az ad app federated-credential

Manage application federated identity credentials.

Commands

Name	Description	Type	Status
az ad app federated-credential create	Create application federated identity credential.	Core	GA
az ad app federated-credential delete	Delete application federated identity credential.	Core	GA
az ad app federated-credential list	List application federated identity credentials.	Core	GA
az ad app federated-credential show	Show application federated identity credential.	Core	GA
az ad app federated-credential update	Update application federated identity credential.	Core	GA

az ad app federated-credential create

Create application federated identity credential.

az ad app federated-credential create --id
                                      --parameters

Examples

Create application federated identity credential.

az ad app federated-credential create --id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --parameters credential.json
("credential.json" contains the following content)
{
    "name": "Testing",
    "issuer": "https://token.actions.githubusercontent.com/",
    "subject": "repo:octo-org/octo-repo:environment:Production",
    "description": "Testing",
    "audiences": [
        "api://AzureADTokenExchange"
    ]
}

Required Parameters

--id

Application's appId, identifierUri, or id (formerly known as objectId).

--parameters

Parameters for creating federated identity credential. Should be JSON file path or in-line JSON string. See examples for details.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az ad app federated-credential delete

Delete application federated identity credential.

az ad app federated-credential delete --federated-credential-id
                                      --id

Examples

Delete application federated identity credential.

az ad app federated-credential delete --id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --federated-credential-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Required Parameters

--federated-credential-id

ID or name of the federated identity credential.

--id

Application's appId, identifierUri, or id (formerly known as objectId).

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az ad app federated-credential list

List application federated identity credentials.

az ad app federated-credential list --id

Examples

List application federated identity credentials.

az ad app federated-credential list --id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Required Parameters

--id

Application's appId, identifierUri, or id (formerly known as objectId).

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az ad app federated-credential show

Show application federated identity credential.

az ad app federated-credential show --federated-credential-id
                                    --id

Examples

Show application federated identity credential with id

az ad app federated-credential show --id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --federated-credential-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Show application federated identity credential with name

az ad app federated-credential show --id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --federated-credential-id Testing

Required Parameters

--federated-credential-id

ID or name of the federated identity credential.

--id

Application's appId, identifierUri, or id (formerly known as objectId).

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az ad app federated-credential update

Update application federated identity credential.

az ad app federated-credential update --federated-credential-id
                                      --id
                                      --parameters

Examples

Update application federated identity credential. Note that 'name' property cannot be changed.

az ad app federated-credential update --id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --federated-credential-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx --parameters credential.json
("credential.json" contains the following content)
{
    "issuer": "https://token.actions.githubusercontent.com/",
    "subject": "repo:octo-org/octo-repo:environment:Production",
    "description": "Updated description",
    "audiences": [
        "api://AzureADTokenExchange"
    ]
}

Required Parameters

--federated-credential-id

ID or name of the federated identity credential.

--id

Application's appId, identifierUri, or id (formerly known as objectId).

--parameters

Parameters for creating federated identity credential. Should be JSON file path or in-line JSON string. See examples for details.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

accepted values: json, jsonc, none, table, tsv, yaml, yamlc

default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.