+ Title: "namedItem: range"

+# namedItem: range

+### Request

+### Response

+Here is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+# [C#](#tab/csharp)

+# [JavaScript](#tab/javascript)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [Objective-C](#tab/objc)

+# [Java](#tab/java)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [Go](#tab/go)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [Java](#tab/java)

+# [Objective-C](#tab/objc)

+# [Go](#tab/go)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+ "@odata.context": "https://graph.microsoft.com/betgzZS00MmY1LWI0NDQtYTQyOTVkOGU5MzE0IyMxLjAuNSMjUHVibGlzaGVk')/colorIcon/$entity",

+GET https://graph.microsoft.com/beta/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/temporaryAccessPassMethods

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#users('071cc716-8147-4397-a5ba-b2105951cc0b')/authentication/temporaryAccessPassMethods",

+ "value": [

+ {

+ "id": "de517d3d-3b92-4902-a21a-da3e60ee3962",

+ "temporaryAccessPass": null,

+ "createdDateTime": "2022-06-03T16:55:19.5684534Z",

+ "startDateTime": "2022-06-03T16:55:19.3381855Z",

+ "lifetimeInMinutes": 60,

+ "isUsableOnce": true,

+ "isUsable": true,

+ "methodUsabilityReason": "EnabledByPolicy"

+ }

+ ]

+ "name": "delete_temporaryaccesspassauthenticationmethodconfiguration"

+## Response

+If successful, this method returns a `200 OK` response code and a [temporaryAccessPassAuthenticationMethodConfiguration](../resources/temporaryaccesspassauthenticationmethodconfiguration.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_temporaryaccesspassauthenticationmethodconfiguration"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass

+```

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+ "@odata.type": "microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration"

+Content-Type: application/json

+ "state": "enabled",

+ "isUsableOnce": true,

+ "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('TemporaryAccessPass')/microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration/includeTargets",

+```

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration",

+ "baseType": "microsoft.graph.authenticationMethodConfiguration",

+ "openType": false

+}

+-->

+ "@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration",

+In PIM, represents a request for an active role assignment to a principal. The role assignment can be permanently active with or without an expiry date, or temporarily active after activation of an eligible assignment. Inherits from [request](../resources/request.md).

+ Title: "List temporaryAccessPassAuthenticationMethods"

+description: "Get a list of the temporaryAccessPassAuthenticationMethod objects for a user."

+ms.localizationpriority: medium

+# List temporaryAccessPassAuthenticationMethods

+Namespace: microsoft.graph

+Retrieve a list of a user's [temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) objects and their properties. This API will only return a single object in the collection as a user can have only one Temporary Access Pass method.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Global reader

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /me/authentication/temporaryAccessPassMethods

+GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods

+```

+## Optional query parameters

+This method does not support optional query parameters to customize the response.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) objects in the response body. This call will only return a single object because only one **temporaryAccessPassAuthenticationMethod** can be set on users.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "list_temporaryaccesspassauthenticationmethod"

+}

+-->

+```msgraph-interactive

+GET https://graph.microsoft.com/v1.0/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/temporaryAccessPassMethods

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.temporaryAccessPassAuthenticationMethod)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('071cc716-8147-4397-a5ba-b2105951cc0b')/authentication/temporaryAccessPassMethods",

+ "value": [

+ {

+ "id": "bdaede67-61e0-4349-9347-d2d6afd84009",

+ "temporaryAccessPass": null,

+ "createdDateTime": "2022-06-06T16:43:04.6438213Z",

+ "startDateTime": "2022-06-06T16:48:03.027Z",

+ "lifetimeInMinutes": 60,

+ "isUsableOnce": false,

+ "isUsable": false,

+ "methodUsabilityReason": "NotYetValid"

+ }

+ ]

+}

+```

+ Title: "Create temporaryAccessPassAuthenticationMethod"

+description: "Create a new temporaryAccessPassAuthenticationMethod object for a user."

+ms.localizationpriority: medium

+# Create temporaryAccessPassAuthenticationMethod

+Namespace: microsoft.graph

+Create a new [temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) object on a user. A user can only have one Temporary Access Pass that's usable within its specified lifetime. If the user requires a new Temporary Access Pass while the current Temporary Access Pass is valid, the admin can create a new Temporary Access Pass for the user, the previous Temporary Access Pass will be deleted, and a new Temporary Access Pass will be created.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) object.

+The following table describes optional properties that can be used when creating the [temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md).

+|Property|Type|Description|

+|:|:|:|

+|isUsableOnce|Boolean|Optional. Determines if the pass is limited to a one-time use. If `true`, the pass can be used once; if `false`, the pass can be used multiple times within its **lifetimeInMinutes** setting. A multi-use Temporary Access Pass (`isUsableOnce = false`), can only be created and used for sign-in if it is allowed by the [Temporary Access Pass authentication method policy](../resources/temporaryaccesspassauthenticationmethodconfiguration.md).|

+|lifetimeInMinutes|Int32|Optional. The lifetime of the temporaryAccessPass in minutes starting at creation time or at startDateTime, if set. Must be between 10 and 43200 (equivalent to 30 days). If not specified, the **defaultLifetimeInMinutes** setting in the [Temporary Access Pass authentication method policy](../resources/temporaryaccesspassauthenticationmethodconfiguration.md) is applied. |

+|startDateTime|DateTimeOffset|Optional. The date and time when the temporaryAccessPass becomes available to use. If not specified, the Temporary Access Pass is available to use immediately after it's created.|

+## Response

+If successful, this method returns a `201 Created` response code and a [temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "create_temporaryaccesspassauthenticationmethod_from_"

+}

+-->

+```msgraph-interactive

+POST https://graph.microsoft.com/v1.0/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/temporaryAccessPassMethods

+Content-Type: application/json

+{

+ "startDateTime": "2022-06-05T00:00:00.000Z",

+ "lifetimeInMinutes": 60,

+ "isUsableOnce": false

+}

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.temporaryAccessPassAuthenticationMethod"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethod",

+ "id": "6f1967b7-15e8-4935-ac26-d50770ed07a7",

+ "temporaryAccessPass": "+drkzqAD",

+ "createdDateTime": "2022-06-02T16:21:09.765173Z",

+ "startDateTime": "2022-06-05T00:00:00Z",

+ "lifetimeInMinutes": 60,

+ "isUsableOnce": false,

+ "isUsable": false,

+ "methodUsabilityReason": "NotYetValid"

+}

+```

+ Title: "Delete temporaryAccessPassAuthenticationMethod"

+description: "Deletes a user's temporaryAccessPassAuthenticationMethod object."

+ms.localizationpriority: medium

+# Delete temporaryAccessPassAuthenticationMethod

+Namespace: microsoft.graph

+Delete a users's [temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods/{id}

+DELETE /me/authentication/temporaryAccessPassMethods/{id}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "delete_temporaryAccessPassAuthenticationMethod"

+}

+-->

+```msgraph-interactive

+DELETE https://graph.microsoft.com/v1.0/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/temporaryAccessPassMethods/05267842-25b2-4b21-8abd-8e4982796f7f

+```

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get temporaryAccessPassAuthenticationMethod"

+description: "Retrieve a user's temporaryAccessPassAuthenticationMethod object."

+ms.localizationpriority: medium

+# Get temporaryAccessPassAuthenticationMethod

+Namespace: microsoft.graph

+Retrieve a user's single [temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+### Permissions acting on self

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### Permissions acting on other users

+|Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |

+For delegated scenarios where an admin is acting on another user, the admin needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global administrator

+* Global reader

+* Privileged authentication administrator

+* Authentication administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}

+GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) objects in the response body. This API will only return a single object in the collection as a user can have only one Temporary Access Pass method.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "get_temporaryAccessPassAuthenticationMethod"

+}

+-->

+```msgraph-interactive

+GET https://graph.microsoft.com/v1.0/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/temporaryAccessPassMethods/05267842-25b2-4b21-8abd-8e4982796f7f

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.temporaryAccessPassAuthenticationMethod"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethod",

+ "id": "6f1967b7-15e8-4935-ac26-d50770ed07a7",

+ "temporaryAccessPass": null,

+ "createdDateTime": "2022-06-02T16:21:09.5893903Z",

+ "startDateTime": "2022-06-05T00:00:00Z",

+ "lifetimeInMinutes": 60,

+ "isUsableOnce": false,

+ "isUsable": false,

+ "methodUsabilityReason": "NotYetValid"

+}

+```

+ Title: "Delete temporaryAccessPassAuthenticationMethodConfiguration"

+description: "Revert the Temporary Access Pass policy to its default configuration, represented by a default temporaryAccessPassAuthenticationMethodConfiguration object."

+ms.localizationpriority: medium

+# Delete temporaryAccessPassAuthenticationMethodConfiguration

+Namespace: microsoft.graph

+Revert the Temporary Access Pass policy to its default configuration, represented by a default [temporaryAccessPassAuthenticationMethodConfiguration](../resources/temporaryaccesspassauthenticationmethodconfiguration.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Policy.ReadWrite.AuthenticationMethod|

+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Authentication Policy Administrator

+* Global Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "delete_temporaryaccesspassauthenticationmethodconfiguration"

+}

+-->

+```msgraph-interactive

+DELETE https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass`

+```

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get temporaryAccessPassAuthenticationMethodConfiguration"

+description: "Read the details of the Temporary Access Pass policy for the Azure AD tenant, represented by a temporaryAccessPassAuthenticationMethodConfiguration object."

+ms.localizationpriority: medium

+# Get temporaryAccessPassAuthenticationMethodConfiguration

+Namespace: microsoft.graph

+Read the details of the Temporary Access Pass policy for the Azure Active Directory (Azure AD) tenant, represented by a [temporaryAccessPassAuthenticationMethodConfiguration](../resources/temporaryaccesspassauthenticationmethodconfiguration.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Policy.ReadWrite.AuthenticationMethod|

+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Global Reader

+* Authentication Policy Administrator

+* Global Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [temporaryAccessPassAuthenticationMethodConfiguration](../resources/temporaryaccesspassauthenticationmethodconfiguration.md) object in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "get_temporaryaccesspassauthenticationmethodconfiguration"

+}

+-->

+```msgraph-interactive

+GET https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass

+```

+### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration"

+}

+-->

+```http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodConfigurations/$entity",

+ "@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration",

+ "id": "TemporaryAccessPass",

+ "state": "enabled",

+ "defaultLifetimeInMinutes": 60,

+ "defaultLength": 8,

+ "minimumLifetimeInMinutes": 60,

+ "maximumLifetimeInMinutes": 480,

+ "isUsableOnce": false,

+ "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('TemporaryAccessPass')/microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration/includeTargets",

+ "includeTargets": [

+ {

+ "targetType": "group",

+ "id": "all_users",

+ "isRegistrationRequired": false

+ }

+ ]

+}

+```

+ Title: "Update temporaryAccessPassAuthenticationMethodConfiguration"

+description: "Update the Temporary Access Pass policy for the Azure AD tenant, represented by a temporaryAccessPassAuthenticationMethodConfiguration object."

+ms.localizationpriority: medium

+# Update temporaryAccessPassAuthenticationMethodConfiguration

+Namespace: microsoft.graph

+Update the Temporary Access Pass policy for the Azure AD tenant, represented by a [temporaryAccessPassAuthenticationMethodConfiguration](../resources/temporaryaccesspassauthenticationmethodconfiguration.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Policy.ReadWrite.AuthenticationMethod|

+For delegated scenarios, the administrator needs one of the following [Azure AD roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles):

+* Authentication Policy Administrator

+* Global Administrator

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/TemporaryAccessPass

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [temporaryAccessPassAuthenticationMethodConfiguration](../resources/temporaryaccesspassauthenticationmethodconfiguration.md) object with the values of fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+All properties of the object can be updated. For a list of properties, see [temporaryAccessPassAuthenticationMethodConfiguration](../resources/temporaryaccesspassauthenticationmethodconfiguration.md).

+> [!NOTE]

+> The **@odata.type** property with a value of `#microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration` must be included in the request body.

+## Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "update_temporaryaccesspassauthenticationmethodconfiguration"

+}

+-->

+```http

+PATCH https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/temporaryAccessPass

+Content-Type: application/json

+{

+ "isUsableOnce": true

+}

+```

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+```http

+HTTP/1.1 204 No Content

+```

+|temporaryAccessPassMethods|[temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) collection|Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes.|

+|[temporaryAccessPassAuthenticationMethod](temporaryaccesspassauthenticationmethod.md)|A time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials.|

+|[emailauthenticationmethodconfiguration](emailauthenticationmethodconfiguration.md)|Define users who can use email OTP on the Azure AD tenant.|

+|[temporaryAccessPassAuthenticationMethod](temporaryaccesspassauthenticationmethodconfiguration.md)|Define the configuration settings and users or groups who are enabled to use the Temporary Access Pass authentication method.|

+ Title: "temporaryAccessPassAuthenticationMethod resource type"

+description: "Represents a Temporary Access Pass registered to a user."

+ms.localizationpriority: medium

+# temporaryAccessPassAuthenticationMethod resource type

+Namespace: microsoft.graph

+Represents a Temporary Access Pass registered to a user. A Temporary Access Pass is a time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials.

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List](../api/authentication-list-temporaryaccesspassmethods.md)|[temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md) collection|Retrieve a list of a user's **temporaryAccessPassAuthenticationMethod** objects and their properties. Users can only have one Temporary Access Pass authentication method.|

+|[Create](../api/authentication-post-temporaryaccesspassmethods.md)|[temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md)|Create a user's **temporaryAccessPassAuthenticationMethod** object.|

+|[Get](../api/temporaryaccesspassauthenticationmethod-get.md)|[temporaryAccessPassAuthenticationMethod](../resources/temporaryaccesspassauthenticationmethod.md)|Retrieve the properties of the user's **temporaryAccessPassAuthenticationMethod** object.|

+|[Delete](../api/temporaryaccesspassauthenticationmethod-delete.md)|None|Delete a user's **temporaryAccessPassAuthenticationMethod** object.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|createdDateTime|DateTimeOffset|The date and time when the Temporary Access Pass was created.|

+|id|String|The identifier of the Temporary Access Pass registered to this user. Inherited from [entity](../resources/entity.md).|

+|isUsableOnce|Boolean|Determines whether the pass is limited to a one-time use. If `true`, the pass can be used once; if `false`, the pass can be used multiple times within the Temporary Access Pass lifetime.|

+|isUsable|Boolean|The state of the authentication method that indicates whether it's currently usable by the user.|

+|lifetimeInMinutes|Int32|The lifetime of the Temporary Access Pass in minutes starting at **startDateTime**. Must be between 10 and 43200 inclusive (equivalent to 30 days).|

+|methodUsabilityReason|String|Details about the usability state (**isUsable**). Reasons can include: `EnabledByPolicy`, `DisabledByPolicy`, `Expired`, `NotYetValid`, `OneTimeUsed`.|

+|startDateTime|DateTimeOffset|The date and time when the Temporary Access Pass becomes available to use and when **isUsable** is `true` is enforced.|

+|temporaryAccessPass|String|The Temporary Access Pass used to authenticate. Returned only on creation of a new temporaryAccessPass; Hidden in subsequent read operations and returned as `null` with GET.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.temporaryAccessPassAuthenticationMethod",

+ "baseType": "microsoft.graph.authenticationMethod",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethod",

+ "id": "String (identifier)",

+ "temporaryAccessPass": "String",

+ "createdDateTime": "String (timestamp)",

+ "startDateTime": "String (timestamp)",

+ "lifetimeInMinutes": "Integer",

+ "isUsableOnce": "Boolean",

+ "isUsable": "Boolean",

+ "methodUsabilityReason": "String"

+}

+```

+ Title: "temporaryAccessPassAuthenticationMethodConfiguration resource type"

+description: "Represents a Temporary Access Pass authentication methods policy that defines the configuration settings and users or groups who are enabled to use the authentication method."

+ms.localizationpriority: medium

+# temporaryAccessPassAuthenticationMethodConfiguration resource type

+Namespace: microsoft.graph

+Represents a Temporary Access Pass authentication methods policy that defines the configuration settings and users or groups who are enabled to use the authentication method.

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[Get](../api/temporaryaccesspassauthenticationmethodconfiguration-get.md)|[temporaryaccesspassauthenticationmethodconfiguration](../resources/temporaryaccesspassauthenticationmethodconfiguration.md)|Read the properties and relationships of a **temporaryAccessPassAuthenticationMethodConfiguration** object.|

+|[Update](../api/temporaryaccesspassauthenticationmethodconfiguration-update.md)|None|Update the properties of a **temporaryAccessPassAuthenticationMethodConfiguration** object.|

+|[Delete](../api/temporaryaccesspassauthenticationmethodconfiguration-delete.md)|None|Reverts the **temporaryAccessPassAuthenticationMethodConfiguration** object to its default configuration.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|defaultLength|Int|Default length in characters of a temporaryAccessPass. Must be between 8 and 48 characters.|

+|defaultLifetimeInMinutes|Int|Default lifetime in minutes for a temporaryAccessPass. Value can be any integer between the **minimumLifetimeInMinutes** and **maximumLifetimeInMinutes**.|

+|id|String|The identifier of the authentication method policy. Inherited from [entity](entity.md).|

+|isUsableOnce|Boolean |If `true`, all the passes in the tenant will be restricted to one-time use. If `false`, passes in the tenant can be created to be either one-time use or reusable.|

+|minimumLifetimeInMinutes|Int|Minimum lifetime in minutes for any temporaryAccessPass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days).|

+|maximumLifetimeInMinutes|Int|Maximum lifetime in minutes for any temporaryAccessPass created in the tenant. Value can be between 10 and 43200 minutes (equivalent to 30 days).|

+|state|authenticationMethodState|Whether the Temporary Access Pass method is enabled in the tenant. Possible values are: `enabled`, `disabled`. Inherited from [authenticationMethodConfiguration](authenticationmethodconfiguration.md). |

+## Relationships

+|Relationship|Type|Description|

+|:|:|:|

+|includeTargets|[authenticationMethodTarget](../resources/authenticationmethodtarget.md) collection|A collection of users or groups who are enabled to use the authentication method.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration",

+ "baseType": "microsoft.graph.authenticationMethodConfiguration",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration",

+ "id": "String (identifier)",

+ "state": "String",

+ "defaultLifetimeInMinutes": "Integer",

+ "defaultLength": "Integer",

+ "minimumLifetimeInMinutes": "Integer",

+ "maximumLifetimeInMinutes": "Integer",

+ "isUsableOnce": "Boolean",

+ "includeTargets": [ { "@odata.type": "microsoft.graph.authenticationMethodTarget" } ]

+}

+```

+ - name: Temporary Access Pass

+ href: resources/temporaryaccesspassauthenticationmethod.md

+ items:

+ - name: List

+ href: api/authentication-list-temporaryaccesspassmethods.md

+ - name: Create

+ href: api/authentication-post-temporaryaccesspassmethods.md

+ - name: Get

+ href: api/temporaryaccesspassauthenticationmethod-get.md

+ - name: Delete

+ href: api/temporaryaccesspassauthenticationmethod-delete.md

+ - name: Certificate-based auth configuration

+ href: resources/certificatebasedauthconfiguration.md

+ items:

+ - name: List

+ href: api/certificatebasedauthconfiguration-list.md

+ - name: Create

+ href: api/certificatebasedauthconfiguration-post-certificatebasedauthconfiguration.md

+ - name: Get

+ href: api/certificatebasedauthconfiguration-get.md

+ - name: Delete

+ href: api/certificatebasedauthconfiguration-delete.md

+ - name: Temporary Access Pass policy

+ href: resources/temporaryaccesspassauthenticationmethodconfiguration.md

+ items:

+ - name: Get

+ href: api/temporaryaccesspassauthenticationmethodconfiguration-get.md

+ - name: Update

+ href: api/temporaryaccesspassauthenticationmethodconfiguration-update.md

+ - name: Delete

+ href: api/temporaryaccesspassauthenticationmethodconfiguration-delete.md