Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Caution
This identity provider API is deprecated and will stop returning data after March, 2023. Please use the new identity provider API.
Update the properties of an identityProvider object.
This API is available in the following national cloud deployments.
| Global service |
US Government L4 |
US Government L5 (DOD) |
China operated by 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
| Permission type |
Least privileged permissions |
Higher privileged permissions |
| Delegated (work or school account) |
IdentityProvider.ReadWrite.All |
Not available. |
| Delegated (personal Microsoft account) |
Not supported. |
Not supported. |
| Application |
IdentityProvider.ReadWrite.All |
Not available. |
Important
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. External Identity Provider Administrator is the least privileged role supported for this operation.
HTTP request
PATCH /identityProviders/{id}
Request body
In the request body, provide a JSON object with one or more properties that need to be updated for an identityProvider or openIdConnectProvider (only for Azure AD B2C) object.
identityProvider object
| Property |
Type |
Description |
| clientId |
String |
The client ID for the application. This is the client ID obtained when registering the application with the identity provider. |
| clientSecret |
String |
The client secret for the application. This is the client secret obtained when registering the application with the identity provider. |
| name |
String |
The display name of the identity provider. |
| type |
String |
The identity provider type.For B2B scenario:- Google
- Facebook
For B2C scenario:- Microsoft
- Google
- Amazon
- LinkedIn
- Facebook
- GitHub
- Twitter
- Weibo
- QQ
- WeChat
- OpenIDConnect
|
openIdConnectProvider object
| Property |
Type |
Description |
| clientId |
String |
The client ID for the application. This is the client ID obtained when registering the application with the identity provider. |
| clientSecret |
String |
The client secret for the application. This is the client secret obtained when registering the application with the identity provider. |
| name |
String |
The display name of the identity provider. |
| type |
String |
The identity provider type. The value must be OpenIdConnect. |
| claimsMapping |
claimsMapping |
After the OIDC provider sends an ID token back to Microsoft Entra ID, Microsoft Entra ID needs to be able to map the claims from the received token to the claims that Microsoft Entra ID recognizes and uses. This complex type captures that mapping. |
| domainHint |
String |
The ___domain hint can be used to skip directly to the sign in page of the specified identity provider, instead of having the user make a selection among the list of available identity providers. |
| metadataUrl |
String |
The URL for the metadata document of the OpenID Connect identity provider. |
| responseMode |
String |
Defines the method that should be used to send the data back from the custom identity provider to Azure AD B2C. The following response modes can be used: form_post : This response mode is recommended for best security. The response is transmitted via the HTTP POST method, with the code or token being encoded in the body using the application/x-www-form-urlencoded format.query : The code or token is returned as a query parameter.
|
| responseType |
String |
Describes what kind of information is sent back in the initial call to the authorization_endpoint of the custom identity provider. The following response types can be used:-
code : As per the authorization code flow, a code will be returned back to Azure AD B2C. Azure AD B2C proceeds to call the token_endpoint to exchange the code for the token. -
id_token : An ID token is returned back to Azure AD B2C from the custom identity provider. token : An access token is returned back to Azure AD B2C from the custom identity provider. (This value is not supported by Azure AD B2C at the moment)
|
| scope |
String |
Scope defines the information and permissions you are looking to gather from your custom identity provider. |
Response
If successful, this method returns a 204 No Content response code. If unsuccessful, a 4xx error will be returned with specific details.
Examples
Example 1: Update a specific identityProvider
Request
The following example shows a request.
PATCH https://graph.microsoft.com/beta/identityProviders/Amazon-OAuth
Content-type: application/json
{
"clientSecret": "1111111111111"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new IdentityProvider
{
ClientSecret = "1111111111111",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityProviders["{identityProvider-id}"].PatchAsync(requestBody);
mgc-beta identity-providers patch --identity-provider-id {identityProvider-id} --body '{\
"clientSecret": "1111111111111"\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProvider()
clientSecret := "1111111111111"
requestBody.SetClientSecret(&clientSecret)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.IdentityProviders().ByIdentityProviderId("identityProvider-id").Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
IdentityProvider identityProvider = new IdentityProvider();
identityProvider.setClientSecret("1111111111111");
IdentityProvider result = graphClient.identityProviders().byIdentityProviderId("{identityProvider-id}").patch(identityProvider);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProvider = {
clientSecret: '1111111111111'
};
await client.api('/identityProviders/Amazon-OAuth')
.version('beta')
.update(identityProvider);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityProvider;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new IdentityProvider();
$requestBody->setClientSecret('1111111111111');
$result = $graphServiceClient->identityProviders()->byIdentityProviderId('identityProvider-id')->patch($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
clientSecret = "1111111111111"
}
Update-MgBetaIdentityProvider -IdentityProviderId $identityProviderId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_provider import IdentityProvider
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = IdentityProvider(
client_secret = "1111111111111",
)
result = await graph_client.identity_providers.by_identity_provider_id('identityProvider-id').patch(request_body)
Response
The following example shows the response.
HTTP/1.1 204 No Content
Example 2: Update a specific openIDConnectProvider (only for Azure AD B2C)
Request
The following example shows a request.
PATCH https://graph.microsoft.com/beta/identityProviders/OIDC-V1-MyTest-085a8a0c-58cb-4b6d-8e07-1328ea404e1a
Content-type: application/json
{
"responseType": "id_token"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new IdentityProvider
{
AdditionalData = new Dictionary<string, object>
{
{
"responseType" , "id_token"
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityProviders["{identityProvider-id}"].PatchAsync(requestBody);
mgc-beta identity-providers patch --identity-provider-id {identityProvider-id} --body '{\
"responseType": "id_token"\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewIdentityProvider()
additionalData := map[string]interface{}{
"responseType" : "id_token",
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
identityProviders, err := graphClient.IdentityProviders().ByIdentityProviderId("identityProvider-id").Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
IdentityProvider identityProvider = new IdentityProvider();
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("responseType", "id_token");
identityProvider.setAdditionalData(additionalData);
IdentityProvider result = graphClient.identityProviders().byIdentityProviderId("{identityProvider-id}").patch(identityProvider);
const options = {
authProvider,
};
const client = Client.init(options);
const identityProvider = {
responseType: 'id_token'
};
await client.api('/identityProviders/OIDC-V1-MyTest-085a8a0c-58cb-4b6d-8e07-1328ea404e1a')
.version('beta')
.update(identityProvider);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\IdentityProvider;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new IdentityProvider();
$additionalData = [
'responseType' => 'id_token',
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->identityProviders()->byIdentityProviderId('identityProvider-id')->patch($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
responseType = "id_token"
}
Update-MgBetaIdentityProvider -IdentityProviderId $identityProviderId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.identity_provider import IdentityProvider
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = IdentityProvider(
additional_data = {
"response_type" : "id_token",
}
)
result = await graph_client.identity_providers.by_identity_provider_id('identityProvider-id').patch(request_body)
Response
The following example shows the response.
HTTP/1.1 204 No Content