| title | mutualTlsOauthConfiguration resource type |
|---|---|
| description | Represents a list of certificate authorities (CAs) that are permitted to issue certificates for a specific set of objects used for mTLS. |
| author | sgeislinger |
| ms.localizationpriority | medium |
| ms.date | 12/31/2024 |
| ms.subservice | entra-id |
| doc_type | resourcePageType |
| toc.title | Mutual TLS OAuth configuration |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Represents a list of certificate authorities (CAs) that are permitted to issue certificates for a specific set of objects used for mTLS.
This object is typically created by a device authority on their own Microsoft Entra tenant. In some cases, the user might choose to create this object in their Microsoft Entra tenant.
Inherits from trustedCertificateAuthorityBase.
| Method | Return type | Description |
|---|---|---|
| List | mutualTlsOauthConfiguration collection | Get a list of the available mutualTlsOauthConfiguration resources. |
| Create | mutualTlsOauthConfiguration | Create a mutualTlsOauthConfiguration resource that contains a specified certificate authority object. |
| Get | mutualTlsOauthConfiguration | Get the properties and relationships of the specified mutualTlsOauthConfiguration resource. |
| Update | mutualTlsOauthConfiguration | Update the specified mutualTlsOauthConfiguration resource. |
| Delete | None | Delete the specified mutualTlsOauthConfiguration resource. |
| Property | Type | Description |
|---|---|---|
| certificateAuthorities | certificateAuthority collection | Multi-value property that represents a list of trusted certificate authorities. Inherited from trustedCertificateAuthorityBase. |
| deletedDateTime | DateTimeOffset | Date and time when this object was deleted. Always null when the object hasn't been deleted. Inherited from trustedCertificateAuthorityBase. |
| displayName | String | Friendly name. Supports $filter (eq, in). |
| id | String | The unique identifier for the mutualTlsOauthConfiguration object. Inherited from trustedCertificateAuthorityBase. Supports $filter (eq, in). |
| tlsClientAuthParameter | tlsClientRegistrationMetadata | Specifies the field in the certificate that contains the subject ID. The possible values are: tls_client_auth_subject_dn, tls_client_auth_san_dns, tls_client_auth_san_uri, tls_client_auth_san_ip, tls_client_auth_san_email, unknownFutureValue. |
None.
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.mutualTlsOauthConfiguration",
"certificateAuthorities": [{"@odata.type": "microsoft.graph.certificateAuthority"}],
"deletedDateTime": "String (timestamp)",
"displayName": "String",
"id": "String (identifier)",
"tlsClientAuthParameter": "String"
}