| title | Create authenticationCombinationConfiguration |
|---|---|
| description | Create a new authenticationCombinationConfiguration object. In use, only fido2combinationConfigurations objects might be created, and only for custom authentication strength policies. |
| author | InbarckMS |
| ms.reviewer | conditionalaccesspm |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | apiPageType |
| ms.date | 04/05/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Create a new authenticationCombinationConfiguration object which can be of one of the following derived types:
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE rbac-authenticationstrength-apis-write]
POST /identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
In the request body, supply a JSON representation of the authenticationCombinationConfiguration object.
You can specify the following properties when creating an authenticationCombinationConfiguration. Additionally, you must supply the @odata.type and required properties of the derived type of authenticationCombinationConfiguration that you're creating. For example, "@odata.type" : "#microsoft.graph.fido2CombinationConfiguration".
| Property | Type | Description |
|---|---|---|
| appliesToCombinations | authenticationMethodModes collection | The combinations where this configuration applies. For fido2combinationConfigurations use "fido2", for x509certificatecombinationconfiguration use "x509CertificateSingleFactor" or "x509CertificateMultiFactor". Required. |
If successful, this method returns a 201 Created response code and a fido2combinationConfigurations or an x509certificatecombinationconfiguration object in the response body.
The following example shows a request.
POST https://graph.microsoft.com/beta/identity/conditionalAccess/authenticationStrength/policies/8313edec-d6af-483f-87b8-ec7cccfd2ab4/combinationConfigurations
Content-Type: application/json
Content-length: 130
{
"@odata.type" : "#microsoft.graph.fido2CombinationConfiguration",
"allowedAAGUIDs": [
"486c3b50-889c-480a-abc5-c04ef7c873e0",
"c042882f-a621-40c8-94d3-9cde3a826fed",
"ec454c08-4c77-4012-9d48-45f7f0fccdfb"
],
"appliesToCombinations": ["fido2"]
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.type" : "#microsoft.graph.fido2CombinationConfiguration",
"id": "96cb1a17-e45e-4b4f-8b4b-4a9490d63d66",
"allowedAAGUIDs": [
"486c3b50-889c-480a-abc5-c04ef7c873e0",
"c042882f-a621-40c8-94d3-9cde3a826fed",
"ec454c08-4c77-4012-9d48-45f7f0fccdfb"
],
"appliesToCombinations": ["fido2"]
}