List temporaryAccessPassMethods
Namespace: microsoft.graph
Retrieve a list of a user's temporaryAccessPassAuthenticationMethod objects and their properties. This API will only return a single object in the collection as a user can have only one Temporary Access Pass method.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ❌ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permissions acting on self
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |
| Delegated (personal Microsoft account) | Not supported. |
| Application | Not supported. |
Permissions acting on other users
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |
Important
In delegated scenarios with work or school accounts where the signed-in user is acting on another user, they must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
- Global Reader
- Authentication Administrator
- Privileged Authentication Administrator
HTTP request
Get details of your own temporary access pass (TAP) authentication method.
GET /me/authentication/temporaryAccessPassMethods
Get details of your own or another user's temporary access pass (TAP) authentication method.
GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods
Optional query parameters
This method does not support optional query parameters to customize the response.
Request headers
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Request
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK response code and a collection of temporaryAccessPassAuthenticationMethod objects in the response body. This call will only return a single object because only one temporaryAccessPassAuthenticationMethod can be set on users.
Examples
Request
GET https://graph.microsoft.com/v1.0/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/temporaryAccessPassMethods
Response
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('071cc716-8147-4397-a5ba-b2105951cc0b')/authentication/temporaryAccessPassMethods",
"value": [
{
"id": "bdaede67-61e0-4349-9347-d2d6afd84009",
"temporaryAccessPass": null,
"createdDateTime": "2022-06-06T16:43:04.6438213Z",
"startDateTime": "2022-06-06T16:48:03.027Z",
"lifetimeInMinutes": 60,
"isUsableOnce": false,
"isUsable": false,
"methodUsabilityReason": "NotYetValid"
}
]
}