimsMappingPolicyId <String>]: The unique identifier of claimsMappingPolicy[ConditionalAccessPolicyId <String>]: The unique identifier of conditionalAccessPolicy[ConditionalAccessTemplateId <String>]: The unique identifier of conditionalAccessTemplate[CrossTenantAccessPolicyConfigurationPartnerTenantId <String>]: The unique identifier of crossTenantAccessPolicyConfigurationPartner[DataPolicyOperationId <String>]: The unique identifier of dataPolicyOperation[DirectoryObjectId <String>]: The unique identifier of directoryObject[EmailAuthenticationMethodId <String>]: The unique identifier of emailAuthenticationMethod[FeatureRolloutPolicyId <String>]: The unique identifier of featureRolloutPolicy[Fido2AuthenticationMethodId <String>]: The unique identifier of fido2AuthenticationMethod[HomeRealmDiscoveryPolicyId <String>]: The unique identifier of homeRealmDiscoveryPolicy[IdentityApiConnectorId <String>]: The unique identifier of identityApiConnector[IdentityProviderBaseId <String>]: The unique identifier of identityProviderBase[IdentityProviderId <String>]: The unique identifier of identityProvider[IdentityUserFlowAttributeAssignmentId <String>]: The unique identifier of identityUserFlowAttributeAssignment[IdentityUserFlowAttributeId <String>]: The unique identifier of identityUserFlowAttribute[InvitationId <String>]: The unique identifier of invitation[LongRunningOperationId <String>]: The unique identifier of longRunningOperation[MicrosoftAuthenticatorAuthenticationMethodId <String>]: The unique identifier of microsoftAuthenticatorAuthenticationMethod[NamedLocationId <String>]: The unique identifier of namedLocation[OAuth2PermissionGrantId <String>]: The unique identifier of oAuth2PermissionGrant[OrganizationId <String>]: The unique identifier of organization[PasswordAuthenticationMethodId <String>]: The unique identifier of passwordAuthenticationMethod[PermissionGrantConditionSetId <String>]: The unique identifier of permissionGrantConditionSet[PermissionGrantPolicyId <String>]: The unique identifier of permissionGrantPolicy[PhoneAuthenticationMethodId <String>]: The unique identifier of phoneAuthenticationMethod[RiskDetectionId <String>]: The unique identifier of riskDetection[RiskyServicePrincipalHistoryItemId <String>]: The unique identifier of riskyServicePrincipalHistoryItem[RiskyServicePrincipalId <String>]: The unique identifier of riskyServicePrincipal[RiskyUserHistoryItemId <String>]: The unique identifier of riskyUserHistoryItem[RiskyUserId <String>]: The unique identifier of riskyUser[ServicePrincipalRiskDetectionId <String>]: The unique identifier of servicePrincipalRiskDetection[SoftwareOathAuthenticationMethodId <String>]: The unique identifier of softwareOathAuthenticationMethod[TemporaryAccessPassAuthenticationMethodId <String>]: The unique identifier of temporaryAccessPassAuthenticationMethod[ThreatAssessmentRequestId <String>]: The unique identifier of threatAssessmentRequest[ThreatAssessmentResultId <String>]: The unique identifier of threatAssessmentResult[TokenIssuancePolicyId <String>]: The unique identifier of tokenIssuancePolicy[TokenLifetimePolicyId <String>]: The unique identifier of tokenLifetimePolicy[UnifiedRoleManagementPolicyAssignmentId <String>]: The unique identifier of unifiedRoleManagementPolicyAssignment[UnifiedRoleManagementPolicyId <String>]: The unique identifier of unifiedRoleManagementPolicy[UnifiedRoleManagementPolicyRuleId <String>]: The unique identifier of unifiedRoleManagementPolicyRule[UserFlowLanguageConfigurationId <String>]: The unique identifier of userFlowLanguageConfiguration[UserFlowLanguagePageId <String>]: The unique identifier of userFlowLanguagePage[UserId <String>]: The unique identifier of user[WindowsHelloForBusinessAuthenticationMethodId <String>]: The unique identifier of windowsHelloForBusinessAuthenticationMethod