samlOrWsFedExternalDomainFederation resource type
Namespace: microsoft.graph
Allows a Microsoft Entra tenant to federate with an external organization whose identity provider (IdP) supports either the SAML or WS-Fed protocol. This enables the Microsoft Entra tenant to allow guest users to access its resources. For more information on SAML or WS-Fed IdP federation, see Federation with SAML or WS-Fed identity providers for guest users.
Inherits from samlOrWsFedProvider.
Methods
| Method | Return type | Description |
|---|---|---|
| List | samlOrWsFedExternalDomainFederation collection | Get a list of the samlOrWsFedExternalDomainFederation objects and their properties. |
| Create | samlOrWsFedExternalDomainFederation | Create a new samlOrWsFedExternalDomainFederation object. |
| Get | samlOrWsFedExternalDomainFederation | Read the properties and relationships of a samlOrWsFedExternalDomainFederation object. |
| Update | samlOrWsFedExternalDomainFederation | Update the properties of a samlOrWsFedExternalDomainFederation object. |
| Delete | None | Deletes a samlOrWsFedExternalDomainFederation object. |
| List domains | externalDomainName collection | Get the externalDomainName resources from the domains navigation property. |
| Create external domain name | externalDomainName | Create a new externalDomainName object. |
Properties
| Property | Type | Description |
|---|---|---|
| displayName | String | The display name of the SAML or WS-Fed based IdP. Inherited from identityProviderBase. |
| id | String | The identifier of the identity provider. Inherited from entity. |
| issuerUri | String | Issuer URI of the federation server. Inherited from samlOrWsFedProvider. |
| metadataExchangeUri | String | URI of the metadata exchange endpoint used for authentication from rich client applications. Inherited from samlOrWsFedProvider. |
| passiveSignInUri | String | URI that web-based clients are directed to when signing in to Microsoft Entra services. Inherited from samlOrWsFedProvider. |
| preferredAuthenticationProtocol | authenticationProtocol | Preferred authentication protocol. The possible values are: wsFed, saml, unknownFutureValue. Inherited from samlOrWsFedProvider. |
| signingCertificate | String | Current certificate used to sign tokens passed to the Microsoft identity platform. The certificate is formatted as a Base64 encoded string of the public portion of the federated IdP's token signing certificate and must be compatible with the X509Certificate2 class. This property is used in the following scenarios:
Microsoft Entra ID updates certificates via an autorollover process in which it attempts to retrieve a new certificate from the federation service metadata, 30 days before expiry of the current certificate. If a new certificate isn't available, Microsoft Entra ID monitors the metadata daily and will update the federation settings for the domain when a new certificate is available. Inherited from samlOrWsFedProvider. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| domains | externalDomainName collection | Collection of domain names of the external organizations that the tenant is federating with. Supports $filter (eq). |
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.samlOrWsFedExternalDomainFederation",
"id": "String (identifier)",
"displayName": "String",
"issuerUri": "String",
"metadataExchangeUri": "String",
"signingCertificate": "String",
"passiveSignInUri": "String",
"preferredAuthenticationProtocol": "String"
}