AADVerifiedIdAuthorityContract¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| id | Write | String | Id of the Verified ID Authority Contract. | |
| linkedDomainUrl | Key | String | URL of the linked domain of the authority. | |
| authorityId | Write | String | Id of the Verified ID Authority. | |
| name | Key | String | Name of the Verified ID Authority Contract. | |
| displays | Write | MSFT_AADVerifiedIdAuthorityContractDisplayModel[] | Display settings of the Authority Contract. | |
| rules | Write | MSFT_AADVerifiedIdAuthorityContractRulesModel | Rules settings of the Authority Contract. | |
| Ensure | Write | String | Present ensures the policy exists, absent ensures it is removed. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| ApplicationSecret | Write | PSCredential | Secret of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| ManagedIdentity | Write | Boolean | Managed ID being used for authentication. | |
| AccessTokens | Write | StringArray[] | Access token used for authentication. |
MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| uri | Write | String | URI of the logo. If this is a URL, it must be reachable over the public internet anonymously. | |
| description | Write | String | Description of the logo. |
MSFT_AADVerifiedIdAuthorityContractDisplayCard¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| title | Write | String | Title of the credential. | |
| issuedBy | Write | String | The name of the issuer of the credential. | |
| backgroundColor | Write | String | Background color of the credential in hex, for example, #FFAABB. | |
| textColor | Write | String | Text color of the credential in hex, for example, #FFAABB. | |
| description | Write | String | Supplemental text displayed alongside each credential. | |
| logo | Write | MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo | The logo to use for the credential. |
MSFT_AADVerifiedIdAuthorityContractDisplayConsent¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| title | Write | String | Title of the consent. | |
| instructions | Write | String | Supplemental text to use when displaying consent. |
MSFT_AADVerifiedIdAuthorityContractDisplayClaims¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| label | Write | String | The label of the claim in display. | |
| claim | Write | String | The name of the claim to which the label applies. | |
| type | Write | String | The type of the claim. | |
| description | Write | String | The description of the claim. |
MSFT_AADVerifiedIdAuthorityContractDisplayModel¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| locale | Write | String | The locale of this display. | |
| card | Write | MSFT_AADVerifiedIdAuthorityContractDisplayCard | The display properties of the verifiable credential. | |
| consent | Write | MSFT_AADVerifiedIdAuthorityContractDisplayConsent | Supplemental data when the verifiable credential is issued. | |
| claims | Write | MSFT_AADVerifiedIdAuthorityContractDisplayClaims[] | Labels for the claims included in the verifiable credential. |
MSFT_AADVerifiedIdAuthorityContractClaimMapping¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| inputClaim | Write | String | The name of the claim to use from the input. | |
| outputClaim | Write | String | The name of the claim in the verifiable credential. | |
| indexed | Write | Boolean | Indicating whether the value of this claim is used for searching. | |
| required | Write | Boolean | Indicating whether this mapping is required or not. | |
| type | Write | String | Type of claim. |
MSFT_AADVerifiedIdAuthorityContractAttestationValues¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| mapping | Write | MSFT_AADVerifiedIdAuthorityContractClaimMapping[] | Rules to map input claims into output claims in the verifiable credential. | |
| required | Write | Boolean | Indicating whether this attestation is required or not. | |
| trustedIssuers | Write | StringArray[] | A list of DIDs allowed to issue the verifiable credential for this contract. | |
| credentialType | Write | String | Required credential type of the input. | |
| configuration | Write | String | Location of the identity provider's configuration document. | |
| clientId | Write | String | Client ID to use when obtaining the ID token. | |
| redirectUri | Write | String | Redirect URI to use when obtaining the ID token. MUST BE vcclient://openid/ | |
| scopeValue | Write | String | Space delimited list of scopes to use when obtaining the ID token. |
MSFT_AADVerifiedIdAuthorityContractAttestations¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| idTokenHints | Write | MSFT_AADVerifiedIdAuthorityContractAttestationValues[] | Id token hints attestations. | |
| idTokens | Write | MSFT_AADVerifiedIdAuthorityContractAttestationValues[] | Id token attestations. | |
| presentations | Write | MSFT_AADVerifiedIdAuthorityContractAttestationValues[] | Presentations attestations. | |
| selfIssued | Write | MSFT_AADVerifiedIdAuthorityContractAttestationValues[] | Self Issued attestations. | |
| accessTokens | Write | MSFT_AADVerifiedIdAuthorityContractAttestationValues[] | Access Token attestations. |
MSFT_AADVerifiedIdAuthorityContractCustomStatusEndpoint¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| url | Write | String | The URL of the custom status endpoint. | |
| type | Write | String | The type of the endpoint. |
MSFT_AADVerifiedIdAuthorityContractVcType¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| type | Write | StringArray[] | The type of the vc. |
MSFT_AADVerifiedIdAuthorityContractRulesModel¶
Parameters¶
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| attestations | Write | MSFT_AADVerifiedIdAuthorityContractAttestations | Describing supported inputs for the rules. | |
| validityInterval | Write | UInt32 | This value shows the lifespan of the credential. | |
| vc | Write | MSFT_AADVerifiedIdAuthorityContractVcType | Types for this contract. | |
| customStatusEndpoint | Write | MSFT_AADVerifiedIdAuthorityContractCustomStatusEndpoint | Status endpoint to include in the verifiable credential for this contract. |
Description¶
Azure AD Verified Identity Authority Contract Use the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract. Documentation Link: https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts
Permissions¶
Microsoft Graph¶
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions¶
-
Read
- None
-
Update
- None
Application permissions¶
-
Read
- None
-
Update
- None
Examples¶
Example 1¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADVerifiedIdAuthorityContract 'AADVerifiedIdAuthorityContract-Sample Custom Verified Credentials'
{
displays = @(
MSFT_AADVerifiedIdAuthorityContractDisplayModel{
consent = MSFT_AADVerifiedIdAuthorityContractDisplayConsent{
instructions = 'Sign in with your account to get your card.'
title = 'Do you want to get your Verified Credential?'
}
card = MSFT_AADVerifiedIdAuthorityContractDisplayCard{
description = 'Use your verified credential to prove to anyone that you know all about verifiable credentials.'
issuedBy = 'Microsoft'
backgroundColor = '#000000'
textColor = '#ffffff'
logo = MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo{
uri = 'https://didcustomerplayground.z13.web.core.windows.net/VerifiedCredentialExpert_icon.png'
description = 'Verified Credential Expert Logo'
}
title = 'Verified Credential Expert'
}
locale = 'en-US'
claims = @(
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'First name'
claim = 'vc.credentialSubject.firstName'
type = 'String'
}
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'Last name'
claim = 'vc.credentialSubject.lastName'
type = 'String'
}
)
}
);
Ensure = "Present";
linkedDomainUrl = "https://$OrganizationName/";
name = "Sample Custom Verified Credentials";
rules = MSFT_AADVerifiedIdAuthorityContractRulesModel{
validityInterval = 2592000
vc = MSFT_AADVerifiedIdAuthorityContractVcType{
type = @('VerifiedCredentialExpert')
}
attestations = MSFT_AADVerifiedIdAuthorityContractAttestations{
idTokenHints = @(
MSFT_AADVerifiedIdAuthorityContractAttestationValues{
mapping = @(
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.given_name'
indexed = $False
outputClaim = 'firstName'
required = $True
}
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.family_name'
indexed = $True
outputClaim = 'lastName'
required = $True
}
)
required = $False
}
)
}
};
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}
Example 2¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADVerifiedIdAuthorityContract 'AADVerifiedIdAuthorityContract-Sample Custom Verified Credentials'
{
displays = @(
MSFT_AADVerifiedIdAuthorityContractDisplayModel{
consent = MSFT_AADVerifiedIdAuthorityContractDisplayConsent{
instructions = 'Sign in with your account to get your card.'
title = 'Do you want to get your sample Verified Credential?' #drift
}
card = MSFT_AADVerifiedIdAuthorityContractDisplayCard{
description = 'Use your verified credential to prove to anyone that you know all about verifiable credentials.'
issuedBy = 'Microsoft'
backgroundColor = '#000000'
textColor = '#ffffff'
logo = MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo{
uri = 'https://didcustomerplayground.z13.web.core.windows.net/VerifiedCredentialExpert_icon.png'
description = 'Verified Credential Expert Logo'
}
title = 'Verified Credential Expert'
}
locale = 'en-US'
claims = @(
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'First name'
claim = 'vc.credentialSubject.firstName'
type = 'String'
}
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'Last name'
claim = 'vc.credentialSubject.lastName'
type = 'String'
}
)
}
);
Ensure = "Present";
linkedDomainUrl = "https://$OrganizationName/";
name = "Sample Custom Verified Credentials";
rules = MSFT_AADVerifiedIdAuthorityContractRulesModel{
validityInterval = 2592000
vc = MSFT_AADVerifiedIdAuthorityContractVcType{
type = @('VerifiedCredentialExpert')
}
attestations = MSFT_AADVerifiedIdAuthorityContractAttestations{
idTokenHints = @(
MSFT_AADVerifiedIdAuthorityContractAttestationValues{
mapping = @(
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.given_name'
indexed = $False
outputClaim = 'firstName'
required = $True
}
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.family_name'
indexed = $True
outputClaim = 'lastName'
required = $True
}
)
required = $False
}
)
}
};
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}
Example 3¶
This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADVerifiedIdAuthorityContract 'AADVerifiedIdAuthorityContract-Sample Custom Verified Credentials'
{
displays = @(
MSFT_AADVerifiedIdAuthorityContractDisplayModel{
consent = MSFT_AADVerifiedIdAuthorityContractDisplayConsent{
instructions = 'Sign in with your account to get your card.'
title = 'Do you want to get your Verified Credential?'
}
card = MSFT_AADVerifiedIdAuthorityContractDisplayCard{
description = 'Use your verified credential to prove to anyone that you know all about verifiable credentials.'
issuedBy = 'Microsoft'
backgroundColor = '#000000'
textColor = '#ffffff'
logo = MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo{
uri = 'https://didcustomerplayground.z13.web.core.windows.net/VerifiedCredentialExpert_icon.png'
description = 'Verified Credential Expert Logo'
}
title = 'Verified Credential Expert'
}
locale = 'en-US'
claims = @(
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'First name'
claim = 'vc.credentialSubject.firstName'
type = 'String'
}
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'Last name'
claim = 'vc.credentialSubject.lastName'
type = 'String'
}
)
}
);
Ensure = "Absent";
linkedDomainUrl = "https://$OrganizationName/";
name = "Sample Custom Verified Credentials";
rules = MSFT_AADVerifiedIdAuthorityContractRulesModel{
validityInterval = 2592000
vc = MSFT_AADVerifiedIdAuthorityContractVcType{
type = @('VerifiedCredentialExpert')
}
attestations = MSFT_AADVerifiedIdAuthorityContractAttestations{
idTokenHints = @(
MSFT_AADVerifiedIdAuthorityContractAttestationValues{
mapping = @(
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.given_name'
indexed = $False
outputClaim = 'firstName'
required = $True
}
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.family_name'
indexed = $True
outputClaim = 'lastName'
required = $True
}
)
required = $False
}
)
}
};
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}