federatedTokenValidationPolicy resource type

  • Article

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Represents a policy to control enabling or disabling validation of federation authentication tokens. It allows matching an on-premises federated account and a mapped Microsoft Entra ID account's root domain. When enabled, Microsoft Entra ID rejects an authentication request if the on-premises federated account and the mapped Microsoft Entra ID account's root domain don't match.

Inherits from directoryObject.

Methods

Method Return type Description
List federatedTokenValidationPolicy collection Get a list of the federatedTokenValidationPolicy objects and their properties.
Get federatedTokenValidationPolicy Read the properties and relationships of a federatedTokenValidationPolicy object.
Update federatedTokenValidationPolicy Update the properties of a federatedTokenValidationPolicy object.

Properties

Property Type Description
deletedDateTime DateTimeOffset Date and time when this object was deleted. Always null when the object wasn't deleted. Inherited from directoryObject.
ID String The unique identifier for the object. Key. Not nullable. Read-only. Inherited from directoryObject.
validatingDomains validatingDomains Verified Microsoft Entra ID domains that Microsoft Entra ID validates that the federated account's root domain matches with the mapped Microsoft Entra account's root domain.

Relationships

None.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.federatedTokenValidationPolicy",
  "id": "String (identifier)",
  "deletedDateTime": "String (timestamp)",
  "validatingDomains": {
    "@odata.type": "microsoft.graph.validatingDomains"
  }
}