tokenIssuancePolicy resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the policy to specify the characteristics of SAML tokens issued by Microsoft Entra ID. You can use token-issuance policies to:
- Set signing options
- Set signing algorithm
- Set SAML token version
Inherits from stsPolicy.
Methods
| Method | Return Type | Description |
|---|---|---|
| Create tokenIssuancePolicy | tokenIssuancePolicy | Create a tokenIssuancePolicy object. |
| Get tokenIssuancePolicy | tokenIssuancePolicy | Read properties and relationships of a tokenIssuancePolicy object. |
| List tokenIssuancePolicy | tokenIssuancePolicy | Read properties and relationships of tokenIssuancePolicy objects. |
| Update tokenIssuancePolicy | None | Update a tokenIssuancePolicy object. |
| Delete tokenIssuancePolicy | None | Delete a tokenIssuancePolicy object. |
| List appliesTo | directoryObject collection | Get the list of directoryObjects that this policy has been applied to. |
Properties
| Property | Type | Description |
|---|---|---|
| id | String | Unique identifier for this policy. Read-only. |
| definition | String collection | A string collection containing a JSON string that defines the rules and settings for this policy. See below for more details about the JSON schema for this property. Required. |
| description | String | Description for this policy. |
| displayName | String | Display name for this policy. Required. |
| isOrganizationDefault | Boolean | Ignore this property. The token-issuance policy can only be applied to service principals and can't be set globally for the organization. |
Properties of a token issuance policy definition
The properties form the JSON object that represents a token issuance policy. This JSON object must be converted to a string with quotations escaped to be inserted into the definition property. The following is an example in JSON format:
"definition": [
"{ \"TokenIssuancePolicy\":{\"TokenResponseSigningPolicy\":\"TokenOnly\",\"SamlTokenVersion\":\"1.1\",\"SigningAlgorithm\":\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\",\"Version\":\"1\",\"EmitSAMLNameFormat\": \"true\"}}"
]
| Property | Type | Description |
|---|---|---|
| TokenResponseSigningPolicy | String | Represents the certificate signing options available in Microsoft Entra ID. Supported values are: ResponseOnly, TokenOnly, ResponseAndToken. |
| SamlTokenVersion | String | Version of the SAML token. Supported values are: 1.1, 2.0. |
| SigningAlgorithm | String | Signing algorithm use by Microsoft Entra ID to sign the SAML token. Supported values are: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256, http://www.w3.org/2000/09/xmldsig#rsa-sha1. |
| Version | Integer | Set value of 1. Required. |
| EmitSamlNameFormat | Boolean | If selected, Microsoft Entra ID will add an additional attribute called "NameFormat" that describes the format of the name to restricted, core, and optional claims for this application. Learn more |
Relationships
| Relationship | Type | Description |
|---|---|---|
| appliesTo | directoryObject collection | The directoryObject collection that this policy has been applied to. Read-only. |
JSON representation
The following is a JSON representation of the resource.
{
"definition": ["String"],
"description": "String",
"displayName": "String",
"id": "String (identifier)",
"isOrganizationDefault": true,
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for