New-AzADAppCredential

Is this page helpful?

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Module:

Az.Resources

Adds a credential to an existing application.

Warning

There are upcoming breaking changes in this cmdlet. These changes are currently in preview with Az.Resources version 5.0.0-preview. They will become generally available with our next major release of the Az PowerShell module, version 7.x in December of 2021. For more information, see Azure AD to Microsoft Graph migration changes in Azure PowerShell.

Note

This is the previous version of our documentation. Please consult the most recent version for up-to-date information.

Syntax

New-AzADAppCredential
   -ObjectId <String>
   -Password <SecureString>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-CustomKeyIdentifier <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADAppCredential
   -ObjectId <String>
   -CertValue <String>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-CustomKeyIdentifier <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADAppCredential
   -ApplicationId <Guid>
   -CertValue <String>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-CustomKeyIdentifier <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADAppCredential
   -ApplicationId <Guid>
   -Password <SecureString>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-CustomKeyIdentifier <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADAppCredential
   -DisplayName <String>
   -Password <SecureString>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-CustomKeyIdentifier <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADAppCredential
   -DisplayName <String>
   -CertValue <String>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-CustomKeyIdentifier <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADAppCredential
   -ApplicationObject <PSADApplication>
   -CertValue <String>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-CustomKeyIdentifier <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

New-AzADAppCredential
   -ApplicationObject <PSADApplication>
   -Password <SecureString>
   [-StartDate <DateTime>]
   [-EndDate <DateTime>]
   [-CustomKeyIdentifier <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzADAppCredential cmdlet can be used to add a new credential or to roll credentials for an application. The application is identified by supplying either the application object id or application Id.

Examples

Example 1 - Create a new application credential using a password

PS C:\> $SecureStringPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force
PS C:\> New-AzADAppCredential -ObjectId 1f89cf81-0146-4f4e-beae-2007d0668416 -Password $SecureStringPassword

A new password credential is added to the existing application with object id '1f89cf81-0146-4f4e-beae-2007d0668416'.

Example 2 - Create a new application credential using a certificate

PS C:\> $cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\myapp.cer")
PS C:\> $binCert = $cer.GetRawCertData()
PS C:\> $credValue = [System.Convert]::ToBase64String($binCert)
PS C:\> New-AzADAppCredential -ApplicationId 4589cd6b-3d79-4bb4-93b8-a0b99f3bfc58 -CertValue $credValue -StartDate $cer.NotBefore -EndDate $cer.NotAfter

The supplied base64 encoded public X509 certificate ("myapp.cer") is added to the existing application with application id '4589cd6b-3d79-4bb4-93b8-a0b99f3bfc58'.

Example 3 - Create a new application credential using piping

PS C:\> $SecureStringPassword = ConvertTo-SecureString -String "password" -AsPlainText -Force
PS C:\> Get-AzADApplication -ObjectId 1f89cf81-0146-4f4e-beae-2007d0668416 | New-AzADAppCredential -Password $SecureStringPassword

Gets the application with object id '1f89cf81-0146-4f4e-beae-2007d0668416' and pipes that to the New-AzADAppCredential to create a new application credential for that application with the given password.

Parameters

-ApplicationId

The application id of the application to add the credentials to.

Type:	Guid
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-ApplicationObject

The application object to add the credentials to.

Type:	PSADApplication
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-CertValue

The value of the "asymmetric" credential type. It represents the base 64 encoded certificate.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:	SwitchParameter
Aliases:	cf
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-CustomKeyIdentifier

Custom Key Identifier

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:	IAzureContextContainer
Aliases:	AzContext, AzureRmContext, AzureCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DisplayName

The display name of the application.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-EndDate

The effective end date of the credential usage. The default end date value is one year from today. For an "asymmetric" type credential, this must be set to on or before the date that the X509 certificate is valid.

Type:	DateTime
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-ObjectId

The object id of the application to add the credentials to.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-Password

The password to be associated with the application.

Type:	SecureString
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-StartDate

The effective start date of the credential usage. The default start date value is today. For an "asymmetric" type credential, this must be set to on or after the date that the X509 certificate is valid from.

Type:	DateTime
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:	SwitchParameter
Aliases:	wi
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

String

Guid

PSADApplication

SecureString

DateTime

Outputs

PSADCredential

Related Links

• Get-AzADAppCredential
• Remove-AzADAppCredential
• Get-AzADApplication