![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 20%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,511 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Thank you for reaching out to the community forum!
I understand that you would like to know the usage property of the KeyCredential object in Microsoft Graph API.
The correct types for key credentials in the context of adding a new application key credential are AsymmetricX509Cert and X509CertAndPassword.
The AsymmetricX509Cert is generally used for verification purposes, The usage for this type must be Verify. While X509CertAndPassword can be used for signing, as indicated by the need to include a password, the usage for this type must be Sign.
When a user authenticates with Azure AD, they receive an access token that contains their identity information. You can use the KeyCredential object with the "Sign" usage to sign this token, which creates a digital signature that can be verified by the application's backend. This provides an additional layer of security, as the backend can verify that the token was signed by a trusted source.
Hope this helps. Do let us know if you any further queries.
Thanks,
Akhilesh.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.