APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Caution
This identity provider API is deprecated and will stop returning data after March, 2023. Please use the new identity provider API.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
IdentityProvider.ReadWrite.All
Not available.
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
IdentityProvider.ReadWrite.All
Not available.
The work or school account needs to belong to at least the External Identity Provider AdministratorMicrosoft Entra role.
In the request body, provide a JSON representation of identityProvider or openIdConnectProvider (only for Azure AD B2C) object. All the properties listed in the following table are required.
identityProvider object
Property
Type
Description
clientId
String
The client ID for the application. This is the client ID obtained when registering the application with the identity provider.
clientSecret
String
The client secret for the application. This is the client secret obtained when registering the application with the identity provider.
name
String
The display name of the identity provider.
type
String
The identity provider type.
For B2B scenario:GoogleFacebook
For B2C scenario:MicrosoftGoogleAmazonLinkedInFacebookGitHubTwitterWeiboQQWeChatOpenIDConnect
openIdConnectProvider object
Property
Type
Description
clientId
String
The client ID for the application. This is the client ID obtained when registering the application with the identity provider.
clientSecret
String
The client secret for the application. This is the client secret obtained when registering the application with the identity provider.
name
String
The display name of the identity provider.
type
String
The identity provider type. The value must be OpenIdConnect.
The userId and displayname properties are required in the claimsMapping object.
metadataUrl
String
The URL for the metadata document of the OpenID Connect identity provider.
responseMode
String
Defines the method that should be used to send the data back from the custom identity provider to Azure AD B2C. The following response modes can be used:
form_post : This response mode is recommended for best security. The response is transmitted via the HTTP POST method, with the code or token being encoded in the body using the application/x-www-form-urlencoded format.query : The code or token is returned as a query parameter.
responseType
String
Describes what kind of information is sent back in the initial call to the authorization_endpoint of the custom identity provider. The following response types can be used:
code : As per the authorization code flow, a code will be returned back to Azure AD B2C. Azure AD B2C proceeds to call the token_endpoint to exchange the code for the token. id_token : An ID token is returned back to Azure AD B2C from the custom identity provider. token : An access token is returned back to Azure AD B2C from the custom identity provider. (This value is not supported by Azure AD B2C at the moment)
scope
String
Scope defines the information and permissions you are looking to gather from your custom identity provider.
Response
If successful, this method returns a 201 Created response code and identityProvider or openIdConnectProvider (only for Azure AD B2C) object in the response body. If unsuccessful, a 4xx error will be returned with specific details.
POST https://graph.microsoft.com/beta/identityProviders
Content-type: application/json
{
"@odata.type": "microsoft.graph.identityProvider",
"name": "Login with Amazon",
"type": "Amazon",
"clientId": "56433757-cadd-4135-8431-2c9e3fd68ae8",
"clientSecret": "000000000000"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new IdentityProvider
{
OdataType = "microsoft.graph.identityProvider",
Name = "Login with Amazon",
Type = "Amazon",
ClientId = "56433757-cadd-4135-8431-2c9e3fd68ae8",
ClientSecret = "000000000000",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityProviders.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-providers create --body '{\
"@odata.type": "microsoft.graph.identityProvider",\
"name": "Login with Amazon",\
"type": "Amazon",\
"clientId": "56433757-cadd-4135-8431-2c9e3fd68ae8",\
"clientSecret": "000000000000"\
}\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
IdentityProvider identityProvider = new IdentityProvider();
identityProvider.setOdataType("microsoft.graph.identityProvider");
identityProvider.setName("Login with Amazon");
identityProvider.setType("Amazon");
identityProvider.setClientId("56433757-cadd-4135-8431-2c9e3fd68ae8");
identityProvider.setClientSecret("000000000000");
IdentityProvider result = graphClient.identityProviders().post(identityProvider);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\IdentityProvider;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new IdentityProvider();
$requestBody->setOdataType('microsoft.graph.identityProvider');
$requestBody->setName('Login with Amazon');
$requestBody->setType('Amazon');
$requestBody->setClientId('56433757-cadd-4135-8431-2c9e3fd68ae8');
$requestBody->setClientSecret('000000000000');
$result = $graphServiceClient->identityProviders()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
"@odata.type" = "microsoft.graph.identityProvider"
name = "Login with Amazon"
type = "Amazon"
clientId = "56433757-cadd-4135-8431-2c9e3fd68ae8"
clientSecret = "000000000000"
}
New-MgBetaIdentityProvider -BodyParameter $params
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
from msgraph import GraphServiceClient
from msgraph.generated.models.identity_provider import IdentityProvider
graph_client = GraphServiceClient(credentials, scopes)
request_body = IdentityProvider(
odata_type = "microsoft.graph.identityProvider",
name = "Login with Amazon",
type = "Amazon",
client_id = "56433757-cadd-4135-8431-2c9e3fd68ae8",
client_secret = "000000000000",
)
result = await graph_client.identity_providers.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new OpenIdConnectProvider
{
OdataType = "microsoft.graph.openIdConnectProvider",
Name = "Login with the Contoso identity provider",
Type = "OpenIDConnect",
ClientId = "56433757-cadd-4135-8431-2c9e3fd68ae8",
ClientSecret = "12345",
ClaimsMapping = new ClaimsMapping
{
UserId = "myUserId",
GivenName = "myGivenName",
Surname = "mySurname",
Email = "myEmail",
DisplayName = "myDisplayName",
},
DomainHint = "mycustomoidc",
MetadataUrl = "https://mycustomoidc.com/.well-known/openid-configuration",
ResponseMode = OpenIdConnectResponseMode.Form_post,
ResponseType = OpenIdConnectResponseTypes.Code,
Scope = "openid",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityProviders.PostAsync(requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-providers create --body '{\
"@odata.type": "microsoft.graph.openIdConnectProvider",\
"name": "Login with the Contoso identity provider",\
"type": "OpenIDConnect",\
"clientId": "56433757-cadd-4135-8431-2c9e3fd68ae8",\
"clientSecret": "12345",\
"claimsMapping": {\
"userId": "myUserId",\
"givenName": "myGivenName",\
"surname": "mySurname",\
"email": "myEmail",\
"displayName": "myDisplayName"\
},\
"domainHint": "mycustomoidc",\
"metadataUrl": "https://mycustomoidc.com/.well-known/openid-configuration",\
"responseMode": "form_post",\
"responseType": "code",\
"scope": "openid"\
}\
\
'
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
OpenIdConnectProvider identityProvider = new OpenIdConnectProvider();
identityProvider.setOdataType("microsoft.graph.openIdConnectProvider");
identityProvider.setName("Login with the Contoso identity provider");
identityProvider.setType("OpenIDConnect");
identityProvider.setClientId("56433757-cadd-4135-8431-2c9e3fd68ae8");
identityProvider.setClientSecret("12345");
ClaimsMapping claimsMapping = new ClaimsMapping();
claimsMapping.setUserId("myUserId");
claimsMapping.setGivenName("myGivenName");
claimsMapping.setSurname("mySurname");
claimsMapping.setEmail("myEmail");
claimsMapping.setDisplayName("myDisplayName");
identityProvider.setClaimsMapping(claimsMapping);
identityProvider.setDomainHint("mycustomoidc");
identityProvider.setMetadataUrl("https://mycustomoidc.com/.well-known/openid-configuration");
identityProvider.setResponseMode(OpenIdConnectResponseMode.Form_post);
identityProvider.setResponseType(EnumSet.of(OpenIdConnectResponseTypes.Code));
identityProvider.setScope("openid");
IdentityProvider result = graphClient.identityProviders().post(identityProvider);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\OpenIdConnectProvider;
use Microsoft\Graph\Generated\Models\ClaimsMapping;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new OpenIdConnectProvider();
$requestBody->setOdataType('microsoft.graph.openIdConnectProvider');
$requestBody->setName('Login with the Contoso identity provider');
$requestBody->setType('OpenIDConnect');
$requestBody->setClientId('56433757-cadd-4135-8431-2c9e3fd68ae8');
$requestBody->setClientSecret('12345');
$claimsMapping = new ClaimsMapping();
$claimsMapping->setUserId('myUserId');
$claimsMapping->setGivenName('myGivenName');
$claimsMapping->setSurname('mySurname');
$claimsMapping->setEmail('myEmail');
$claimsMapping->setDisplayName('myDisplayName');
$requestBody->setClaimsMapping($claimsMapping);
$requestBody->setDomainHint('mycustomoidc');
$requestBody->setMetadataUrl('https://mycustomoidc.com/.well-known/openid-configuration');
$requestBody->setResponseMode(new OpenIdConnectResponseMode('form_post'));
$requestBody->setResponseType(new OpenIdConnectResponseTypes('code'));
$requestBody->setScope('openid');
$result = $graphServiceClient->identityProviders()->post($requestBody)->wait();
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
from msgraph import GraphServiceClient
from msgraph.generated.models.open_id_connect_provider import OpenIdConnectProvider
from msgraph.generated.models.claims_mapping import ClaimsMapping
graph_client = GraphServiceClient(credentials, scopes)
request_body = OpenIdConnectProvider(
odata_type = "microsoft.graph.openIdConnectProvider",
name = "Login with the Contoso identity provider",
type = "OpenIDConnect",
client_id = "56433757-cadd-4135-8431-2c9e3fd68ae8",
client_secret = "12345",
claims_mapping = ClaimsMapping(
user_id = "myUserId",
given_name = "myGivenName",
surname = "mySurname",
email = "myEmail",
display_name = "myDisplayName",
),
domain_hint = "mycustomoidc",
metadata_url = "https://mycustomoidc.com/.well-known/openid-configuration",
response_mode = OpenIdConnectResponseMode.Form_post,
response_type = OpenIdConnectResponseTypes.Code,
scope = "openid",
)
result = await graph_client.identity_providers.post(request_body)
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.