| title | Update federatedIdentityCredential |
|---|---|
| description | Update the properties of a federatedIdentityCredential object assigned to an application. |
| author | nickludwig |
| ms.localizationpriority | medium |
| ms.subservice | entra-applications |
| doc_type | apiPageType |
| ms.date | 04/04/2024 |
Namespace: microsoft.graph
Update the properties of a federatedIdentityCredential object assigned to an application.
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE rbac-apps-serviceprincipal-creds-apis]
You can address the application using either its id or appId. id and appId are referred to as the Object ID and Application (Client) ID, respectively, in app registrations in the Microsoft Entra admin center.
You can also address the federated identity credential with either its id or name.
PATCH /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialId}
PATCH /applications/{id}/federatedIdentityCredentials/{federatedIdentityCredentialName}
PATCH /applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialId}
PATCH /applications(appId='{appId}')/federatedIdentityCredentials/{federatedIdentityCredentialName}| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
[!INCLUDE table-intro]
| Property | Type | Description |
|---|---|---|
| audiences | String collection | The audience that can appear in the issued token. For Microsoft Entra ID, set its value to api://AzureADTokenExchange. This field can only accept a single value and has a limit of 600 characters. |
| description | String | A user-provided description of what the federatedIdentityCredential is used for. It has a limit of 600 characters. |
| issuer | String | The URL of the incoming trusted issuer (Secure Token Service). Matches the issuer claim of an access token. For example, with the Customer Managed Keys scenario, Microsoft Entra ID is the issuer and a valid value would be https://login.microsoftonline.com/{tenantid}/v2.0. The combination of the values of issuer and subject must be unique on the app. It has a limit of 600 characters. |
| subject | String | objectId of the servicePrincipal (can represent a managed identity) that can impersonate the app. The object associated with this GUID needs to exist in the tenant.The combination of the values of issuer and subject must be unique on the app. It has a limit of 600 characters. |
If successful, this method returns a 204 No Content response code.
PATCH https://graph.microsoft.com/v1.0/applications/bcd7c908-1c4d-4d48-93ee-ff38349a75c8/federatedIdentityCredentials/15be77d1-1940-43fe-8aae-94a78e078da0
Content-Type: application/json
{
"name": "testing02",
"issuer": "https://login.microsoftonline.com/3d1e2be9-a10a-4a0c-8380-7ce190f98ed9/v2.0",
"subject": "a7d388c3-5e3f-4959-ac7d-786b3383006a",
"description": "Updated description",
"audiences": [
"api://AzureADTokenExchange"
]
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
HTTP/1.1 204 No Content