objectIdentity resource type

Namespace: microsoft.graph

Represents an identity used to sign in to a user account. An identity can be provided by Microsoft, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account. This enables the user to sign in to the user account with any of those associated identities.

The identities property of the user resource is an objectIdentity object.

Properties

Property Type Description
signInType String Specifies the user sign-in types in your directory, such as emailAddress, userName, federated, or userPrincipalName. federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string.
issuer string Specifies the issuer of the identity, for example facebook.com.
For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.
For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.

Supports $filter. 512 character limit.
issuerAssignedId string Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).
When signInType is set to:
  • emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email address
  • userName, issuerAssignedId must be a valid local part of an email address
Supports $filter. 100 character limit.

Note: When filtering on the identities property, you must supply both issuer and issuerAssignedId.

JSON representation

The following is a JSON representation of the resource.

{
  "signInType": "string",
  "issuer": "string",
  "issuerAssignedId": "string"
}