objectIdentity resource type

Represents an identity used to sign in to a user account. An identity can be provided by Microsoft, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account. This enables the user to sign in to the user account with any of those associated identities.

The identities property of the user resource is an objectIdentity object.


Property Type Description
signInType string Specifies the user sign-in types in your directory, such as emailAddress, userName or federated. Here, federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string.
issuer string Specifies the issuer of the identity, for example facebook.com.
For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.
For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.

Supports $filter. 512 character limit.
issuerAssignedId string Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).
When signInType is set to:
  • emailAddress, (or starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email address
  • userName, issuerAssignedId must be a valid local part of an email address
Supports $filter. 512 character limit.

JSON representation

The following is a JSON representation of the resource.

  "signInType": "string",
  "issuer": "string",
  "issuerAssignedId": "string"