Microsoft Graph Identity
Microsoft Graph Identity is the set of Microsoft Graph APIs that expose identity and access capabilities of Microsoft Entra ID (formerly Azure Active Directory) and related services.
OpenAPI Specification
openapi: 3.1.0
info:
title: Microsoft Graph Identity
description: Needs a description.
paths:
/identity:
description: Provides operations to manage the identityContainer singleton.
get:
tags:
- identity.identityContainer
summary: Microsoft Graph Get identity
operationId: identity.identityContainer.GetIdentityContainer
parameters:
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
description: Retrieved entity
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.identityContainer'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
patch:
tags:
- identity.identityContainer
summary: Microsoft Graph Update identity
operationId: identity.identityContainer.UpdateIdentityContainer
requestBody:
description: New property values
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.identityContainer'
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.identityContainer'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
/identity/apiConnectors:
description: >-
Provides operations to manage the apiConnectors property of the
microsoft.graph.identityContainer entity.
get:
tags:
- identity.identityApiConnector
summary: Microsoft Graph List identityApiConnectors
description: Read the properties of an identityApiConnector object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identityapiconnector-list?view=graph-rest-1.0
operationId: identity.ListApiConnectors
parameters:
- $ref: '#/components/parameters/top'
- $ref: '#/components/parameters/skip'
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
- $ref: '#/components/parameters/count'
- name: $orderby
in: query
description: Order items by property values
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
$ref: >-
#/components/responses/microsoft.graph.identityApiConnectorCollectionResponse
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-pageable:
nextLinkName: '@odata.nextLink'
operationName: listMore
x-ms-docs-operation-type: operation
post:
tags:
- identity.identityApiConnector
summary: Microsoft Graph Create identityApiConnector
description: Create a new identityApiConnector object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identityapiconnector-create?view=graph-rest-1.0
operationId: identity.CreateApiConnectors
requestBody:
description: New navigation property
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.identityApiConnector'
required: true
responses:
2XX:
description: Created navigation property.
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.identityApiConnector'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
/identity/apiConnectors/{identityApiConnector-id}:
description: >-
Provides operations to manage the apiConnectors property of the
microsoft.graph.identityContainer entity.
get:
tags:
- identity.identityApiConnector
summary: Microsoft Graph Get identityApiConnector
description: Read the properties of an identityApiConnector object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identityapiconnector-get?view=graph-rest-1.0
operationId: identity.GetApiConnectors
parameters:
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
description: Retrieved navigation property
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.identityApiConnector'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
patch:
tags:
- identity.identityApiConnector
summary: Microsoft Graph Update identityApiConnector
description: Update the properties of an identityApiConnector object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identityapiconnector-update?view=graph-rest-1.0
operationId: identity.UpdateApiConnectors
requestBody:
description: New navigation property values
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.identityApiConnector'
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.identityApiConnector'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
delete:
tags:
- identity.identityApiConnector
summary: Microsoft Graph Delete identityApiConnector
description: Delete an identityApiConnector object.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identityapiconnector-delete?view=graph-rest-1.0
operationId: identity.DeleteApiConnectors
parameters:
- name: If-Match
in: header
description: ETag
schema:
type: string
responses:
'204':
description: Success
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
parameters:
- name: identityApiConnector-id
in: path
description: The unique identifier of identityApiConnector
required: true
schema:
type: string
x-ms-docs-key-type: identityApiConnector
/identity/apiConnectors/{identityApiConnector-id}/uploadClientCertificate:
description: Provides operations to call the uploadClientCertificate method.
post:
tags:
- identity.identityApiConnector
summary: Microsoft Graph Invoke action uploadClientCertificate
description: >-
Upload a PKCS 12 format key (.pfx) to an API connector's authentication
configuration. The input is a base-64 encoded value of the PKCS 12
certificate contents. This method returns an apiConnector.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identityapiconnector-uploadclientcertificate?view=graph-rest-1.0
operationId: identity.apiConnectors.identityApiConnector.uploadClientCertificate
requestBody:
description: Action parameters
content:
application/json:
schema:
type: object
properties:
pkcs12Value:
type: string
nullable: true
password:
type: string
nullable: true
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
anyOf:
- $ref: '#/components/schemas/microsoft.graph.identityApiConnector'
- type: object
nullable: true
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: action
parameters:
- name: identityApiConnector-id
in: path
description: The unique identifier of identityApiConnector
required: true
schema:
type: string
x-ms-docs-key-type: identityApiConnector
x-ms-docs-grouped-path:
- >-
/identity/b2xUserFlows/{b2xIdentityUserFlow-id}/apiConnectorConfiguration/postAttributeCollection/uploadClientCertificate
- >-
/identity/b2xUserFlows/{b2xIdentityUserFlow-id}/apiConnectorConfiguration/postFederationSignup/uploadClientCertificate
/identity/apiConnectors/$count:
description: Provides operations to count the resources in the collection.
get:
tags:
- identity.identityApiConnector
summary: Microsoft Graph Get the number of the resource
operationId: identity.apiConnectors.GetCount-7133
parameters:
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
responses:
2XX:
$ref: '#/components/responses/ODataCountResponse'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
/identity/authenticationEventListeners:
description: >-
Provides operations to manage the authenticationEventListeners property of
the microsoft.graph.identityContainer entity.
get:
tags:
- identity.authenticationEventListener
summary: Microsoft Graph List authenticationEventListeners
description: >-
Get a list of the authenticationEventListener objects and their
properties. The following derived types are supported:
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identitycontainer-list-authenticationeventlisteners?view=graph-rest-1.0
operationId: identity.ListAuthenticationEventListeners
parameters:
- $ref: '#/components/parameters/top'
- $ref: '#/components/parameters/skip'
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
- $ref: '#/components/parameters/count'
- name: $orderby
in: query
description: Order items by property values
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
$ref: >-
#/components/responses/microsoft.graph.authenticationEventListenerCollectionResponse
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-pageable:
nextLinkName: '@odata.nextLink'
operationName: listMore
x-ms-docs-operation-type: operation
post:
tags:
- identity.authenticationEventListener
summary: Microsoft Graph Create authenticationEventListener
description: >-
Create a new authenticationEventListener object. You can create one of
the following subtypes that are derived from
authenticationEventListener.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identitycontainer-post-authenticationeventlisteners?view=graph-rest-1.0
operationId: identity.CreateAuthenticationEventListeners
requestBody:
description: New navigation property
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.authenticationEventListener'
required: true
responses:
2XX:
description: Created navigation property.
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationEventListener
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
/identity/authenticationEventListeners/{authenticationEventListener-id}:
description: >-
Provides operations to manage the authenticationEventListeners property of
the microsoft.graph.identityContainer entity.
get:
tags:
- identity.authenticationEventListener
summary: Microsoft Graph Get authenticationEventListener
description: >-
Read the properties and relationships of an authenticationEventListener
object. The @odata.type property in the response object indicates the
type of the authenticationEventListener object. The following derived
types are currently supported.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationeventlistener-get?view=graph-rest-1.0
operationId: identity.GetAuthenticationEventListeners
parameters:
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
description: Retrieved navigation property
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationEventListener
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
patch:
tags:
- identity.authenticationEventListener
summary: Microsoft Graph Update authenticationEventListener
description: >-
Update the properties of an authenticationEventListener object. You must
specify the @odata.type property and the value of the
authenticationEventListener object type to update. The following derived
types are currently supported.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationeventlistener-update?view=graph-rest-1.0
operationId: identity.UpdateAuthenticationEventListeners
requestBody:
description: New navigation property values
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.authenticationEventListener'
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
$ref: >-
#/components/schemas/microsoft.graph.authenticationEventListener
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
delete:
tags:
- identity.authenticationEventListener
summary: Microsoft Graph Delete authenticationEventListener
description: >-
Delete an authenticationEventListener object. The following derived
types are currently supported.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationeventlistener-delete?view=graph-rest-1.0
operationId: identity.DeleteAuthenticationEventListeners
parameters:
- name: If-Match
in: header
description: ETag
schema:
type: string
responses:
'204':
description: Success
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
parameters:
- name: authenticationEventListener-id
in: path
description: The unique identifier of authenticationEventListener
required: true
schema:
type: string
x-ms-docs-key-type: authenticationEventListener
/identity/authenticationEventListeners/$count:
description: Provides operations to count the resources in the collection.
get:
tags:
- identity.authenticationEventListener
summary: Microsoft Graph Get the number of the resource
operationId: identity.authenticationEventListeners.GetCount-3038
parameters:
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
responses:
2XX:
$ref: '#/components/responses/ODataCountResponse'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
/identity/authenticationEventsFlows:
description: >-
Provides operations to manage the authenticationEventsFlows property of
the microsoft.graph.identityContainer entity.
get:
tags:
- identity.authenticationEventsFlow
summary: Microsoft Graph List authenticationEventsFlows
description: "Get a collection of authentication events policies that are derived from authenticationEventsFlow. The following derived subtypes are supported: \r\n- externalUsersSelfServiceSignupEventsFlow"
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identitycontainer-list-authenticationeventsflows?view=graph-rest-1.0
operationId: identity.ListAuthenticationEventsFlows
parameters:
- $ref: '#/components/parameters/top'
- $ref: '#/components/parameters/skip'
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
- $ref: '#/components/parameters/count'
- name: $orderby
in: query
description: Order items by property values
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
$ref: >-
#/components/responses/microsoft.graph.authenticationEventsFlowCollectionResponse
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-pageable:
nextLinkName: '@odata.nextLink'
operationName: listMore
x-ms-docs-operation-type: operation
post:
tags:
- identity.authenticationEventsFlow
summary: Microsoft Graph Create authenticationEventsFlow
description: "Create a new authenticationEventsFlow object that is of the type specified in the request body. The following derived subtypes are supported:\r\n- externalUsersSelfServiceSignupEventsFlow object type."
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/identitycontainer-post-authenticationeventsflows?view=graph-rest-1.0
operationId: identity.CreateAuthenticationEventsFlows
requestBody:
description: New navigation property
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.authenticationEventsFlow'
required: true
responses:
2XX:
description: Created navigation property.
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.authenticationEventsFlow'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
/identity/authenticationEventsFlows/{authenticationEventsFlow-id}:
description: >-
Provides operations to manage the authenticationEventsFlows property of
the microsoft.graph.identityContainer entity.
get:
tags:
- identity.authenticationEventsFlow
summary: Microsoft Graph Get authenticationEventsFlow
description: "Retrieve the properties and relationships of a specific authenticationEventsFlow object by ID. The @odata.type property in the response object indicates the type of the object, which can be one of the following derived subtypes:\r\n- externalUsersSelfServiceSignupEventsFlow"
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationeventsflow-get?view=graph-rest-1.0
operationId: identity.GetAuthenticationEventsFlows
parameters:
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
description: Retrieved navigation property
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.authenticationEventsFlow'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
patch:
tags:
- identity.authenticationEventsFlow
summary: Microsoft Graph Update authenticationEventsFlow
description: "Update the properties of an authenticationEventsFlow object by ID. You must specify the @odata.type property and the value of the authenticationEventsFlow object type to update. The following derived subtypes are supported:\r\n- externalUsersSelfServiceSignupEventsFlow"
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationeventsflow-update?view=graph-rest-1.0
operationId: identity.UpdateAuthenticationEventsFlows
requestBody:
description: New navigation property values
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.authenticationEventsFlow'
required: true
responses:
2XX:
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.authenticationEventsFlow'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
delete:
tags:
- identity.authenticationEventsFlow
summary: Microsoft Graph Delete authenticationEventsFlow
description: "Delete a specific authenticationEventsFlow resource by ID. This operation also removes or unlinks all applications from the flow, which disables the customized authentication experience defined for the application. The following derived subtypes are supported:\r\n- externalUsersSelfServiceSignupEventsFlow"
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationeventsflow-delete?view=graph-rest-1.0
operationId: identity.DeleteAuthenticationEventsFlows
parameters:
- name: If-Match
in: header
description: ETag
schema:
type: string
responses:
'204':
description: Success
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-docs-operation-type: operation
parameters:
- name: authenticationEventsFlow-id
in: path
description: The unique identifier of authenticationEventsFlow
required: true
schema:
type: string
x-ms-docs-key-type: authenticationEventsFlow
/identity/authenticationEventsFlows/{authenticationEventsFlow-id}/conditions:
get:
tags:
- identity.authenticationEventsFlow
summary: Microsoft Graph Get conditions property value
description: >-
The conditions representing the context of the authentication request
that's used to decide whether the events policy is invoked. Supports
$filter (eq). See support for filtering on user flows for syntax
information.
operationId: identity.authenticationEventsFlows.GetConditions
parameters:
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
description: Entity result.
content:
application/json:
schema:
$ref: '#/components/schemas/microsoft.graph.authenticationConditions'
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
parameters:
- name: authenticationEventsFlow-id
in: path
description: The unique identifier of authenticationEventsFlow
required: true
schema:
type: string
x-ms-docs-key-type: authenticationEventsFlow
/identity/authenticationEventsFlows/{authenticationEventsFlow-id}/conditions/applications/includeApplications:
description: >-
Provides operations to manage the includeApplications property of the
microsoft.graph.authenticationConditionsApplications entity.
get:
tags:
- identity.authenticationEventsFlow
summary: Microsoft Graph List includeApplications (for a user flow)
description: >-
List the applications linked to an external identities self-service sign
up user flow that's represented by an
externalUsersSelfServiceSignupEventsFlow object. These are the
applications for which the authentication experience that's defined by
the user flow is enabled. To find the user flow that's linked to an
application, see Example 4: List user flow associated with specific
application ID.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationconditionsapplications-list-includeapplications?view=graph-rest-1.0
operationId: identity.authenticationEventsFlows.ListIncludeApplications
parameters:
- $ref: '#/components/parameters/top'
- $ref: '#/components/parameters/skip'
- $ref: '#/components/parameters/search'
- $ref: '#/components/parameters/filter'
- $ref: '#/components/parameters/count'
- name: $orderby
in: query
description: Order items by property values
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $select
in: query
description: Select properties to be returned
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
- name: $expand
in: query
description: Expand related entities
style: form
explode: false
schema:
uniqueItems: true
type: array
items:
type: string
responses:
2XX:
$ref: >-
#/components/responses/microsoft.graph.authenticationConditionApplicationCollectionResponse
4XX:
$ref: '#/components/responses/error'
5XX:
$ref: '#/components/responses/error'
x-ms-pageable:
nextLinkName: '@odata.nextLink'
operationName: listMore
x-ms-docs-operation-type: operation
post:
tags:
- identity.authenticationEventsFlow
summary: Microsoft Graph Add includeApplication (to a user flow)
description: >-
Add or link an application to a user flow, or authenticationEventsFlow.
This enables the authentication experience defined by the user flow to
be enabled for the application. An application can only be linked to one
user flow. The app must have an associated service principal in the
tenant.
externalDocs:
description: Find more info here
url: >-
https://learn.microsoft.com/graph/api/authenticationconditionsapplications-post-incl
# --- truncated at 32 KB (3831 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/microsoft-graph/refs/heads/main/openapi/identity-openapi-original.yml