| title | Update x509CertificateAuthenticationMethodConfiguration |
|---|---|
| description | Update the properties of a x509CertificateAuthenticationMethodConfiguration object. |
| author | vimrang |
| ms.localizationpriority | medium |
| ms.subservice | entra-sign-in |
| doc_type | apiPageType |
| ms.date | 03/10/2024 |
Namespace: microsoft.graph
Update the properties of the X.509 certificate authentication method.
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE rbac-authentication-methods-policy-apis-write]
PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
The following properties can be updated.
| Property | Type | Description |
|---|---|---|
| state | authenticationMethodState | The possible values are: enabled, disabled. Inherited from authenticationMethodConfiguration. |
| certificateUserBindings | x509CertificateUserBinding collection | Defines fields in the X.509 certificate that map to attributes of the Microsoft Entra user object in order to bind the certificate to the user. The priority of the object determines the order in which the binding is carried out. The first binding that matches will be used and the rest ignored. |
| authenticationModeConfiguration | x509CertificateAuthenticationModeConfiguration | Defines strong authentication configurations. This configuration includes the default authentication mode and the different rules for strong authentication bindings. |
| crlValidationConfiguration | x509CertificateCRLValidationConfiguration | Determines whether certificate based authentication should fail if the issuing CA doesn't have a valid certificate revocation list configured. |
Note: The
@odata.typeproperty with a value of#microsoft.graph.x509CertificateAuthenticationMethodConfigurationmust be included in the body.
If successful, this method returns a 204 No Content response code. It doesn't return anything in the response body.
The following is an example of an update request with the following settings:
- Enables the x509 certificate authentication method in the tenant.
- Configures only one user binding between the certificate PrincipalName and the Microsoft Entra ID onPremisesUserPrincipalName properties.
- Defines multi-factor authentication as requirement.
- Configures the binding rules for the strong authentication method against the rule type.
PATCH https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
"id": "X509Certificate",
"state": "enabled",
"certificateUserBindings": [
{
"x509CertificateField": "PrincipalName",
"userProperty": "onPremisesUserPrincipalName",
"priority": 1
}
],
"authenticationModeConfiguration": {
"x509CertificateAuthenticationDefaultMode": "x509CertificateMultiFactor",
"rules": [
{
"x509CertificateRuleType": "issuerSubject",
"identifier": "CN=ContosoCA,DC=Contoso,DC=org ",
"x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
},
{
"x509CertificateRuleType": "policyOID",
"identifier": "1.2.3.4",
"x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
}
]
},
"crlValidationConfiguration": {
"state": "disabled",
"exemptedCertificateAuthoritiesSubjectKeyIdentifiers": []
},
"includeTargets": [
{
"targetType": "group",
"id": "all_users",
"isRegistrationRequired": false
}
]
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
HTTP/1.1 204 No Content