+|displayName|String|The display name of the policy. Required.|

+|description|String|The description of the policy. Required.|

+|canExtend|Boolean|Indicates whether a user can extend the access package assignment duration after approval. Required.|

+|durationInDays|Int32|The number of days in which assignments from this policy last until they are expired. Required.|

+|expirationDateTime|DateTimeOffset|The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Required.|

+|requestorSettings|[requestorSettings](../resources/requestorsettings.md)|Who can request this access package from this policy. Required.|

+|requestApprovalSettings|[approvalSettings](../resources/approvalsettings.md)|Who must approve requests for access package in this policy. Required.|

+|accessReviewSettings|[assignmentReviewSettings](../resources/assignmentreviewsettings.md)|Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required. Required.|

+ "@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",

+ "displayName": "test_action_0124_email",

+ "description": "this is for graph testing only",

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.logicAppTriggerEndpointConfiguration",

+ "subscriptionId": "38ab2ccc-3747-4567-b36b-9478f5602f0d",

+ "resourceGroupName": "test",

+ "logicAppWorkflowName": "elm-extension-email"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdPopTokenAuthentication"

+ },

+ "callbackConfiguration": {

+ "@odata.type": "microsoft.graph.customExtensionCallbackConfiguration",

+ "durationBeforeTimeout": "PT1H"

+ }

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+### Request

+### Response

+The following is an example of the response.

+|isActive|Boolean|Indicates whether the predefined value is active or deactivated. If `false`, this predefined value cannot be assigned to any additional supported directory objects. Optional.|

+### Request

+### Response

+The following is an example of the response.

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+> [!NOTE]

+> **Note**:

+Using `$expand=AppDefinitions` will return more information about the state of the app, such as the **publishingState**, which reflects the app submission review status and returns whether an app has been approved, rejected, or remains under review.

+ Title: "Get appCredentialSignInActivity"

+description: "Get an appCredentialSignInActivity object that contains recent activity of an application credential."

+ms.localizationpriority: medium

+# Get appCredentialSignInActivity

+Namespace: microsoft.graph

+Get an [appCredentialSignInActivity](../resources/appcredentialsigninactivity.md) object that contains recent activity of an application credential.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+| :- | : |

+| Delegated (work or school account) | AuditLog.Read.All, Directory.Read.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | AuditLog.Read.All, Directory.Read.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+GET /reports/appCredentialSignInActivities/{appCredentialSignInActivityId}

+```

+## Optional query parameters

+This method does not support OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+| Name | Description |

+| : | : |

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [appCredentialSignInActivity](../resources/appcredentialsigninactivity.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request that shows how to get an **appCredentialSignInActivity** object based on its ID.

+<!-- {

+ "blockType": "request",

+ "name": "get_appcredentialsigninactivity_1",

+ "sampleKeys": ["ODNmNDUyOTYtZmI4Zi00YWFhLWEzOTktYWM1MTA4NGUwMmI3fGFwcGxpY2F0aW9u"]

+}-->

+```http

+GET https://graph.microsoft.com/beta/reports/appCredentialSignInActivities/ODNmNDUyOTYtZmI4Zi00YWFhLWEzOTktYWM1MTA4NGUwMmI3fGFwcGxpY2F0aW9u

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.appCredentialSignInActivity"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+Content-length: 211

+{

+ "@odata.type": "#microsoft.graph.appCredentialSignInActivity",

+ "appId": "f4d9654f-0305-4072-878c-8bf266dfe146",

+ "appObjectId": "6920caa5-1cae-4bc8-bf59-9c0b8495d240",

+ "credentialOrigin": "application",

+ "expirationDate": "2021-04-01T21:36:48-8:00",

+ "id": "ODNmNDUyOTYtZmI4Zi00YWFhLWEzOTktYWM1MTA4NGUwMmI3fGFwcGxpY2F0aW9u",

+ "keyId": "83f45296-fb8f-4aaa-a399-ac51084e02b7",

+ "keyType":"certificate",

+ "keyUsage": "sign",

+ "resourceId": "a89dc091-a671-4da4-9fcf-3ef06bdf3ac3",

+ "servicePrincipalObjectId": "cf533854-9fb7-4c01-9c0e-f68922ada8b6",

+ "signInActivity": {

+ "lastSignInDateTime": "2021-04-01T00:00:00-8:00",

+ "lastSignInRequestId": "b0a282a3-68ec-4ec8-aef0-290ed4350271"

+ }

+}

+```

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+GET /applications(appId='{appId}')/extensionProperties

+ "isMultiValued": true,

+ "isMultiValued": true,

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+> **Notes:**

+> - For a call with app-hosted media, you need the Calls.AccessMedia.All permission in addition to one of the permissions listed in the previous table.

+> - Cloud Video Interop solutions that are [Certified for Microsoft Teams](/MicrosoftTeams/cloud-video-interop) have permission to call this API to join meetings for which they have meeting join links, similar to external users joining through a browser.

+> - Permissions marked with * use [resource-specific consent](/microsoftteams/platform/graph-api/rsc/resource-specific-consent).

+##### Delta roster disabled (default)

+##### Delta roster enabled

+<!-- {

+ "blockType": "example",

+ "@odata.type": "microsoft.graph.commsNotifications",

+ "truncated": true

+}-->

+```json

+{

+ "@odata.type": "#microsoft.graph.commsNotifications",

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.commsNotification",

+ "changeType": "updated",

+ "resource": "/app/calls/421f7700-f4ad-4ea9-a3fc-c1d2195675ad/participants",

+ "resourceUrl": "/communications/calls/421f7700-f4ad-4ea9-a3fc-c1d2195675ad/participants",

+ "resourceData": [

+ {

+ "@odata.type": "#microsoft.graph.deltaParticipants",

+ "participants": [

+ {

+ "@odata.type": "#microsoft.graph.participant",

+ "info": {

+ "@odata.type": "#microsoft.graph.participantInfo",

+ "identity": {

+ "@odata.type": "#microsoft.graph.identitySet",

+ "user": {

+ "@odata.type": "#microsoft.graph.identity",

+ "displayName": "John",

+ "id": "112f7296-5fa4-42ca-bae8-6a692b15d4b8"

+ }

+ },

+ "languageId": "en-US"

+ },

+ "mediaStreams": [

+ {

+ "@odata.type": "#microsoft.graph.mediaStream",

+ "mediaType": "audio",

+ "sourceId": "1",

+ "direction": "sendReceive",

+ "serverMuted": false

+ },

+ {

+ "@odata.type": "#microsoft.graph.mediaStream",

+ "mediaType": "video",

+ "sourceId": "2",

+ "direction": "receiveOnly",

+ "serverMuted": false

+ },

+ {

+ "@odata.type": "#microsoft.graph.mediaStream",

+ "mediaType": "videoBasedScreenSharing",

+ "sourceId": "8",

+ "direction": "receiveOnly",

+ "serverMuted": false

+ }

+ ],

+ "isMuted": true,

+ "isInLobby": false,

+ "id": "0d7664b6-6432-43ed-8d27-d9e7adec188c",

+ "rosterSequenceNumber": 1

+ },

+ {

+ "@odata.type": "#microsoft.graph.participant",

+ "info": {

+ "@odata.type": "#microsoft.graph.participantInfo",

+ "identity": {

+ "@odata.type": "#microsoft.graph.identitySet",

+ "application": {

+ "@odata.type": "#microsoft.graph.identity",

+ "displayName": "Calling Bot",

+ "id": "2891555a-92ff-42e6-80fa-6e1300c6b5c6"

+ }

+ }

+ },

+ "mediaStreams": [

+ {

+ "@odata.type": "#microsoft.graph.mediaStream",

+ "mediaType": "audio",

+ "sourceId": "10",

+ "direction": "sendReceive",

+ "serverMuted": false

+ }

+ ],

+ "isMuted": false,

+ "isInLobby": false,

+ "id": "05491616-385f-44a8-9974-18cc5f9933c1",

+ "rosterSequenceNumber": 1,

+ "removedState": {

+ "reason": "Removed from roster"

+ }

+ }

+ ],

+ "sequenceNumber": 1

+ }

+ ]

+ }

+ ]

+}

+```

+##### Delta roster disabled (default)

+##### Delta roster enabled

+<!-- {

+ "blockType": "example",

+ "@odata.type": "microsoft.graph.commsNotifications",

+ "truncated": true

+}-->

+```json

+{

+ "@odata.type": "#microsoft.graph.commsNotifications",

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.commsNotification",

+ "changeType": "updated",

+ "resource": "/app/calls/421f7700-f4ad-4ea9-a3fc-c1d2195675ad/participants",

+ "resourceUrl": "/communications/calls/421f7700-f4ad-4ea9-a3fc-c1d2195675ad/participants",

+ "resourceData": [

+ {

+ "@odata.type": "#microsoft.graph.deltaParticipants",

+ "participants": [

+ {

+ "@odata.type": "#microsoft.graph.participant",

+ "info": {

+ "@odata.type": "#microsoft.graph.participantInfo",

+ "identity": {

+ "@odata.type": "#microsoft.graph.identitySet",

+ "guest": {

+ "@odata.type": "#microsoft.graph.identity",

+ "displayName": "Guest User",

+ "id": "d7a3b999-17ac-4bca-9e77-e6a730d2ec2e"

+ }

+ }

+ },

+ "mediaStreams": [

+ {

+ "@odata.type": "#microsoft.graph.mediaStream",

+ "mediaType": "audio",

+ "sourceId": "10",

+ "direction": "sendReceive",

+ "serverMuted": false

+ }

+ ],

+ "isMuted": false,

+ "isInLobby": true,

+ "id": "05491616-385f-44a8-9974-18cc5f9933c1"

+ }

+ ],

+ "sequenceNumber": 2

+ }

+ ]

+ }

+ ]

+}

+```

+> **Note:** The application will not receive the roster for participants in the meeting until its admitted from lobby.

+POST /applications(appId='{appId}')/extensionProperties

+|isMultiValued|Boolean| Defines the directory extension as a multi-valued property. When `true`, the directory extension property can store a collection of objects of the **dataType**; for example, a collection of integers. The default value is `false`.|

+ "isMultiValued": true,

+ "isMultiValued": true,

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+description: "Retrieve the properties and relationships of an applicationSignInDetailedSummary object."

+Retrieve the properties and relationships of an [applicationSignInDetailedSummary](../resources/applicationsignindetailedsummary.md) object.

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+DELETE /applications/{applicationObjectId}/appManagementPolicies/{appManagementPolicyId}/$ref

+DELETE /servicePrincipals/{servicePrincipalObjectId}/appManagementPolicies/{appManagementPolicyId}/$ref

+Do not supply a request body for this method.

+DELETE https://graph.microsoft.com/beta/applications/3ccc9971-9ae7-45d6-8de8-263fd25fe116/appManagementPolicies/15942288-d19b-458c-9be4-20377d0a2435/$ref

+# [PowerShell](#tab/powershell)

+DELETE https://graph.microsoft.com/beta/servicePrincipals/f284860e-368c-4a1f-8894-77f0a9676fb3/appManagementPolicies/15942288-d19b-458c-9be4-20377d0a2435/$ref

+# [PowerShell](#tab/powershell)

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+Retrieve the properties of an [approval](../resources/approval.md) object. This API request is made by an approver in the following scenarios:

+- In [entitlement management](../resources/entitlementmanagement-overview.md), providing the identifier of the [access package assignment request](../resources/accesspackageassignmentrequest.md).

+- In [PIM for groups](../resources/privilegedidentitymanagement-for-groups-api-overview.md), providing the identifier of the [assignment schedule request](../resources/privilegedaccessgroupassignmentschedulerequest.md).

+### For entitlement management

+### For PIM for groups

+| Permission type | Permissions (from least to most privileged) |

+|:|:--|

+| Delegated (work or school account) | PrivilegedAssignmentSchedule.Read.AzureADGroup, PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+To get approval objects in entitlement management:

+<!-- { "blockType": "ignored" } -->

+To get approval objects in PIM for groups:

+<!-- { "blockType": "ignored" } -->

+```http

+GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}

+```

+List the [approvalStep](../resources/approvalstep.md) objects associated with an [approval](../resources/approval.md). This API request is made by an approver in the following scenarios:

+- In [entitlement management](../resources/entitlementmanagement-overview.md), providing the identifier of the [access package assignment request](../resources/accesspackageassignmentrequest.md).

+- In [PIM for groups](../resources/privilegedidentitymanagement-for-groups-api-overview.md), providing the identifier of the [assignment schedule request](../resources/privilegedaccessgroupassignmentschedulerequest.md).

+### For entitlement management

+### For PIM for groups

+| Permission type | Permissions (from least to most privileged) |

+|:|:--|

+| Delegated (work or school account) | PrivilegedAssignmentSchedule.Read.AzureADGroup, PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+To list the approval steps in entitlement management:

+<!-- { "blockType": "ignored" } -->

+To list the approval steps in PIM for groups:

+<!-- { "blockType": "ignored" } -->

+```http

+GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}/steps

+```

+### Permissions required for calling this API for entitlement management

+### Permissions required for calling this API for PIM for groups

+| Permission type | Permissions (from least to most privileged) |

+|:|:--|

+| Delegated (work or school account) | PrivilegedAssignmentSchedule.Read.AzureADGroup, PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+To get an approval step in entitlement management:

+<!-- { "blockType": "ignored" } -->

+To get an approval step in PIM for groups:

+<!-- { "blockType": "ignored" } -->

+```http

+GET /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}/steps/{id}

+```

+### Permissions required for calling this API for entitlement management

+### Permissions required for calling this API for PIM for groups

+| Permission type | Permissions (from least to most privileged) |

+|:|:--|

+| Delegated (work or school account) | PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+To update an approval decision in entitlement management:

+<!-- { "blockType": "ignored" } -->

+To update an approval decision in PIM for groups:

+<!-- { "blockType": "ignored" } -->

+```http

+PATCH /identityGovernance/privilegedAccess/group/assignmentApprovals/{id}/steps/{id}

+```

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+### Request

+ "name": "get_attributeset_single",

+ "sampleKeys": ["Engineering"]

+### Response

+The following is an example of the response.

+### Request

+ "name": "update_attributeset",

+ "sampleKeys": ["Engineering"]

+### Response

+The following is an example of the response.

+ Title: "Delete authenticationConditionApplication (from a user flow)"

+description: "Remove an application from an externalUsersSelfServiceSignupEventsFlow."

+ms.localizationpriority: medium

+# Delete authenticationConditionApplication (from a user flow)

+Namespace: microsoft.graph

+Remove or unlink [an application](../resources/authenticationconditionapplication.md) from an external identities self-service sign up user flow that's represented by an [externalUsersSelfServiceSignupEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object. This disables the authentication experience that's defined by the user flow for the application.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /identity/authenticationEventsFlows/{authenticationEventsFlow-id}/conditions/applications/includeApplications/{appId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code. If unsuccessful, a `4xx` error will be returned with specific details.

+## Examples

+#### Request

+The following is an example of a request. `63856651-13d9-4784-9abf-20758d509e19` representes the **appId** of the application, also known as the client ID, not the object ID.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_includeApplications"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/identity/authenticationEventsFlows/0313cc37-d421-421d-857b-87804d61e33e/conditions/applications/includeApplications/63856651-13d9-4784-9abf-20758d509e19

+```

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+#### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "List includeApplications (for a user flow)"

+description: "List applications for an externalusersselfservicesignupeventsflow."

+ms.localizationpriority: medium

+# List includeApplications (for a user flow)

+Namespace: microsoft.graph

+List the applications linked to an external identities self-service sign up user flow that's represented by an [externalUsersSelfServiceSignupEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object. These are the applications for which the authentication experience that's defined by the user flow is enabled.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identity/authenticationEventsFlows/{authenticationEventsFlow-id}/conditions/applications/includeApplications/

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` and a collection of [identityUserFlowAttribute](../resources/identityuserflowattribute.md) objects in the response body.

+## Examples

+### Request

+The following is an example of a request to retrieve the list of applications associated with a user flow.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_includeApplications"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/authenticationEventsFlows/0313cc37-d421-421d-857b-87804d61e33e/conditions/applications/includeApplications/

+```

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.authenticationConditionApplication"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows('0313cc37-d421-421d-857b-87804d61e33e')/conditions/applications/includeApplications",

+ "value": [

+ {

+ "appId": "63856651-13d9-4784-9abf-20758d509e19"

+ }

+ ]

+}

+```

+ Title: "Add includeApplication (to a user flow)"

+description: "Add application to an externalusersselfservicesignupeventsflow."

+ms.localizationpriority: medium

+# Add includeApplication (to a user flow)

+Namespace: microsoft.graph

+Add or link an application to an external identities self-service sign up user flow that's represented by an [externalUsersSelfServiceSignupEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object. This enables the authentication experience that's defined by the user flow to be enabled for the application. An application can only be linked to one user flow.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /identity/authenticationEventsFlows/{authenticationEventsFlow-id}/conditions/applications/includeApplications

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, provide a JSON representation of the **appId** of the application to associate with the user flow.

+## Response

+If successful, this method returns a `201 Created` response code and a new [authenticationConditionApplication](../resources/authenticationconditionapplication.md) object in the response body. If unsuccessful, a `4xx` error will be returned with specific details.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "post_includeapplications"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/identity/authenticationEventsFlows/0313cc37-d421-421d-857b-87804d61e33e/conditions/applications/includeApplications

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.authenticationConditionApplication",

+ "appId": "63856651-13d9-4784-9abf-20758d509e19"

+}

+```

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "@odata.type": "microsoft.graph.authenticationConditionApplication",

+ "truncated": true,

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows('0313cc37-d421-421d-857b-87804d61e33e')/conditions/applications/includeApplications/$entity",

+ "appId": "63856651-13d9-4784-9abf-20758d509e19"

+}

+```

+ "name": "delete_authenticationcontextclassreference",

+ "sampleKeys": ["c1"]

+ Title: "Delete authenticationEventListener"

+description: "Deletes an authenticationEventListener object."

+ms.localizationpriority: medium

+# Delete authenticationEventListener

+Namespace: microsoft.graph

+Deletes an [authenticationEventListener](../resources/authenticationeventlistener.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /identity/authenticationEventListeners/{authenticationEventListenerId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_authenticationeventlistener"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/identity/authenticationEventListeners/c7a1f2c5-3d36-4b3f-b75c-143af30a5246

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get authenticationEventListener"

+description: "Read the properties and relationships of an authenticationEventListener object."

+ms.localizationpriority: medium

+# Get authenticationEventListener

+Namespace: microsoft.graph

+Read the properties and relationships of an [authenticationEventListener](../resources/authenticationeventlistener.md) object. The **@odata.type** property in the response object indicates the type of the authenticationEventListener object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.Read.All, EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|EventListener.Read.All, EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identity/authenticationEventListeners/{authenticationEventListenerId}

+```

+## Optional query parameters

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [authenticationEventListener](../resources/authenticationeventlistener.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_authenticationeventlistener"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/customAuthenticationExtensions/6fc5012e-7665-43d6-9708-4370863f4e6e

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.authenticationEventListener"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/customAuthenticationExtensions/$entity",

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartCustomExtension",

+ "id": "6fc5012e-7665-43d6-9708-4370863f4e6e",

+ "displayName": "onTokenIssuanceStartCustomExtension",

+ "description": "Fetch additional claims from custom user store",

+ "clientConfiguration": null,

+ "behaviorOnError": null,

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "api://authenticationeventsAPI.contoso.com/a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ },

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.httpRequestEndpoint",

+ "targetUrl": "https://authenticationeventsAPI.contoso.com"

+ },

+ "claimsForTokenConfiguration": [

+ {

+ "claimIdInApiResponse": "DateOfBirth"

+ },

+ {

+ "claimIdInApiResponse": "CustomRoles"

+ }

+ ]

+}

+```

+ Title: "Update authenticationEventListener"

+description: "Update the properties of an authenticationEventListener object."

+ms.localizationpriority: medium

+# Update authenticationEventListener

+Namespace: microsoft.graph

+Update the properties of an [authenticationEventListener](../resources/authenticationeventlistener.md) object. You must specify the **@odata.type** property and the value of the [authenticationEventListener](../resources/authenticationeventlistener.md) object type to update.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /identity/authenticationEventListeners/{authenticationEventListenerId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+You must specify the **@odata.type** property and the value of the [authenticationEventListener](../resources/authenticationeventlistener.md) object type to update. For example, `"@odata.type": "#microsoft.graph.onTokenIssuanceStartListener"`.

+|Property|Type|Description|

+|:|:|:|

+|authenticationEventsFlowId|String|The identifier of the authentication events flow. Optional.|

+|conditions|[authenticationConditions](../resources/authenticationconditions.md)|The conditions on which this authenticationEventListener should trigger. Optional.|

+|handler|[onAttributeCollectionHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be updated for the **onAttributeCollectionListener** listener type.|

+|handler|[onAuthenticationMethodLoadStartHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be updated for the **onAuthenticationMethodLoadStartListener** listener type.|

+|handler|[onInteractiveAuthFlowStartHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be updated for the **onInteractiveAuthFlowStartListener** listener type.|

+|handler|[onTokenIssuanceStartHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be updated for the **onTokenIssuanceStartListener** listener type.|

+|handler|[onUserCreateStartHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be updated for the **onUserCreateStartListener** listener type.|

+|priority|Int32|The priority of this handler. Between 0 (lower priority) and 1000 (higher priority). Required.|

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request to update an authentication event listener's trigger conditions or priority:

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_authenticationeventlistener"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/identity/authenticationEventListeners/990d94e5-cc8f-4c4b-97b4-27e2678aac28

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartListener",

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false

+ }

+ },

+ "priority": 500

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Delete authenticationEventsFlow"

+description: "Delete an authenticationEventsFlow object."

+ms.localizationpriority: medium

+# Delete authenticationEventsFlow

+Namespace: microsoft.graph

+Delete a specific [authenticationEventsFlow](../resources/authenticationeventsflow.md) resource by ID. Only [externalUsersSelfServiceSignupEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object types are available.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /identity/authenticationEventsFlows/{authenticationEventsFlow-id}/

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_authenticationeventsflow"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/identity/authenticationEventsFlows/0313cc37-d421-421d-857b-87804d61e33e

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get authenticationEventsFlow"

+description: "Read the properties and relationships of an authenticationEventsFlow object."

+ms.localizationpriority: medium

+# Get authenticationEventsFlow

+Namespace: microsoft.graph

+Retrieve the properties and relationships of a specific [authenticationEventsFlow](../resources/authenticationeventsflow.md) object by ID. Only [externalUsersSelfServiceSignupEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object types are available.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.Read.All, EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.Read.All, EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identity/authenticationEventsFlows/{authenticationEventsFlow-id}

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [authenticationEventsFlow](../resources/authenticationeventsflow.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request to retrieve a specific External Identities user flow.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_authenticationeventsflow"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/authenticationEventsFlows/0313cc37-d421-421d-857b-87804d61e33e

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+### Response

+The following is an example of the response. In this example, the user flow retrieved is named "Woodgrove Drive Users Flow" and is set up to:

+- Allow users to create a local email with password account, or sign up with their Google or Facebook identity

+- Collect **Display Name** and **Favorite Color**

+- Create a "Member" user type.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.authenticationEventsFlow"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "0313cc37-d421-421d-857b-87804d61e33e",

+ "displayName": "Woodgrove Drive User Flow",

+ "description": "For onboarding consumers to the Woodgrove Drive application",

+ "priority": 50,

+ "onAttributeCollectionStart": null,

+ "onAttributeCollectionSubmit": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows('0313cc37-d421-421d-857b-87804d61e33e')/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/conditions/applications/includeApplications",

+ "includeApplications": []

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "@odata.type": "#microsoft.graph.builtInIdentityProvider",

+ "id": "EmailPassword-OAUTH",

+ "displayName": "Email with password",

+ "identityProviderType": "EmailPassword",

+ "state": null

+ },

+ {

+ "@odata.type": "#microsoft.graph.socialIdentityProvider",

+ "id": "Google-OAUTH",

+ "displayName": "Google",

+ "identityProviderType": "Google",

+ "clientId": "137004260525-q8j2cp9hqceqa6hpvaa346e04g92tn8m.apps.googleusercontent.com",

+ "clientSecret": "******"

+ },

+ {

+ "@odata.type": "#microsoft.graph.socialIdentityProvider",

+ "id": "Facebook-OAUTH",

+ "displayName": "Facebook",

+ "identityProviderType": "Facebook",

+ "clientId": "236028191057849",

+ "clientSecret": "******"

+ }

+ ]

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "accessPackages": [],

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "label": "Favorite color",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^.*",

+ "options": []

+ }

+ ]

+ }

+ ]

+ },

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "displayName",

+ "displayName": "Display Name",

+ "description": "Display Name of the User.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "displayName": "Favorite color",

+ "description": "what is your favorite color",

+ "userFlowAttributeType": "custom",

+ "dataType": "string"

+ }

+ ]

+ },

+ "onUserCreateStart": {

+ "@odata.type": "#microsoft.graph.onUserCreateStartExternalUsersSelfServiceSignUp",

+ "userTypeToCreate": "member",

+ "accessPackages": []

+ }

+ }

+}

+```

+ Title: "Update authenticationEventsFlow"

+description: "Update the properties of an authenticationEventsFlow object."

+ms.localizationpriority: medium

+# Update authenticationEventsFlow

+Namespace: microsoft.graph

+Update the properties of an [authenticationEventsFlow](../resources/authenticationeventsflow.md) object. Only the [externalUsersSelfServiceSignupEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object type is supported.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /identity/authenticationEventsFlows/{authenticationEventsFlow-id}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+You must include the **@odata.type** property with a value of the specific user flow type in the body. For example, `"@odata.type": "#microsoft.graph.externalUsersSelfServiceSignupEventsFlow"`.

+|Property|Type|Description|

+|:|:|:|

+|id|String|The unique identifier for the entity. Read-only. |

+|displayName|String|The display name for the events policy. |

+|description|String|The description of the events policy.|

+|conditions|[authenticationConditions](../resources/authenticationconditions.md)|The conditions representing the context of the authentication request which is used to decide whether the events policy is invoked. |

+|priority|Int32|The priority to use for each individual event of the events policy. If multiple competing listeners for an event have the same priority, one is chosen and an error is silently logged. |

+|onInteractiveAuthFlowStart|[onInteractiveAuthFlowStartHandler](../resources/oninteractiveauthflowstarthandler.md)|The configuration for what to invoke for the onInteractiveAuthFlowStart event. |

+|onAuthenticationMethodLoadStart|[onAuthenticationMethodLoadStartHandler](../resources/onauthenticationmethodloadstarthandler.md)|The configuration for what to invoke for the onAuthenticationMethodLoadStart event. Must have at least one identity provider linked.|

+|onAttributeCollection|[onAttributeCollectionHandler](../resources/onattributecollectionhandler.md)|The configuration for what to invoke for the onAttributeCollection event.|

+|onUserCreateStart|[onUserCreateStartHandler](../resources/onusercreatestarthandler.md)|The configuration for what to invoke for the onUserCreateStart event.|

+## Response

+If successful, this method returns a `204 No Content` response code. If unsuccessful, a `4xx` error will be returned with specific details.

+## Examples

+### Example 1: Update the display name and priority of an authenticationEventsFlow

+#### Request

+The following is an example of a request that updates the display name of a specific external identities user flow ( an authentication event type), as well as the priority for all the listeners associated with the policy.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "authenticationeventsflow_update_beta_e1"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/identity/authenticationEventsFlows/0313cc37-d421-421d-857b-87804d61e33e

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "displayName": "New user flow description",

+ "priority": 200

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+### Example 2: Update the onAttributeCollection event of a self-service sign up user flow

+Add city (built-in attribute) as an attribute to be collected during the attribute collection step of a self-service sign up user flow. You must specify in the **inputs** object all attributes that you want to retain, otherwise they are removed from the user flow.

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_authenticationeventsflow_onattributecollection_beta_e2"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/identity/authenticationEventsFlows/0313cc37-d421-421d-857b-87804d61e33e

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "city",

+ "label": "City",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "label": "Favorite color",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^.*",

+ "options": []

+ }

+ ]

+ }

+ ]

+ }

+ }

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+### Example 3: Remove an attribute collected during a self-service sign up user flow

+Remove city as an attribute to be collected during the attribute collection step of a self-service sign up user flow. By excluding the city attribute from the request body, the attribute will be removed from the user flow.

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_authenticationeventsflow_onattributecollection_beta_e3"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/identity/authenticationEventsFlows/0313cc37-d421-421d-857b-87804d61e33e

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "label": "Favorite color",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^.*",

+ "options": []

+ }

+ ]

+ }

+ ]

+ }

+ }

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ "reportSuspiciousActivitySettings": {

+ "@odata.type": "#microsoft.graph.reportSuspiciousActivitySettings",

+ "state": "enabled",

+ "includeTarget": {

+ "targetType": "group",

+ "id": "all_users",

+ },

+ "voiceReportingCode": 0,

+ },

+

+|reportSuspiciousActivitySettings|[reportSuspiciousActivitySettings](../resources/reportsuspiciousactivitysettings.md)|Enable users to report voice or phone app multi-factor authentication notifications as suspicious.|

+ },

+ "reportSuspiciousActivitySettings": {

+ "state": "enabled",

+ "includeTarget": {

+ "targetType": "group",

+ "id": "all_users"

+ },

+ "voiceReportingCode": 0

+ },

+ "reportSuspiciousActivitySettings": {

+ "state": "enabled",

+ "includeTarget": {

+ "targetType": "group",

+ "id": "all_users"

+ },

+ "voiceReportingCode": 0

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+```

+|allowUserConsentForRiskyApps|Boolean| Indicates whether [user consent for risky apps](/azure/active-directory/manage-apps/configure-risk-based-step-up-consent) is allowed. Default value is `false`. We recommend that you keep the value set to `false`.|

+|allowedToSignUpEmailBasedSubscriptions|Boolean| Indicates whether users can sign up for email-based subscriptions. |

+|allowedToUseSSPR|Boolean| Indicates whether users can use the Self-Serve Password Reset feature on the tenant. |

+|blockMsolPowerShell|Boolean| To disable the use of MSOL PowerShell, set this property to `true`. This also disables user-based access to the legacy service endpoint used by MSOL PowerShell. This does not affect Azure Active Directory Connect or Microsoft Graph. |

+|enabledPreviewFeatures|String collection| List of features enabled for private preview on the tenant. |

+If successful, this method returns a `200 OK` response code and a [b2cIdentityUserFlow](../resources/b2cidentityuserflow.md) object in the response body.

+If successful, this method returns a `200 OK` response code and a collection of [identityProvider](../resources/identityprovider.md) objects in the response body.

+If successful, this method returns a `200 OK` response code and a collection of [identityProviderBase](../resources/identityproviderbase.md) objects in the response body.

+DELETE /identity/b2xUserFlows/{userflow-id}/userflowIdentityProviders/{id}/$ref

+If successful, this method returns a `200 OK` response code and a [b2xIdentityUserFlow](../resources/b2xidentityuserflow.md) object in the response body.

+If successful, this method returns a `200 OK` response code and a collection of [identityProvider](../resources/identityprovider.md) objects in the response body.

+If successful, this method returns a `200 OK` response code and a collection of [identityProviderBase](../resources/identityproviderbase.md) objects in the response body.

+ "isTest": false,

+ "name": "machineName_2",

+ "cpuName": "Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz",

+ "cpuCoresCount": 2,

+ "cpuProcessorSpeedInMhz": 2594,

+ "name": "machineName_4",

+ "cpuName": "Intel(R) Xeon(R) CPU E5-2673 v4 @ 2.30GHz",

+ "cpuCoresCount": 8,

+ "cpuProcessorSpeedInMhz": 2295,

+ "name": "machineName_4",

+ "cpuName": "Intel(R) Xeon(R) CPU E5-2673 v4 @ 2.30GHz",

+ "cpuCoresCount": 8,

+ "cpuProcessorSpeedInMhz": 2295,

+ "name": "machineName_4",

+ "cpuName": "Intel(R) Xeon(R) CPU E5-2673 v4 @ 2.30GHz",

+ "cpuCoresCount": 8,

+ "cpuProcessorSpeedInMhz": 2295,

+ "maxAudioNetworkJitter": "PT0.046S",

+ "rmsFreezeDuration": null,

+ "averageFreezeDuration": null,

+ "isAudioForwardErrorCorrectionUsed": false

+ "maxAudioNetworkJitter": "PT0.474S",

+ "rmsFreezeDuration": null,

+ "averageFreezeDuration": null,

+ "isAudioForwardErrorCorrectionUsed": null

+ "isTest": false,

+ "name": "machineName_1",

+ "cpuName": "AMD EPYC 7452 32-Core Processor",

+ "cpuCoresCount": 8,

+ "cpuProcessorSpeedInMhz": 2346,

+ "name": "machineName_2",

+ "cpuName": "Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz",

+ "cpuCoresCount": 2,

+ "cpuProcessorSpeedInMhz": 2594,

+ "isTest": false,

+ "name": "machineName_1",

+ "cpuName": "AMD EPYC 7452 32-Core Processor",

+ "cpuCoresCount": 8,

+ "cpuProcessorSpeedInMhz": 2346,

+ "name": "machineName_2",

+ "cpuName": "Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz",

+ "cpuCoresCount": 2,

+ "cpuProcessorSpeedInMhz": 2594,

+ "name": "machineName_1",

+ "cpuName": "AMD EPYC 7452 32-Core Processor",

+ "cpuCoresCount": 8,

+ "cpuProcessorSpeedInMhz": 2346,

+ "name": "machineName_2",

+ "cpuName": "Intel(R) Xeon(R) Platinum 8272CL CPU @ 2.60GHz",

+ "cpuCoresCount": 2,

+ "maxAudioNetworkJitter": "PT0.046S",

+ "rmsFreezeDuration": null,

+ "averageFreezeDuration": null,

+ "isAudioForwardErrorCorrectionUsed": true

+ "maxAudioNetworkJitter": "PT0.474S",

+ "rmsFreezeDuration": null,

+ "averageFreezeDuration": null,

+ "isAudioForwardErrorCorrectionUsed": false

+  "name": "get_callTranscript_metadatacontent",

+ "sampleKeys": ["ba321e0d-79ee-478d-8e28-85a19507f456", "MSo1N2Y5ZGFjYy03MWJmLTQ3NDMtYjQxMy01M2EdFGkdRWHJlQ", "MSMjMCMjNzU3ODc2ZDYtOTcwMi00MDhkLWFkNDItOTE2ZDNmZjkwZGY4"]

+ "sampleKeys": ["19%5bd86ec7f6b247d3b9e519b0bfef5d03%40thread.v2", "MTk6NWJkODZlYzdmNmIyNDdkM2I5ZTUxOWIwYmZlZjVkMDNAdGhyZWFkLnYyIyMyYjUyNGUyOC05NWNlLTRjOWItOTc3My00YTViZDZlYzE3NzA="]

+The following is an example of the request.

+The following is an example of the response.

+### Example 2: Add a single member to a Microsoft Teams chat, sharing no chat history

+The following is an example of the request.

+ "name": "create_conversation_member_with_no_visibleHistoryStartDateTime_2",

+The following is an example of the response.

+ "name": "create_conversation_member_with_no_visibleHistoryStartDateTime_2"

+### Example 3: Add a single member to a Microsoft Teams chat, sharing the whole history of the chat

+The following is an example of the request.

+ "name": "create_conversation_member_with_all_visibleHistoryStartDateTime_3",

+The following is an example of the response.

+ "name": "create_conversation_member_with_all_visibleHistoryStartDateTime_3"

+The following is an example of the request.

+ "name": "create_conversation_member_upn_5",

+The following is an example of the response.

+ "name": "create_conversation_member_upn_5"

+}

+-->

+```http

+HTTP/1.1 201 Created

+Location: /chats/19:cf66807577b149cca1b7af0c32eec122@thread.v2/members/MCMjMjQzMmI1N2ItMGFiZC00M2RiLWFhN2ItMTZlYWRkMTE1ZDM0IyMxOTpiZDlkYTQ2MzIzYWY0MjUzOTZkMGZhNjcyMDAyODk4NEB0aHJlYWQudjIjIzQ4YmY5ZDUyLWRjYTctNGE1Zi04Mzk4LTM3Yjk1Y2M3YmQ4Mw==

+```

+### Example 5: Add an in-tenant guest user to a chat, sharing no chat history

+#### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_conversation_member_with_no_visibleHistoryStartDateTime_5",

+ "sampleKeys": ["19:cf66807577b149cca1b7af0c32eec122@thread.v2"]

+} -->

+```msgraph-interactive

+POST https://graph.microsoft.com/beta/chats/19:cf66807577b149cca1b7af0c32eec122@thread.v2/members

+Content-type: application/json

+{

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "user@odata.bind": "https://graph.microsoft.com/beta/users/8ba98gf6-7fc2-4eb2-c7f2-aef9f21fd98g",

+ "roles": ["guest"]

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+<!--

+{

+ "blockType": "response",

+ "truncated": true,

+ "name": "create_conversation_member_with_no_visibleHistoryStartDateTime_5"

+}

+-->

+```http

+HTTP/1.1 201 Created

+Location: /chats/19:cf66807577b149cca1b7af0c32eec122@thread.v2/members/MCMjMjQzMmI1N2ItMGFiZC00M2RiLWFhN2ItMTZlYWRkMTE1ZDM0IyMxOTpiZDlkYTQ2MzIzYWY0MjUzOTZkMGZhNjcyMDAyODk4NEB0aHJlYWQudjIjIzQ4YmY5ZDUyLWRjYTctNGE1Zi04Mzk4LTM3Yjk1Y2M3YmQ4Mw==

+```

+### Example 6: Add a out-of-tenant external user to a chat, sharing no chat history

+#### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_conversation_member_with_no_visibleHistoryStartDateTime_6",

+ "sampleKeys": ["19:cf66807577b149cca1b7af0c32eec122@thread.v2"]

+} -->

+```msgraph-interactive

+POST https://graph.microsoft.com/beta/chats/19:cf66807577b149cca1b7af0c32eec122@thread.v2/members

+Content-type: application/json

+{

+ "@odata.type": "#microsoft.graph.aadUserConversationMember",

+ "user@odata.bind": "https://graph.microsoft.com/beta/users/82af01c5-f7cc-4a2e-a728-3a5df21afd9d",

+ "roles": ["owner"],

+ "tenantId": "4dc1fe35-8ac6-4f0d-904a-7ebcd364bea1"

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+<!--

+{

+ "blockType": "response",

+ "truncated": true,

+ "name": "create_conversation_member_with_no_visibleHistoryStartDateTime_6"

+|members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every user who will participate in the chat, including the user who initiates the create request, must be specified in this list. Each member must be assigned a role of `owner` or `guest`. In-tenant guest users must be assigned the `guest` role. Out-of-tenant external users must be assigned with `owner` role.|

+### Example 5: Create a group chat with in-tenant guest user

+POST /chats/{chatId}/messages/{chatMessageId}/setReaction

+POST /chats/{chatId}/messages/{chatMessageId}/unsetReaction

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+If a web client needs to connect to a shift work Cloud PC, the **sharedCloudPcAccessState** validates the bookmark scenario. If **sharedCloudPcAccessState** is not active/activating/standbyMode, the web client shows a "bad bookmark".

+| Delegated (work or school account) | CloudPC.Read.All, CloudPC.ReadWrite.All |

+| Application | CloudPC.Read.All, CloudPC.ReadWrite.All |

+|Delegated (work or school account)|CloudPC.Read.All, CloudPC.ReadWrite.All|

+|Application|CloudPC.Read.All, CloudPC.ReadWrite.All|

+ "name": "get_cloudpcexportjob",

+ "sampleKeys": ["TotalAggregatedRemoteConnectionReports__d39979c9-a0a2-4916-a158-1b984742ffff"]

+# [PowerShell](#tab/powershell)

+|Delegated (work or school account)|CloudPC.ReadWrite.All|

+|Application|CloudPC.ReadWrite.All|

+ "domainJoinConfigurations": [

+ {

+ "onPremisesConnectionId": "16ee6c71-fc10-438b-88ac-daa1ccafffff",

+ "type": "hybridAzureADJoin"

+ },

+ {

+ "onPremisesConnectionId": "26e16c71-f210-438b-88ac-d481ccafffff",

+ "type": "hybridAzureADJoin"

+ }

+ ],

+ "domainJoinConfigurations": [

+ {

+ "onPremisesConnectionId": "16ee6c71-fc10-438b-88ac-daa1ccafffff",

+ "type": "hybridAzureADJoin"

+ },

+ {

+ "onPremisesConnectionId": "26e16c71-f210-438b-88ac-d481ccafffff",

+ "type": "hybridAzureADJoin"

+ }

+ ],

+ "domainJoinConfigurations": [

+ {

+ "onPremisesConnectionId": "16ee6c71-fc10-438b-88ac-daa1ccafffff",

+ "type": "hybridAzureADJoin"

+ },

+ {

+ "onPremisesConnectionId": "26e16c71-f210-438b-88ac-d481ccafffff",

+ "type": "hybridAzureADJoin"

+ }

+ ],

+|Delegated (work or school account)|CloudPC.Read.All, CloudPC.ReadWrite.All|

+|Application|CloudPC.Read.All, CloudPC.ReadWrite.All|

+PATCH /deviceManagement/virtualEndpoint/userSettings/{id}

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+| Parameter | Type |Description|

+| Property | Type |Description|

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+description: "Get a list of all partner configurations within a cross-tenant access policy."

+|Delegated (personal Microsoft account)|Not supported.|

+The following example shows how to list all partner configurations within a cross-tenant access policy.

+The following is an example of the request.

+The following is an example of the response.

+ "automaticUserConsentSettings": {

+ "b2bDirectConnectInbound": {

+ "usersAndGroups": {

+ "accessType": "allowed",

+ "targets": [

+ {

+ "target": "AllUsers",

+ "targetType": "user"

+ }

+ ]

+ },

+ "applications": {

+ "accessType": "allowed",

+ "targets": [

+ {

+ "target": "Office365",

+ "targetType": "application"

+ }

+ ]

+ }

+ },

+ "tenantRestrictions":

+ "accessType": "blocked",

+ "applications":

+ "accessType": "blocked",

+ "target": "AllApplications",

+The following example uses the `$expand` parameter to list the user synchronization policy for all partner configurations.

+The following is an example of the request.

+The following is an example of the response.

+ "value": [

+ "identitySynchronization": {

+ "userSyncInbound": {

+|Delegated (personal Microsoft account)|Not supported.|

+| automaticUserConsentSettings | [inboundOutboundPolicyConfiguration](../resources/inboundoutboundpolicyconfiguration.md) | Determines the partner-specific configuration for automatic user consent settings. Unless specifically configured, the **inboundAllowed** and **outboundAllowed** properties are `null` and inherit from the default settings, which is always `false`. |

+| isServiceProvider | Boolean | Identifies whether the partner-specific configuration is a cloud service provider for your organization. |

+ {

+ "usersAndGroups":

+ {

+ "accessType": "blocked",

+ "targets": [

+ {

+ "target": "AllUsers",

+ "targetType": "user"

+ }

+ ]

+ },

+ "applications":

+ {

+ "accessType": "blocked",

+ "targets": [

+ {

+ "target": "AllApplications",

+ "targetType": "application"

+ }

+ ]

+ }

+ },

+ "tenantRestrictions":

+| tenantRestrictions |[crossTenantAccessPolicyTenantRestrictions](../resources/crosstenantaccesspolicytenantrestrictions.md) | Defines the default tenant restrictions configuration for your organization users accessing an external organization on your network or devices. |

+|Delegated (personal Microsoft account)|Not supported.|

+The following is an example of the request. If a configuration includes a [user synchronization policy](../resources/crosstenantidentitysyncpolicypartner.md), you must first [delete the user synchronization policy](./crosstenantidentitysyncpolicypartner-delete.md) before you can delete the partner-specific configuration.

+The following is an example of the response.

+ },

+ "tenantRestrictions":

+ {

+ "usersAndGroups":

+ {

+ "accessType": "blocked",

+ "targets": [

+ {

+ "target": "AllUsers",

+ "targetType": "user"

+ }

+ ]

+ },

+ "applications":

+ {

+ "accessType": "blocked",

+ "targets": [

+ {

+ "target": "AllApplications",

+ "targetType": "application"

+ }

+ ]

+ }

+|Delegated (personal Microsoft account)|Not supported.|

+* Security Administrator

+You can specify the following properties when you create a **crossTenantIdentitySyncPolicyPartner**.

+|displayName|String|Display name for the cross-tenant user synchronization policy. Use the name of the partner Azure Active Directory tenant to easily identify the policy. Optional.|

+ "userSyncInbound": {

+The following is an example of the response.

+The following is an example of a request.

+ "inboundTrust": {

+ "isHybridAzureADJoinedDeviceAccepted": true

+The following is an example of the response.

+### Example 2: Configure automaticUserConsent settings

+The following example configures the partner-specific policy by consenting for B2B collaboration on behalf of your users and accepting admin consent for the users of the partner.

+The following is an example of a request.

+ "automaticUserConsentSettings": {

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+### Example 3: Configure tenant restrictions settings

+#### Request

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_crosstenantaccesspolicyconfigurationpartner_tenantrestriction"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/partners/90e29127-71ad-49c7-9ce8-db3f41ea06f1

+Content-Type: application/json

+{

+"tenantRestrictions": {

+ "usersAndGroups": {

+ "accessType": "allowed",

+ "targets": [

+ {

+ "target": "AllUsers",

+ "targetType": "user"

+ }

+ ]

+ },

+ "applications": {

+ "accessType": "allowed",

+ "targets": [

+ {

+ "target": "Office365",

+ "targetType": "application"

+ }

+ ]

+ }

+ }

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+|Delegated (personal Microsoft account)|Not supported.|

+* Security Administrator

+The following is an example of the response.

+description: "Get the user synchronization policy of a partner-specific configuration."

+Get the user synchronization policy of a partner-specific configuration.

+|Delegated (personal Microsoft account)|Not supported.|

+* Security Administrator

+## Optional query parameters

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+The following is an example of the response.

+ "userSyncInbound": {

+|Delegated (personal Microsoft account)|Not supported.|

+* Security Administrator

+|displayName|String|Display name for the cross-tenant user synchronization policy. Generally, this should be the tenant name of the partner Azure Active Directory organization. Optional.|

+|userSyncInbound|[crossTenantUserSyncInbound](../resources/crosstenantusersyncinbound.md)|Determines whether users can be synchronized from the partner tenant. `false` causes any current user synchronization from the source tenant to the target tenant to stop. This property has no impact on existing users who have already been synchronized.|

+ "userSyncInbound": {

+The following is an example of the response.

+ Title: "Delete customAppScope"

+description: "Delete a customAppScope object of an RBAC provider."

+ms.localizationpriority: medium

+# Delete customAppScope

+Namespace: microsoft.graph

+Delete a [customAppScope](../resources/customappscope.md) object of an RBAC provider.

+Currently only the Exchange Online RBAC provider is supported.

+## Permissions

+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, see [Permissions](/graph/permissions-reference).

+<!--### For an Exchange Online provider-->

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Not supported. |

+## HTTP request

+For an Exchange Online provider:

+<!-- { "blockType": "ignored" } -->

+```http

+DELETE /roleManagement/exchange/customAppScopes/{id}

+```

+## Request headers

+| Name | Description |

+|:- |:-- |

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+## Example

+<!--### Example 1: Delete a customAppScope object in an Exchange Online provider-->

+### Request

+The following example shows how to delete a **customAppScope** object in an Exchange Online provider.

+<!-- {

+ "blockType": "request",

+ "name": "delete_customAppScope_ExchangeOnlineProvider",

+ "sampleKeys": ["d101e64d-4684-4970-ba7b-735b6b27628f"]

+}

+-->

+```http

+DELETE https://graph.microsoft.com/beta/roleManagement/exchange/customAppScopes/d101e64d-4684-4970-ba7b-735b6b27628f

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+```http

+HTTP/1.1 204 No Content

+```

+ Title: "Get customAppScope"

+description: "Get the properties of a customAppScope object for an RBAC provider."

+ms.localizationpriority: medium

+# Get customAppScope

+Namespace: microsoft.graph

+Get the properties of a [customAppScope](../resources/customappscope.md) object for an RBAC provider.

+Currently only the Exchange Online RBAC provider is supported.

+## Permissions

+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).

+<!--### For an Exchange Online provider-->

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Not supported. |

+## HTTP request

+For an Exchange Online provider:

+<!-- { "blockType": "ignored" } -->

+```http

+GET /roleManagement/exchange/customAppScopes/{id}

+```

+## Optional query parameters

+This method does not support [OData query parameters](/graph/query-parameters) to customize the response.

+## Request headers

+| Name |Description|

+|:-|:-|

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and the requested [customAppScope](../resources/customappscope.md) object in the response body.

+## Examples

+<!-- ### Example 1 : Get details of a custom app scope object for Exchange Online Provider -->

+### Request

+The following example shows how to get details of a **customAppScope** object for an Exchange Online provider.

+<!-- {

+ "blockType": "request",

+ "name": "get_customAppScope_ExchangeOnlineProvider",

+ "sampleKeys": ["a6a7ef59-ff39-46b1-ae6b-2d9c4d6380cd"]

+}

+-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/roleManagement/exchange/customAppScopes/a6a7ef59-ff39-46b1-ae6b-2d9c4d6380cd

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.customAppScope"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/exchange/customAppScopes/$entity",

+ "id": "a6a7ef59-ff39-46b1-ae6b-2d9c4d6380cd",

+ "type": "RecipientScope",

+ "displayName": "test1",

+ "customAttributes": {

+ "Exclusive": false,

+ "RecipientFilter": "City -eq 'Seattle'"

+ }

+}

+```

+ Title: "Update customAppScope"

+description: "Update an existing customAppScope object of an RBAC provider."

+ms.localizationpriority: medium

+# Update customAppScope

+Namespace: microsoft.graph

+Update an existing [customAppScope](../resources/customappscope.md) object of an RBAC provider.

+Currently only the Exchange Online RBAC provider is supported.

+## Permissions

+Depending on the RBAC provider and the permission type (delegated or application) that is needed, choose from the following table the least privileged permission required to call this API. To learn more, including [taking caution](/graph/auth/auth-concepts#best-practices-for-requesting-permissions) before choosing more privileged permissions, search for the following permissions in [Permissions](/graph/permissions-reference).

+<!--### For an Exchange Online provider-->

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | RoleManagement.ReadWrite.Exchange |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Not supported. |

+## HTTP request

+For an Exchange Online provider:

+<!-- { "blockType": "ignored" } -->

+```http

+PATCH /roleManagement/exchange/customAppScopes/{id}

+```

+## Request headers

+| Name | Description |

+|:- |:-- |

+| Authorization | Bearer {token}. Required. |

+| Content-Type | application/json. Required. |

+## Request body

+In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+## Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+## Examples

+<!--### Example 1: Update an existing custom app scope object for Exchange Online Provider-->

+### Request

+The following example shows how to update an existing **customAppScope** of an Exchange Online provider.

+<!-- {

+ "blockType": "request",

+ "name": "update_customAppScope_ExchangeOnlineProvider",

+ "sampleKeys": ["d101e64d-4684-4970-ba7b-735b6b27628f"]

+}

+-->

+```http

+PATCH https://graph.microsoft.com/beta/roleManagement/exchange/customAppScopes/d101e64d-4684-4970-ba7b-735b6b27628f

+Content-type: application/json

+{

+ "customAttributes": {

+ "RecipientFilter": "City -eq 'Seattle'"

+ }

+}

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+```http

+HTTP/1.1 204 No Content

+```

+ Title: "Delete customAuthenticationExtension"

+description: "Delete a customAuthenticationExtension object."

+ms.localizationpriority: medium

+# Delete customAuthenticationExtension

+Namespace: microsoft.graph

+Delete a [customAuthenticationExtension](../resources/customauthenticationextension.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /identity/customAuthenticationExtensions/{customAuthenticationExtensionId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_customauthenticationextension"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/identity/customAuthenticationExtensions/5c82815a-ee61-4c9b-9f4b-914a708a0c68

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get customAuthenticationExtension"

+description: "Read the properties and relationships of a customAuthenticationExtension object."

+ms.localizationpriority: medium

+# Get customAuthenticationExtension

+Namespace: microsoft.graph

+Read the properties and relationships of a [customAuthenticationExtension](../resources/customauthenticationextension.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CustomAuthenticationExtension.Read.All, Application.Read.All, CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CustomAuthenticationExtension.Read.All, Application.Read.All, CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identity/customAuthenticationExtensions/{customAuthenticationExtensionId}

+```

+## Optional query parameters

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [customAuthenticationExtension](../resources/customauthenticationextension.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_customauthenticationextension"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/customAuthenticationExtensions/6fc5012e-7665-43d6-9708-4370863f4e6e

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.customAuthenticationExtension"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/customAuthenticationExtensions/$entity",

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartCustomExtension",

+ "id": "6fc5012e-7665-43d6-9708-4370863f4e6e",

+ "displayName": "onTokenIssuanceStartCustomExtension",

+ "description": "Fetch additional claims from custom user store",

+ "clientConfiguration": null,

+ "behaviorOnError": null,

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "api://authenticationeventsAPI.contoso.com/a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ },

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.httpRequestEndpoint",

+ "targetUrl": "https://authenticationeventsAPI.contoso.com"

+ },

+ "claimsForTokenConfiguration": [

+ {

+ "claimIdInApiResponse": "DateOfBirth"

+ },

+ {

+ "claimIdInApiResponse": "CustomRoles"

+ }

+ ]

+}

+```

+ Title: "Update customAuthenticationExtension"

+description: "Update the properties of a customAuthenticationExtension object."

+ms.localizationpriority: medium

+# Update customAuthenticationExtension

+Namespace: microsoft.graph

+Update the properties of a [customAuthenticationExtension](../resources/customauthenticationextension.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /identity/customAuthenticationExtensions/{customAuthenticationExtensionId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+You must specify the `@odata.type` property when updating a [customAuthenticationExtension](../resources/customauthenticationextension.md) object. For example, to update an [onTokenIssuanceStartCustomExtension](../resources/ontokenissuancestartcustomextension.md) object type, set the `@odata.type` property to `#microsoft.graph.onTokenIssuanceStartCustomExtension`.

+|Property|Type|Description|

+|:|:|:|

+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|The authentication configuration for this custom extension. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Optional.|

+|description|String|Description for the custom extension. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Optional.|

+|displayName|String|Display name for the custom extension. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Optional.|

+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|Configuration for the API endpoint that the custom extension will call. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Optional.|

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_customauthenticationextension"

+}

+-->

+``` http

+PATCH hhttps://graph.microsoft.com/beta/identity/customAuthenticationExtensions/6fc5012e-7665-43d6-9708-4370863f4e6e

+Content-Type: application/json

+Content-length: 468

+{

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartCustomExtension",

+ "displayName": "onTokenIssuanceStartCustomExtension",

+ "description": "Fetch additional claims from custom user store",

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.httpRequestEndpoint",

+ "targetUrl": "https://authenticationeventsAPI.contoso.com"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "api://authenticationeventsAPI.contoso.com/a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ },

+ "claimsForTokenConfiguration": [

+ {

+ "claimIdInApiResponse": "DateOfBirth"

+ },

+ {

+ "claimIdInApiResponse": "CustomRoles"

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "customAuthenticationExtension: validateAuthenticationConfiguration"

+description: "An API to check validity of the endpoint and authentication configuration for a customAuthenticationExtension."

+ms.localizationpriority: medium

+# customAuthenticationExtension: validateAuthenticationConfiguration

+Namespace: microsoft.graph

+An API to check validity of the endpoint and and authentication configuration for a customAuthenticationExtension.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+## HTTP request

+To validate the endpoint and authentication configuration for a customAuthenticationExtension by its ID.

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /identity/customAuthenticationExtensions/{customAuthenticationExtensionId}/validateAuthenticationConfiguration

+```

+To validate the endpoint and authentication configuration that's specified in the request body for a customAuthenticationExtension. The custom authentication extension object may not exist yet and you can use this endpoint to validate the configuration before creating the custom authentication extension.

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /identity/customAuthenticationExtensions/validateAuthenticationConfiguration

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+In the request body, supply JSON representation of the parameters.

+The following table shows the parameters that can be used with this action. Supply a endpointConfiguration and authenticationConfiguration if querying at the root level. Otherwise, for a specific custom extension, do not supply a request body for this method.

+|Parameter|Type|Description|

+|:|:|:|

+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The HTTP endpoint for the custom authentication extension to be validated.|

+|authenticationConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|The authentication configuration for the custom authenticaion extension to validate.|

+## Response

+If successful, this action returns a `200 OK` response code and a [authenticationConfigurationValidation](../resources/authenticationconfigurationvalidation.md) in the response body.

+## Examples

+### Example 1: Supply and validate a potential custom authentication extension configuration

+#### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "customauthenticationextensionthis.validateauthenticationconfiguration"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/customAuthenticationExtensions/validateAuthenticationConfiguration

+Content-Type: application/json

+{

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.httpRequestEndpoint",

+ "targetUrl": "https://australia.contoso.com/users"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "api://extensibilityapi.azurwebsites.net/f9c5dc6b-d72b-4226-8ccd-801f7a290428"

+ }

+}

+```

+#### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.authenticationConfigurationValidation"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.authenticationConfigurationValidation",

+ "errors": [

+ {

+ "code": "IncorrectResourceIdFormat",

+ "message": "ResourceId should be in the format of 'api://{fully qualified domain name}/{appid}'"

+ },

+ {

+ "code": "DomainNameDoesNotMatch",

+ "message": "The fully qualified domain name in resourceId should match that of the targetUrl"

+ },

+ {

+ "code": "ServicePrincipalNotFound",

+ "message": "The appId of the resourceId should correspond to a real service principal in the tenant"

+ }

+ ],

+ "warnings": [

+ {

+ "code": "PermissionNotGrantedToServicePrincipal",

+ "message": "The permission CustomAuthenticationExtensions.Receive.Payload is not granted to the service principal of the resource app"

+ },

+ ]

+}

+```

+### Example 2: Validate the configuration of a specific existing custom authentication extension

+#### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "customauthenticationextensionthis.validateauthenticationconfiguration_byId"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/identity/customAuthenticationExtensions/9f39f3bb-457c-4a2a-8099-0e480e7ea142/validateAuthenticationConfiguration

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.authenticationConfigurationValidation"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.authenticationConfigurationValidation",

+ "errors": [

+ {

+ "code": "IncorrectResourceIdFormat",

+ "message": "ResourceId should be in the format of 'api://{fully qualified domain name}/{appid}'"

+ },

+ {

+ "code": "DomainNameDoesNotMatch",

+ "message": "The fully qualified domain name in resourceId should match that of the targetUrl"

+ },

+ {

+ "code": "ServicePrincipalNotFound",

+ "message": "The appId of the resourceId should correspond to a real service principal in the tenant"

+ }

+ ],

+ "warnings": [

+ {

+ "code": "PermissionNotGrantedToServicePrincipal",

+ "message": "The permission CustomAuthenticationExtensions.Receive.Payload is not granted to the service principal of the resource app"

+ },

+ ]

+}

+```

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+### Request

+### Response

+The following is an example of the response.

+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+### Request

+### Response

+The following is an example of the response.

+The following table shows the properties that are required when you create an [allowedValue](../resources/allowedvalue.md).

+### Request

+### Response

+The following is an example of the response.

+|usePreDefinedValuesOnly|Boolean|Indicates whether only predefined values can be assigned to the custom security attribute. If set to `false`, free-form values are allowed. Can be changed from `true` to `false`, but cannot be changed from `false` to `true`. If **type** is set to `Boolean`, **usePreDefinedValuesOnly** cannot be set to `true`. Optional.|

+The following is an example of a request.

+The following is an example of the response.

+The following is an example of a request.

+The following is an example of the response.

+The following is an example of a request.

+The following is an example of the response.

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+ "sampleKeys": ["72a7ae7e-4887-4e34-9755-2e1e9b26b943-63f017cb-9e0d-4f14-94bd-4871902b3409", "da9d6cf90-083a-47dc-ace2-1da98be3f344"]

+ "sampleKeys": ["5e5594d3-6f82-458b-b567-77db4811f0cd-00000000-0000-0000-0000-000000001234", "da9d6cf90-083a-47dc-ace2-1da98be3f344"]

+|Delegated (work or school account)|DeviceLocalCredential.ReadBasic.All, DeviceLocalCredential.Read.All|

+|Application|DeviceLocalCredential.ReadBasic.All, DeviceLocalCredential.Read.All|

+To access the actual passwords on the device, done by including `$select=credentials` as part of the query parameters, the app must be assigned the *DeviceLocalCredential.Read.All* permission and *DeviceLocalCredential.ReadBasic.All* is insufficient.

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [HTTP](#tab/http)

+PUT https://graph.microsoft.com/beta/policies/deviceRegistrationPolicy

+ "localAdminPassword": {

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+ "localAdminPassword": {

+GET /directory/deleteditems/{object-id}

+The following is an example of a request.

+The following is an example of the response.

+The following is an example of a request.

+The following is an example of the response.

+The following example gets attribute sets ordered by ID.

+The following is an example of a request.

+The following is an example of the response.

+The **allowedValues** navigation property is not returned or expanded by default and must be specified in an `$expand` query. For example, `/directory/customSecurityAttributeDefinitions?$expand=allowedValues`.

+The following is an example of a request.

+The following is an example of the response.

+The following is an example of a request.

+The following is an example of the response.

+The following is an example of a request.

+The following is an example of the response.

+The following table shows the properties that you can configure when you create an [attributeSet](../resources/attributeset.md).

+### Request

+The following is an example of the response.

+The following table shows the properties that you can configure when you create a [customSecurityAttributeDefinition](../resources/customsecurityattributedefinition.md).

+|isCollection|Boolean|Indicates whether multiple values can be assigned to the custom security attribute. Cannot be changed later. If **type** is set to `Boolean`, **isCollection** cannot be set to `true`. Required.|

+|isSearchable|Boolean|Indicates whether custom security attribute values are indexed for searching on objects that are assigned attribute values. Cannot be changed later. Required.|

+|type|String|Data type for the custom security attribute values. Supported types are: `Boolean`, `Integer`, and `String`. Cannot be changed later. Required.|

+|usePreDefinedValuesOnly|Boolean|Indicates whether only predefined values can be assigned to the custom security attribute. If set to `false`, free-form values are allowed. Can later be changed from `true` to `false`, but cannot be changed from `false` to `true`. If **type** is set to `Boolean`, **usePreDefinedValuesOnly** cannot be set to `true`. Required.|

+The **id** property is auto generated and cannot be set.

+The following is an example of a request.

+The following is an example of the response.

+The following is an example of a request.

+The following is an example of the response.

+The following is an example of a request.

+The following is an example of the response.

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+description: "Delete a directory object, for example, a group, user, application, or service principal."

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+The following is an example of the response.

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+description: "Get a list of driveItem objects that have been shared with the owner of a drive."

+ Title: "drive: sharedWithMe"

+# drive: sharedWithMe

+Get a list of [driveItem](../resources/driveitem.md) objects that have been shared with the owner of a [drive](../resources/drive.md).

+The **driveItems** returned from the **sharedWithMe** method always include the [**remoteItem**](../resources/remoteitem.md) facet that indicates they are items from a different drive.

+| Permission type | Permissions (from least to most privileged) |

+|:|:-|

+| Delegated (work or school account) | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All |

+| Delegated (personal Microsoft account) | Files.Read.All, Files.ReadWrite.All |

+| Application | Files.Read.All, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All |

+> **Note:**

+>

+> * A `/sharedWithMe` request succeeds with `Files.Read` or `Files.ReadWrite` permissions; however, some properties might be missing.

+> * You can't access shared items returned from this API if the request doesn't contain one of the `*.All` permissions.

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+## Request headers

+| Name | Description |

+|:--|:--|

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+If successful, this method returns a `200 OK` response code and a collection of [driveItem](../resources/driveitem.md) objects in the response body.

+By default, this method returns items shared within your own tenant. To include items shared from external tenants, append `?allowexternal=true` to a GET request.

+### Example 1: Get driveItems shared with me

+The following example gets a collection of [driveItem](../resources/driveitem.md) resources that are shared with the owner of the drive.

+#### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_driveItems_shared_with_me"

+}

+-->

+GET https://graph.microsoft.com/beta/me/drive/sharedWithMe

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response that returns items shared with the signed-in user, because the drive is the user's default drive.

+<!-- {

+ "blockType": "response",

+ "@odata.type": "Collection(microsoft.graph.driveItem)",

+ "truncated": true

+}

+-->

+ },

+ {

+ "id": "1312ghi",

+ "remoteItem": {

+ "id": "987def!654",

+ "name": "January Service Review.pptx",

+ "file": { },

+ "size": 145362,

+ "parentReference": {

+ "driveId": "987def",

+ "id": "987def!321"

+ }

+ }

+### Example 2: Get metadata about a shared driveItem object

+The following example shows how to access metadata about the shared **driveItem** with the name `January Service Review.pptx` that requires a request using the **driveId** of the **parentReference** within the **remoteItem** object.

+#### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "drives-get-remoteitem-metadata",

+ "sampleKeys": ["987def", "987def!654"]

+}

+-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/drives/987def/items/987def!654

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "@odata.type": "microsoft.graph.driveItem",

+ "truncated": true

+}

+-->

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "id": "987def!654",

+ "name": "January Service Review.pptx",

+ "file": { },

+ "size": 145362,

+ "parentReference": {

+ "driveId": "987def",

+ "id": "987def!321"

+ }

+}

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+POST /compliance/ediscovery/cases/{id}/custodians/{id}/unifiedGroupSources

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+DELETE /compliance/ediscovery/cases/{id}/custodians/{id}/unifiedGroupSources/{id}

+ Title: "educationAssignment: activate"

+description: "Activate an inactive assignment to signal that the assignment has action items for teachers and students."

+ms.localizationpriority: medium

+# educationAssignment: activate

+Namespace: microsoft.graph

+Activate an `inactive` [educationAssignment](../resources/educationassignment.md) to signal that the assignment has further action items for teachers and students. This action can only be performed by a teacher on currently inactive assignments.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+| :- | :-- |

+| Delegated (work or school account) | EduAssignments.ReadWriteBasic, EduAssignments.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /education/classes/{classId}/assignments/{assignmentId}/activate

+```

+## Request headers

+| Header | Value |

+| : | : |

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [educationAssignment](../resources/educationassignment.md) object with `assigned` status in the response body.

+## Example

+### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["ffac078e-1b63-42d0-bc2a-d280896e289a","2b8090d7-8de9-4fb4-af5d-2e2f68ae098a"],

+ "name": "post_activateAssignment"

+}-->

+```http

+POST https://graph.microsoft.com/beta/education/classes/ffac078e-1b63-42d0-bc2a-d280896e289a/assignments/2b8090d7-8de9-4fb4-af5d-2e2f68ae098a/activate

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.educationAssignment"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#educationAssignment",

+ "@odata.type": "#microsoft.graph.educationAssignment",

+ "classId": "ffac078e-1b63-42d0-bc2a-d280896e289a",

+ "displayName": "Check-inactive",

+ "closeDateTime": null,

+ "dueDateTime": "2023-03-26T18:29:00Z",

+ "assignDateTime": null,

+ "assignedDateTime": "2023-03-17T19:41:56.3040589Z",

+ "allowLateSubmissions": true,

+ "resourcesFolderUrl": null,

+ "feedbackResourcesFolderUrl": null,

+ "createdDateTime": "2023-03-17T19:40:33.7277546Z",

+ "lastModifiedDateTime": "2023-03-17T20:06:26.4016594Z",

+ "allowStudentsToAddResourcesToSubmission": true,

+ "status": "assigned",

+ "notificationChannelUrl": null,

+ "webUrl": "https://teams.microsoft.com/l/entity/66aeee93-507d-479a-a3ef-8f494af43945/classroom?context=%7B%22subEntityId%22%3A%22%7B%5C%22version%5C%22%3A%5C%221.0%5C%22,%5C%22config%5C%22%3A%7B%5C%22classes%5C%22%3A%5B%7B%5C%22id%5C%22%3A%5C%22ffac078e-1b63-42d0-bc2a-d280896e289a%5C%22,%5C%22assignmentIds%5C%22%3A%5B%5C%222b8090d7-8de9-4fb4-af5d-2e2f68ae098a%5C%22%5D%7D%5D%7D,%5C%22action%5C%22%3A%5C%22navigate%5C%22,%5C%22view%5C%22%3A%5C%22assignment-viewer%5C%22,%5C%22appId%5C%22%3A%5C%22de8bc8b5-d9f9-48b1-a8ad-b748da725064%5C%22%7D%22,%22channelId%22%3Anull%7D",

+ "addToCalendarAction": "none",

+ "addedStudentAction": "none",

+ "id": "2b8090d7-8de9-4fb4-af5d-2e2f68ae098a",

+ "grading": null,

+ "instructions": {

+ "content": "Check-inactive",

+ "contentType": "html"

+ },

+ "assignTo": {

+ "@odata.type": "#microsoft.graph.educationAssignmentClassRecipient"

+ },

+ "createdBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",

+ "displayName": null

+ }

+ },

+ "lastModifiedBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "AAAAAAAA-0123-4567-89AB-1B4BB48C3119",

+ "displayName": null

+ }

+ }

+}

+```

+ Title: "educationAssignment: deactivate"

+description: "Mark an assigned assignment as inactive to signal that the assignment has no further action items for teachers and students."

+ms.localizationpriority: medium

+# Deactivate educationAssignment

+Namespace: microsoft.graph

+Mark an `assigned` [educationAssignment](../resources/educationassignment.md) as `inactive` to signal that the assignment has no further action items for teachers and students. This action can only be performed by a teacher on assigned assignments.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+| :- | :-- |

+| Delegated (work or school account) | EduAssignments.ReadWriteBasic, EduAssignments.ReadWrite |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /education/classes/{classId}/assignments/{assignmentId}/deactivate

+```

+## Request headers

+| Header | Value |

+| : | : |

+| Authorization | Bearer {token}. Required. |

+| Prefer | include-unknown-enum-members. Optional. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [educationAssignment](../resources/educationassignment.md) object with `inactive` status in the response body.

+## Examples

+`Inactive` is a new status for assignments, you can add the `Prefer` header in your request to get the status, otherwise you will get an `unknownFutureValue` value in the response.

+### Example 1: Mark assignment inactive without optional Prefer header

+#### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["ffac078e-1b63-42d0-bc2a-d280896e289a","2b8090d7-8de9-4fb4-af5d-2e2f68ae098a"],

+ "name": "post_deactivateAssignment_withoutheader"

+}-->

+```http

+POST https://graph.microsoft.com/beta/education/classes/ffac078e-1b63-42d0-bc2a-d280896e289a/assignments/2b8090d7-8de9-4fb4-af5d-2e2f68ae098a/deactivate

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response when `Prefer: include-unknown-enum-members` is not provided in the request header.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.educationAssignment"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#educationAssignment",

+ "@odata.type": "#microsoft.graph.educationAssignment",

+ "classId": "ffac078e-1b63-42d0-bc2a-d280896e289a",

+ "displayName": "Check-inactive",

+ "closeDateTime": null,

+ "dueDateTime": "2023-03-26T18:29:00Z",

+ "assignDateTime": null,

+ "assignedDateTime": "2023-03-17T19:41:56.3040589Z",

+ "allowLateSubmissions": true,

+ "resourcesFolderUrl": null,

+ "feedbackResourcesFolderUrl": null,

+ "createdDateTime": "2023-03-17T19:40:33.7277546Z",

+ "lastModifiedDateTime": "2023-03-17T20:46:10.9647739Z",

+ "allowStudentsToAddResourcesToSubmission": true,

+ "status": "unknownFutureValue",

+ "notificationChannelUrl": null,

+ "webUrl": "https://teams.microsoft.com/l/entity/66aeee93-507d-479a-a3ef-8f494af43945/classroom?context=%7B%22subEntityId%22%3A%22%7B%5C%22version%5C%22%3A%5C%221.0%5C%22,%5C%22config%5C%22%3A%7B%5C%22classes%5C%22%3A%5B%7B%5C%22id%5C%22%3A%5C%22ffac078e-1b63-42d0-bc2a-d280896e289a%5C%22,%5C%22assignmentIds%5C%22%3A%5B%5C%222b8090d7-8de9-4fb4-af5d-2e2f68ae098a%5C%22%5D%7D%5D%7D,%5C%22action%5C%22%3A%5C%22navigate%5C%22,%5C%22view%5C%22%3A%5C%22assignment-viewer%5C%22,%5C%22appId%5C%22%3A%5C%22de8bc8b5-d9f9-48b1-a8ad-b748da725064%5C%22%7D%22,%22channelId%22%3Anull%7D",

+ "addToCalendarAction": "none",

+ "addedStudentAction": "none",

+ "id": "2b8090d7-8de9-4fb4-af5d-2e2f68ae098a",

+ "grading": null,

+ "instructions": {

+ "content": "Check-inactive",

+ "contentType": "html"

+ },

+ "assignTo": {

+ "@odata.type": "#microsoft.graph.educationAssignmentClassRecipient"

+ },

+ "createdBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",

+ "displayName": null

+ }

+ },

+ "lastModifiedBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",

+ "displayName": null

+ }

+ }

+}

+```

+### Example 2: Mark assignment inactive with optional Prefer header

+#### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["ffac078e-1b63-42d0-bc2a-d280896e289a","2b8090d7-8de9-4fb4-af5d-2e2f68ae098a"],

+ "name": "post_deactivateAssignment_withheader"

+}-->

+```http

+POST https://graph.microsoft.com/beta/education/classes/ffac078e-1b63-42d0-bc2a-d280896e289a/assignments/2b8090d7-8de9-4fb4-af5d-2e2f68ae098a/deactivate

+Prefer: include-unknown-enum-members

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response when the `Prefer: include-unknown-enum-members` is provided in the request header.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.educationAssignment"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#educationAssignment",

+ "@odata.type": "#microsoft.graph.educationAssignment",

+ "classId": "ffac078e-1b63-42d0-bc2a-d280896e289a",

+ "displayName": "Check-inactive",

+ "closeDateTime": null,

+ "dueDateTime": "2023-03-26T18:29:00Z",

+ "assignDateTime": null,

+ "assignedDateTime": "2023-03-17T19:41:56.3040589Z",

+ "allowLateSubmissions": true,

+ "resourcesFolderUrl": null,

+ "feedbackResourcesFolderUrl": null,

+ "createdDateTime": "2023-03-17T19:40:33.7277546Z",

+ "lastModifiedDateTime": "2023-03-17T20:33:38.8043517Z",

+ "allowStudentsToAddResourcesToSubmission": true,

+ "status": "inactive",

+ "notificationChannelUrl": null,

+ "webUrl": "https://teams.microsoft.com/l/entity/66aeee93-507d-479a-a3ef-8f494af43945/classroom?context=%7B%22subEntityId%22%3A%22%7B%5C%22version%5C%22%3A%5C%221.0%5C%22,%5C%22config%5C%22%3A%7B%5C%22classes%5C%22%3A%5B%7B%5C%22id%5C%22%3A%5C%22ffac078e-1b63-42d0-bc2a-d280896e289a%5C%22,%5C%22assignmentIds%5C%22%3A%5B%5C%222b8090d7-8de9-4fb4-af5d-2e2f68ae098a%5C%22%5D%7D%5D%7D,%5C%22action%5C%22%3A%5C%22navigate%5C%22,%5C%22view%5C%22%3A%5C%22assignment-viewer%5C%22,%5C%22appId%5C%22%3A%5C%22de8bc8b5-d9f9-48b1-a8ad-b748da725064%5C%22%7D%22,%22channelId%22%3Anull%7D",

+ "addToCalendarAction": "none",

+ "addedStudentAction": "none",

+ "id": "2b8090d7-8de9-4fb4-af5d-2e2f68ae098a",

+ "grading": null,

+ "instructions": {

+ "content": "Check-inactive",

+ "contentType": "html"

+ },

+ "assignTo": {

+ "@odata.type": "#microsoft.graph.educationAssignmentClassRecipient"

+ },

+ "createdBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",

+ "displayName": null

+ }

+ },

+ "lastModifiedBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",

+ "displayName": null

+ }

+ }

+}

+```

+ Title: "Remove gradingCategory"

+description: "Remove gradingCategory from the assignment."

+ms.localizationpriority: medium

+# Remove gradingCategory

+Namespace: microsoft.graph

+Remove a [gradingCategory](../resources/educationgradingcategory.md) from an [educationAssignment](../resources/educationassignment.md). Only teachers can perform this operation.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | EduAssignments.ReadWriteBasic, EduAssignments.ReadWrite |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Not supported. |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+DELETE /education/classes/{classId}/assignments/{assignmentId}/gradingCategory/$ref

+```

+## Request headers

+| Header | Value |

+|:|:--|

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204` successful response code.

+## Example

+### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["37d99af7-cfc5-4e3b-8566-f7d40e4a2070", "8bfb6d7f-8634-4f3b-9b6a-b6b6ff663f01"],

+ "name": "delete_gradingCategories"

+}-->

+```http

+DELETE https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignments/0bcb37af-3676-47ef-ae93-8de22ce5ff1d/gradingCategory/$ref

+```

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+You can use the `Prefer` header in your request to get the `inactive` status in case the assignment is deactivated; otherwise, you will get an `unknownFutureValue` value in the response.

+| Content-Type | application/json. Required. |

+| Prefer | include-unknown-enum-members. Optional. |

+### Example 1: Get education assignment

+#### Request

+### Example 2: Get assignment in inactive state with optional Prefer header

+#### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["ffac078e-1b63-42d0-bc2a-d280896e289a","2b8090d7-8de9-4fb4-af5d-2e2f68ae098a"],

+ "name": "get_inactiveAssignment_withheader"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/education/classes/ffac078e-1b63-42d0-bc2a-d280896e289a/assignments/2b8090d7-8de9-4fb4-af5d-2e2f68ae098a

+Prefer: include-unknown-enum-members

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response with status as inactive, when `Prefer: include-unknown-enum-members` is provided in the request header.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.educationAssignment"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#education/classes('ffac078e-1b63-42d0-bc2a-d280896e289a')/assignments/$entity",

+ "classId": "ffac078e-1b63-42d0-bc2a-d280896e289a",

+ "displayName": "Check-inactive",

+ "closeDateTime": null,

+ "dueDateTime": "2023-03-26T18:29:00Z",

+ "assignDateTime": null,

+ "assignedDateTime": "2023-03-17T19:41:56.3040589Z",

+ "allowLateSubmissions": true,

+ "resourcesFolderUrl": null,

+ "feedbackResourcesFolderUrl": null,

+ "createdDateTime": "2023-03-17T19:40:33.7277546Z",

+ "lastModifiedDateTime": "2023-03-17T21:03:07.4999252Z",

+ "allowStudentsToAddResourcesToSubmission": true,

+ "status": "inactive",

+ "notificationChannelUrl": null,

+ "webUrl": "https://teams.microsoft.com/l/entity/66aeee93-507d-479a-a3ef-8f494af43945/classroom?context=%7B%22subEntityId%22%3A%22%7B%5C%22version%5C%22%3A%5C%221.0%5C%22,%5C%22config%5C%22%3A%7B%5C%22classes%5C%22%3A%5B%7B%5C%22id%5C%22%3A%5C%22ffac078e-1b63-42d0-bc2a-d280896e289a%5C%22,%5C%22assignmentIds%5C%22%3A%5B%5C%222b8090d7-8de9-4fb4-af5d-2e2f68ae098a%5C%22%5D%7D%5D%7D,%5C%22action%5C%22%3A%5C%22navigate%5C%22,%5C%22view%5C%22%3A%5C%22assignment-viewer%5C%22,%5C%22appId%5C%22%3A%5C%22de8bc8b5-d9f9-48b1-a8ad-b748da725064%5C%22%7D%22,%22channelId%22%3Anull%7D",

+ "addToCalendarAction": "none",

+ "addedStudentAction": "none",

+ "id": "2b8090d7-8de9-4fb4-af5d-2e2f68ae098a",

+ "grading": null,

+ "instructions": {

+ "content": "Check-inactive",

+ "contentType": "html"

+ },

+ "assignTo": {

+ "@odata.type": "#microsoft.graph.educationAssignmentClassRecipient"

+ },

+ "createdBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",

+ "displayName": null

+ }

+ },

+ "lastModifiedBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",

+ "displayName": null

+ }

+ }

+}

+```

+## Example 3: Get assignment in inactive state without optional Prefer header

+#### Request

+The following is an example of the request, where the status is `unknownFutureValue`. `Prefer: include-unknown-enum-members` is not provided in the request header.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["ffac078e-1b63-42d0-bc2a-d280896e289a","2b8090d7-8de9-4fb4-af5d-2e2f68ae098a"],

+ "name": "getinactiveAssignment"

+}-->

+```msgraph-interactive

+GET https://graph.microsoft.com/beta/education/classes/ffac078e-1b63-42d0-bc2a-d280896e289a/assignments/2b8090d7-8de9-4fb4-af5d-2e2f68ae098a

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response when `Prefer: include-unknown-enum-members` is not provided in the request header.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.educationAssignment"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#education/classes('ffac078e-1b63-42d0-bc2a-d280896e289a')/assignments/$entity",

+ "classId": "ffac078e-1b63-42d0-bc2a-d280896e289a",

+ "displayName": "Check-inactive",

+ "closeDateTime": null,

+ "dueDateTime": "2023-03-26T18:29:00Z",

+ "assignDateTime": null,

+ "assignedDateTime": "2023-03-17T19:41:56.3040589Z",

+ "allowLateSubmissions": true,

+ "resourcesFolderUrl": null,

+ "feedbackResourcesFolderUrl": null,

+ "createdDateTime": "2023-03-17T19:40:33.7277546Z",

+ "lastModifiedDateTime": "2023-03-17T21:03:07.4999252Z",

+ "allowStudentsToAddResourcesToSubmission": true,

+ "status": "unknownFutureValue",

+ "notificationChannelUrl": null,

+ "webUrl": "https://teams.microsoft.com/l/entity/66aeee93-507d-479a-a3ef-8f494af43945/classroom?context=%7B%22subEntityId%22%3A%22%7B%5C%22version%5C%22%3A%5C%221.0%5C%22,%5C%22config%5C%22%3A%7B%5C%22classes%5C%22%3A%5B%7B%5C%22id%5C%22%3A%5C%22ffac078e-1b63-42d0-bc2a-d280896e289a%5C%22,%5C%22assignmentIds%5C%22%3A%5B%5C%222b8090d7-8de9-4fb4-af5d-2e2f68ae098a%5C%22%5D%7D%5D%7D,%5C%22action%5C%22%3A%5C%22navigate%5C%22,%5C%22view%5C%22%3A%5C%22assignment-viewer%5C%22,%5C%22appId%5C%22%3A%5C%22de8bc8b5-d9f9-48b1-a8ad-b748da725064%5C%22%7D%22,%22channelId%22%3Anull%7D",

+ "addToCalendarAction": "none",

+ "addedStudentAction": "none",

+ "id": "2b8090d7-8de9-4fb4-af5d-2e2f68ae098a",

+ "grading": null,

+ "instructions": {

+ "content": "Check-inactive",

+ "contentType": "html"

+ },

+ "assignTo": {

+ "@odata.type": "#microsoft.graph.educationAssignmentClassRecipient"

+ },

+ "createdBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",

+ "displayName": null

+ }

+ },

+ "lastModifiedBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",

+ "displayName": null

+ }

+ }

+}

+```

+ Title: "List educationGradingCategories"

+description: "Get a list of the educationGradingCategory objects and their properties."

+ms.localizationpriority: medium

+# List educationGradingCategories

+Namespace: microsoft.graph

+Get a list of the [educationGradingCategory](../resources/educationgradingcategory.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EduAssignments.ReadWriteBasic, EduAssignments.ReadWrite|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /education/classes/{educationClassId}/assignmentSettings/gradingCategories

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [educationGradingCategory](../resources/educationgradingcategory.md) objects in the response body.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_educationgradingcategory"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignmentSettings/gradingCategories

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.educationGradingCategory"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#education/classes('37d99af7-cfc5-4e3b-8566-f7d40e4a2070')/assignmentSettings/$entity",

+ "submissionAnimationDisabled": false,

+ "gradingCategories@odata.context": "https://graph.microsoft.com/beta/$metadata#education/classes('37d99af7-cfc5-4e3b-8566-f7d40e4a2070')/assignmentSettings/gradingCategories",

+ "gradingCategories": [

+ {

+ "id": "7625dccd-35e0-4014-a831-06f1b768ec6d",

+ "displayName": "Lab Theory",

+ "percentageWeight": 15

+ },

+ {

+ "id": "92e6b56a-c85c-4928-a18f-62b7b3bd4319",

+ "displayName": "Lab Practice",

+ "percentageWeight": 30

+ },

+ {

+ "id": "4a19d24d-779c-4ee2-93c3-7b7cf815ed94",

+ "displayName": "Attendance",

+ "percentageWeight": 30

+ },

+ {

+ "id": "948f5c3f-12af-47ec-b2a9-6ea225811f0d",

+ "displayName": "Assesstment",

+ "percentageWeight": 25

+ }

+ ]

+}

+```

+ Title: "Add gradingCategory"

+description: "Add a gradingCategory to an assignment."

+ms.localizationpriority: medium

+# Add gradingCategory

+Namespace: microsoft.graph

+Adds a [gradingCategory](../resources/educationgradingcategory.md) to an [educationAssignment](../resources/educationassignment.md). Only teachers can perform this operation.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | EduAssignments.ReadWriteBasic, EduAssignments.ReadWrite |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Not supported. |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+PUT /education/classes/{classId}/assignments/{assignmentId}/gradingCategory/$ref

+```

+## Request headers

+| Header | Value |

+|:|:--|

+| Authorization | Bearer {token}. Required. |

+| Content-Type | application/json |

+## Request body

+In the request body, supply the odata.id of the existing [gradingCategory](../resources/educationgradingcategory.md) object to add to this assignment.

+## Response

+If successful, this method returns a `204` successful response code with no content in the response body.

+## Example

+### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["37d99af7-cfc5-4e3b-8566-f7d40e4a2070","452184ea-a358-4a07-92b4-dce44601a612"],

+ "name": "create_educationcategory_from_educationclass"

+}-->

+```http

+PUT https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignments/452184ea-a358-4a07-92b4-dce44601a612/gradingCategory/$ref

+Content-type: application/json

+{

+ "@odata.id": "https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignmentSettings/gradingCategories/fb4a4009-3cc4-4dea-9991-e0a0763659e3"

+}

+```

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+<!-- uuid: 8fcb5dbd-d5aa-4681-8e31-b001d5168d79

+2023-04-19 14:57:30 UTC -->

+<!--

+{

+ "type": "#page.annotation",

+ "description": "Add a gradingCategory to an assignment",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": "",

+ "suppressions": [

+ ]

+}

+-->

+### Example 1: Update submissionAnimationDisabled

+#### Request

+### Example 2: Create grading categories

+#### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["37d99af7-cfc5-4e3b-8566-f7d40e4a2070"],

+ "name": "update_gradingCategories"

+}-->

+```http

+PATCH https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignmentSettings

+Content-type: application/json

+{

+ "gradingCategories": [

+ {

+ "displayName": "Lab",

+ "percentageWeight": 10

+ },

+ {

+ "displayName": "Homework",

+ "percentageWeight": 80

+ },

+ {

+ "displayName": "Test",

+ "percentageWeight": 10

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.educationGradingCategory",

+ "isCollection": false

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/education/classes('37d99af7-cfc5-4e3b-8566-f7d40e4a2070')/assignmentSettings/$entity",

+ "submissionAnimationDisabled": false,

+ "gradingCategories@odata.context": "https://graph.microsoft.com/beta/$metadata#education/classes('37d99af7-cfc5-4e3b-8566-f7d40e4a2070')/assignmentSettings/gradingCategories",

+ "gradingCategories": [

+ {

+ "id": "8bfb6d7f-8634-4f3b-9b6a-b6b6ff663f01",

+ "displayName": "Lab",

+ "percentageWeight": 10

+ },

+ {

+ "id": "6fd19981-588f-495c-91a8-712a645c95b7",

+ "displayName": "Homework",

+ "percentageWeight": 80

+ },

+ {

+ "id": "54f637a5-2cef-4e48-a88e-028854ca8089",

+ "displayName": "Test",

+ "percentageWeight": 10

+ }

+ ]

+}

+```

+### Example 3: Delta payload to delete, modify and add grading categories.

+#### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["37d99af7-cfc5-4e3b-8566-f7d40e4a2070"],

+ "name": "update_gradingCategories_delta"

+}-->

+```http

+PATCH https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignmentSettings

+Content-type: application/json

+{

+ "gradingCategories@delta": [

+ {

+ // Change this grading category's name

+ "id": "fb859cd3-943b-4cd6-9bbe-fe1c39eace0e",

+ "displayName": "Lab Test"

+ },

+ {

+ // Delete this grading category

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#gradingCategories/$deletedEntity",

+ "id": "e2a86277-24f9-4f29-8196-8c83fc69d00d",

+ "reason": "deleted"

+ },

+ {

+ // Add a new grading category

+ "displayName": "Lab Practice",

+ "percentageWeight": 30

+ },

+ {

+ "displayName": "Lab Theory",

+ "percentageWeight": 10

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+#### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.educationGradingCategory"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#education/classes('37d99af7-cfc5-4e3b-8566-f7d40e4a2070')/assignmentSettings/$entity",

+ "submissionAnimationDisabled": false,

+ "gradingCategories@odata.context": "https://graph.microsoft.com/beta/$metadata#education/classes('37d99af7-cfc5-4e3b-8566-f7d40e4a2070')/assignmentSettings/gradingCategories",

+ "gradingCategories": [

+ {

+ "id": "fb4a4009-3cc4-4dea-9991-e0a0763659e3",

+ "displayName": "Homework",

+ "percentageWeight": 30

+ },

+ {

+ "id": "fb859cd3-943b-4cd6-9bbe-fe1c39eace0e",

+ "displayName": "Lab Test",

+ "percentageWeight": 30

+ },

+ {

+ "id": "d47d7a3f-44a1-47e1-8aec-68b028f64b2e",

+ "displayName": "Lab Practice",

+ "percentageWeight": 30

+ },

+ {

+ "id": "021db844-0f03-4483-929d-1c1dbfd4fcb4",

+ "displayName": "Lab Theory",

+ "percentageWeight": 10

+ }

+ ]

+}

+```

+<!-- uuid: 37d99af7-cfc5-4e3b-8566-f7d40e4a2070

+2023-04-18 14:57:30 UTC -->

+<!--

+{

+ "type": "#page.annotation",

+ "description": "Update educationAssignmentSettings",

+ "keywords": "",

+ "section": "documentation",

+ "tocPath": "",

+ "suppressions": []

+}

+-->

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+ "name": "create_educationcategory_from_class_beta_e1"

+ Title: "Update gradingCategory"

+description: "Update a single gradingCategory."

+ms.localizationpriority: medium

+# Update gradingCategory

+Namespace: microsoft.graph

+Update a single [gradingCategory](../resources/educationgradingcategory.md) on the [educationAssignmentSettings](../resources/educationassignmentsettings.md). Only teachers can perform this operation.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | EduAssignments.ReadWriteBasic, EduAssignments.ReadWrite |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Not supported. |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+PATCH /education/classes/{classId}/assignmentSettings/gradingCategories/{gradingCategoryId}

+```

+## Request headers

+| Header | Value |

+|:|:--|

+| Authorization | Bearer {token}. Required. |

+## Request body

+In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+| Property | Type | Description |

+|:-|:|:|

+|displayName|String|The new name for a grading category.|

+## Response

+If successful, this method returns a `200 OK` response code and an updated [gradingCategory](../resources/educationgradingcategory.md) object in the response body.

+## Example

+### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "sampleKeys": ["37d99af7-cfc5-4e3b-8566-f7d40e4a2070", "8bfb6d7f-8634-4f3b-9b6a-b6b6ff663f01"],

+ "name": "update_gradingCategoties"

+}-->

+```http

+PATCH https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070//assignmentSettings/gradingCategories/8bfb6d7f-8634-4f3b-9b6a-b6b6ff663f01

+Content-type: application/json

+{

+ "displayName": "Quiz-1"

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.educationGradingCategory"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/education/classes('37d99af7-cfc5-4e3b-8566-f7d40e4a2070')/assignmentSettings/gradingCategories/$entity",

+ "id": "8bfb6d7f-8634-4f3b-9b6a-b6b6ff663f01",

+ "displayName": "Quiz-1",

+ "percentageWeight": 10

+}

+```

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+description: "Retrieve a submitted resource."

+Resources are available to a teacher or an application with application permissions after a student submits it, and are available to the student after the teacher returns the submission. Note that teachers can leave notes in some resources.

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+|Delegated (work or school account)|LearningProvider.Read, LearningProvider.ReadWrite|

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+|:|:--|

+| Delegated (work or school account) | Not supported. |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | LearningAssignedCourse.ReadWrite.All, LearningSelfInitiatedCourse.ReadWrite.All |

+In the request body, use @odata.type to specify the type of [learningCourseActivity](../resources/learningcourseactivity.md) resource that you're creating ([learningAssignment](../resources/learningassignment.md) or [learningSelfInitiated](../resources/learningselfinitiatedcourse.md)), and include the properties of that type, as listed in the following table.

+|assignmentType|assignmentType|The assignment type for the course activity. Possible values are: `required`, `recommended`, `unknownFutureValue`. Required.|

+|completedDateTime|DateTimeOffset|The date and time when the assignment was completed. Optional. |

+|completionPercentage|Int32|The percentage of the course completed by the user. Optional. If a value is provided, it must be between `0` and `100` (inclusive).|

+|id|String|The generated ID for a request that can be used to make further interactions to the course activity APIs.|

+|startedDateTime|DateTimeOffset|The date and time when the self-initiated course was started by the learner. Optional.|

+|status|courseStatus|The status of the course activity. Possible values are: `notStarted`, `inProgress`, `completed`. Required.|

+#### Request

+# [HTTP](#tab/http)

+ "completionPercentage": 20,

+ "learnerUserId": "7ba2228a-e020-11ec-9d64-0242ac120002",

+ "notes": {

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#learningProviders('13727311-e7bb-470d-8b20-6a23d9030d70')/learningCourseActivities('7ba2228a-e020-11ec-9d64-0242ac120002')$entity",

+ "completionPercentage": 20,

+ "learnerUserId": "7ba2228a-e020-11ec-9d64-0242ac120002",

+ "notes": {

+#### Request

+# [HTTP](#tab/http)

+ "completionPercentage": 20,

+ "learnerUserId": "7ba2228a-e020-11ec-9d64-0242ac120002",

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#learningProviders('13727311-e7bb-470d-8b20-6a23d9030d70')/learningCourseActivities('be2f4d76-e020-11ec-9d64-0242ac120002')$entity",

+ "completedDateTime": null,

+ "learningContentId": "57baf9dc-e020-11ec-9d64-0242ac120002",

+ "status": "inProgress"

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+DELETE /applications/{application ObjectId}/extensionProperties/{extensionPropertyId}

+DELETE /applications(appId='{appId}')/extensionProperties/{extensionPropertyId}

+GET /applications(appId='{appId}')/extensionProperties/{extensionPropertyId}

+Append additional instances of [externalActivity](../resources/externalconnectors-externalactivity.md) objects on an [externalItem](../resources/externalconnectors-externalitem.md).

+## Permissions

+| Permission type | Permissions (from least to most privileged) |

+|:|:--|

+| Delegated (work or school account) | Not supported. |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | ExternalItem.ReadWrite.OwnedBy, ExternalItem.ReadWrite.All |

+In the request body, supply a JSON representation of the parameters.

+|activities|[microsoft.graph.externalConnectors.externalActivity](../resources/externalconnectors-externalactivity.md) collection|Collection of activities that involve an **externalItem**.|

+If successful, this action returns a `200 OK` response code and a collection of [microsoft.graph.externalConnectors.externalActivityResult](../resources/externalconnectors-externalactivityresult.md) objects in the response body.

+A `207 Multi-Status` response code indicates that only some of the added **externalActivity** instances were successfully processed. The caller should inspect the response payload, looking at the error field for each **externalActivityResult** to determine why the **externalActivity** instance was not processed and what action can be taken. A `null` **error** property indicates a successful **externalActivityResult**.

+ "name": "externalitemthis.addactivities",

+ "sampleKeys": ["contosohr", "TSP228082938"]

+POST https://graph.microsoft.com/beta/connections/contosohr/items/TSP228082938/addActivities

+ "type": "created",

+ "startDateTime": "2021-04-06T18:04:31.033Z",

+ "performedBy": {

+ "type": "user",

+ "id": "1f0c997e-99f7-43f1-8cca-086f8d42be8d"

+ }

+ "type": "created",

+ "startDateTime": "2021-04-06T18:04:31.033Z",

+ "error": null

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+ "serviceProvisioningErrors": [],

+# [PowerShell](#tab/powershell)

+ "serviceProvisioningErrors": [

+ ],

+ "serviceProvisioningErrors": [

+ ],

+ Title: "group: retryServiceProvisioning"

+description: "Retry the group service provisioning."

+ms.localizationpriority: medium

+# group: retryServiceProvisioning

+Namespace: microsoft.graph

+Retry the [group](../resources/group.md) service provisioning.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+| :- | :- |

+| Delegated (work or school account) | Group.ReadWrite.All, Directory.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Group.ReadWrite.All, Directory.ReadWrite.All |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /groups/{id}/retryServiceProvisioning

+```

+## Request headers

+| Name | Description |

+| : | :-- |

+| Authorization | Bearer {token}. Required. |

+| Content-Type | application/json. Required. |

+## Request body

+This operation has no request content.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Example

+### Request

+The following is an example of the request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "group_retryserviceprovisioning"

+}-->

+```http

+POST https://graph.microsoft.com/beta/groups/{id}/retryServiceProvisioning

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+ Title: "List authenticationEventListeners"

+description: "Get a list of the authenticationEventListener objects and their properties."

+ms.localizationpriority: medium

+# List authenticationEventListeners

+Namespace: microsoft.graph

+Get a list of the [authenticationEventListener](../resources/authenticationeventlistener.md) objects and their properties. The following derived types are supported:

+- [onTokenIssuanceStartListener](../resources/ontokenissuancestartlistener.md)

+- [onInteractiveAuthFlowStartListener](../resources/oninteractiveauthflowstartlistener.md)

+- [onAuthenticationMethodStartListener](../resources/onauthenticationmethodloadstartlistener.md)

+- [onAttributeCollectionListener](../resources/onattributecollectionlistener.md)

+- [onUserCreateStartListener](../resources/onusercreatestartlistener.md)

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.Read.All, EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.Read.All, EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identity/authenticationEventListeners

+```

+## Optional query parameters

+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [authenticationEventListener](../resources/authenticationeventlistener.md) objects in the response body. The **@odata.type** property in the response object indicates the type of the authenticationEventListener object.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_authenticationeventlistener"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/authenticationEventListeners

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.authenticationEventListener)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventListeners",

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartListener",

+ "id": "990d94e5-cc8f-4c4b-97b4-27e2678aac28",

+ "priority": 500,

+ "authenticationEventsFlowId": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventListeners('990d94e5-cc8f-4c4b-97b4-27e2678aac28')/microsoft.graph.onTokenIssuanceStartListener/conditions/applications/includeApplications",

+ "includeApplications": [

+ {

+ "appId": "a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ }

+ ]

+ }

+ },

+ "handler": {

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartCustomExtensionHandler",

+ "configuration": null,

+ "customExtension": {

+ "id": "6fc5012e-7665-43d6-9708-4370863f4e6e",

+ "displayName": "onTokenIssuanceStartCustomExtension",

+ "description": "Fetch additional claims from custom user store",

+ "clientConfiguration": null,

+ "behaviorOnError": null,

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "api://authenticationeventsAPI.contoso.net/a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ },

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.httpRequestEndpoint",

+ "targetUrl": "https://authenticationeventsAPI.contoso.net"

+ },

+ "claimsForTokenConfiguration": [

+ {

+ "claimIdInApiResponse": "DateOfBirth"

+ },

+ {

+ "claimIdInApiResponse": "CustomRoles"

+ }

+ ]

+ }

+ }

+ }

+ ]

+}

+```

+ Title: "List authenticationEventsFlows"

+description: "Get a list of the authenticationEventsFlow objects and their properties."

+ms.localizationpriority: medium

+# List authenticationEventsFlows

+Namespace: microsoft.graph

+Get a collection of authentication events policies that are derived from [authenticationEventsFlow](../resources/authenticationeventsflow.md). Only the [externalUsersSelfServiceSignupEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object type is returned.

+

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.Read.All, EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.Read.All, EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identity/authenticationEventsFlows

+```

+## Optional query parameters

+This method supports the `$filter`, `$expand`, `$orderby`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [authenticationEventsFlow](../resources/authenticationeventsflow.md) objects in the response body.

+## Examples

+### Example 1: List all user flows

+#### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_authenticationeventsflow"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/authenticationEventsFlows

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of a response that returns two user flows: "Test User Flow 1" and "Woodgrove Drive User Flow" with the following configurations:

+- "Test User Flow 1" is set up to allow email+password accounts, collect email address and country, and create a "Member" user type.

+- "Woodgrove Drive User Flow" is set up to allow email+password accounts or social (Google or Facebook) sign in, collect email address, display name, and favorite color, and create "Member" user type.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.authenticationEventsFlow)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "79a67c51-c86d-4a48-8313-1e14ac821e16",

+ "displayName": "TestUserFlow1",

+ "description": null,

+ "priority": 50,

+ "onAttributeCollectionStart": null,

+ "onAttributeCollectionSubmit": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows('79a67c51-c86d-4a48-8313-1e14ac821e16')/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/conditions/applications/includeApplications",

+ "includeApplications": []

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "@odata.type": "#microsoft.graph.builtInIdentityProvider",

+ "id": "EmailPassword-OAUTH",

+ "displayName": "Email with password",

+ "identityProviderType": "EmailPassword",

+ "state": null

+ }

+ ]

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "country",

+ "label": "Country/Region",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^.*",

+ "options": []

+ }

+ ]

+ }

+ ]

+ },

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "country",

+ "displayName": "Country/Region",

+ "description": "The country/region in which the user is located.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ }

+ ]

+ },

+ "onUserCreateStart": {

+ "@odata.type": "#microsoft.graph.onUserCreateStartExternalUsersSelfServiceSignUp",

+ "userTypeToCreate": "member"

+ }

+ },

+ {

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "0313cc37-d421-421d-857b-87804d61e33e",

+ "displayName": "Woodgrove Drive User Flow",

+ "description": "For onboarding consumers to the Woodgrove Drive application",

+ "priority": 50,

+ "onAttributeCollectionStart": null,

+ "onAttributeCollectionSubmit": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows('0313cc37-d421-421d-857b-87804d61e33e')/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/conditions/applications/includeApplications",

+ "includeApplications": []

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "@odata.type": "#microsoft.graph.builtInIdentityProvider",

+ "id": "EmailPassword-OAUTH",

+ "displayName": "Email with password",

+ "identityProviderType": "EmailPassword",

+ "state": null

+ },

+ {

+ "@odata.type": "#microsoft.graph.socialIdentityProvider",

+ "id": "Google-OAUTH",

+ "displayName": "Google",

+ "identityProviderType": "Google",

+ "clientId": "137004260525-q8j2cp9hqceqa6hpvaa346e04g92tn8m.apps.googleusercontent.com",

+ "clientSecret": "******"

+ },

+ {

+ "@odata.type": "#microsoft.graph.socialIdentityProvider",

+ "id": "Facebook-OAUTH",

+ "displayName": "Facebook",

+ "identityProviderType": "Facebook",

+ "clientId": "236028191057849",

+ "clientSecret": "******"

+ }

+ ]

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "label": "Favorite color",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^.*",

+ "options": []

+ }

+ ]

+ }

+ ]

+ },

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "displayName",

+ "displayName": "Display Name",

+ "description": "Display Name of the User.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "displayName": "Favorite color",

+ "description": "what is your favorite color",

+ "userFlowAttributeType": "custom",

+ "dataType": "string"

+ }

+ ]

+ },

+ "onUserCreateStart": {

+ "@odata.type": "#microsoft.graph.onUserCreateStartExternalUsersSelfServiceSignUp",

+ "userTypeToCreate": "member"

+ }

+ }

+ ]

+}

+```

+### Example 2: List all user flows that include Google as an identity provider

+#### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_authenticationeventsflow_selfservicesignup_identityproviders"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/authenticationEventsFlows?$filter=microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/onAuthenticationMethodLoadStart/microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp/identityProviders/any(idp:idp/id eq 'Google-OAUTH')

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of a response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.authenticationEventsFlow)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows",

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "0313cc37-d421-421d-857b-87804d61e33e",

+ "displayName": "Woodgrove Drive User Flow",

+ "description": "For onboarding consumers to the Woodgrove Drive application",

+ "priority": 50,

+ "onAttributeCollectionStart": null,

+ "onAttributeCollectionSubmit": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows('0313cc37-d421-421d-857b-87804d61e33e')/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/conditions/applications/includeApplications",

+ "includeApplications": []

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "@odata.type": "#microsoft.graph.builtInIdentityProvider",

+ "id": "EmailPassword-OAUTH",

+ "displayName": "Email with password",

+ "identityProviderType": "EmailPassword",

+ "state": null

+ },

+ {

+ "@odata.type": "#microsoft.graph.socialIdentityProvider",

+ "id": "Google-OAUTH",

+ "displayName": "Google",

+ "identityProviderType": "Google",

+ "clientId": "############-q8j2cp9hqceqa6hpvaa346e04g92tn8m.apps.googleusercontent.com",

+ "clientSecret": "******"

+ },

+ {

+ "@odata.type": "#microsoft.graph.socialIdentityProvider",

+ "id": "Facebook-OAUTH",

+ "displayName": "Facebook",

+ "identityProviderType": "Facebook",

+ "clientId": "###############",

+ "clientSecret": "******"

+ }

+ ]

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "label": "Favorite color",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^.*",

+ "options": []

+ }

+ ]

+ }

+ ]

+ },

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "displayName",

+ "displayName": "Display Name",

+ "description": "Display Name of the User.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "displayName": "Favorite color",

+ "description": "what is your favorite color",

+ "userFlowAttributeType": "custom",

+ "dataType": "string"

+ }

+ ]

+ },

+ "onUserCreateStart": {

+ "@odata.type": "#microsoft.graph.onUserCreateStartExternalUsersSelfServiceSignUp",

+ "userTypeToCreate": "member"

+ }

+ }

+ ]

+}

+```

+### Example 3: List all user flows that collect 'city' during attribute collection at account creation

+#### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_authenticationeventsflow_filter_selfservicesignup_attributes"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/authenticationEventsFlows?$filter=microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/onAttributeCollection/microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp/attributes/any(attribute:attribute/id eq 'city')

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of a response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.authenticationEventsFlow)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows",

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "0313cc37-d421-421d-857b-87804d61e33e",

+ "displayName": "TestUserFlow3",

+ "description": "my user flow description newestXXX",

+ "priority": 50,

+ "onAttributeCollectionStart": null,

+ "onAttributeCollectionSubmit": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows('0313cc37-d421-421d-857b-87804d61e33e')/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/conditions/applications/includeApplications",

+ "includeApplications": []

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "@odata.type": "#microsoft.graph.builtInIdentityProvider",

+ "id": "AADSignup-OAUTH",

+ "displayName": "Azure Active Directory Sign up",

+ "identityProviderType": "AADSignup",

+ "state": null

+ },

+ {

+ "@odata.type": "#microsoft.graph.builtInIdentityProvider",

+ "id": "EmailPassword-OAUTH",

+ "displayName": "Email with password",

+ "identityProviderType": "EmailPassword",

+ "state": null

+ },

+ {

+ "@odata.type": "#microsoft.graph.socialIdentityProvider",

+ "id": "Google-OAUTH",

+ "displayName": "Google",

+ "identityProviderType": "Google",

+ "clientId": "137004260525-q8j2cp9hqceqa6hpvaa346e04g92tn8m.apps.googleusercontent.com",

+ "clientSecret": "******"

+ },

+ {

+ "@odata.type": "#microsoft.graph.socialIdentityProvider",

+ "id": "Facebook-OAUTH",

+ "displayName": "Facebook",

+ "identityProviderType": "Facebook",

+ "clientId": "236028191057849",

+ "clientSecret": "******"

+ }

+ ]

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "city",

+ "label": "City",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ }

+ ]

+ }

+ ]

+ },

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "city",

+ "displayName": "City",

+ "description": "The city in which the user is located.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "displayName",

+ "displayName": "Display Name",

+ "description": "Display Name of the User.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ }

+ ]

+ },

+ "onUserCreateStart": {

+ "@odata.type": "#microsoft.graph.onUserCreateStartExternalUsersSelfServiceSignUp",

+ "userTypeToCreate": "member"

+ }

+ },

+ {

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "f5b9b311-cb87-445b-a655-e6e6a4d3e582",

+ "displayName": "TestUserFlow4",

+ "description": null,

+ "priority": 50,

+ "onAttributeCollectionStart": null,

+ "onAttributeCollectionSubmit": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows('f5b9b311-cb87-445b-a655-e6e6a4d3e582')/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/conditions/applications/includeApplications",

+ "includeApplications": []

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "@odata.type": "#microsoft.graph.builtInIdentityProvider",

+ "id": "EmailPassword-OAUTH",

+ "displayName": "Email with password",

+ "identityProviderType": "EmailPassword",

+ "state": null

+ }

+ ]

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "city",

+ "label": "City",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "country",

+ "label": "Country/Region",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ }

+ ]

+ }

+ ]

+ },

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "city",

+ "displayName": "City",

+ "description": "The city in which the user is located.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "country",

+ "displayName": "Country/Region",

+ "description": "The country/region in which the user is located.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "displayName",

+ "displayName": "Display Name",

+ "description": "Display Name of the User.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ }

+ ]

+ },

+ "onUserCreateStart": {

+ "@odata.type": "#microsoft.graph.onUserCreateStartExternalUsersSelfServiceSignUp",

+ "userTypeToCreate": "member"

+ }

+ }

+ ]

+}

+```

+### Example 4: List user flow associated with specific application ID

+#### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_authenticationeventsflow_filter_includeapplications"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/authenticationEventsFlows?$filter=microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/conditions/applications/includeApplications/any(appId:appId/appId eq '63856651-13d9-4784-9abf-20758d509e19')

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of a response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.authenticationEventsFlow)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows",

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "b5ca7ddb-f5e4-4dea-8ee5-282116ddc71d",

+ "displayName": "Test User Flow",

+ "description": null,

+ "priority": 500,

+ "onAttributeCollectionStart": null,

+ "onAttributeCollectionSubmit": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows('b5ca7ddb-f5e4-4dea-8ee5-282116ddc71d')/microsoft.graph.externalUsersSelfServiceSignUpEventsFlow/conditions/applications/includeApplications",

+ "includeApplications": [

+ {

+ "appId": "63856651-13d9-4784-9abf-20758d509e19"

+ }

+ ]

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "@odata.type": "#microsoft.graph.builtInIdentityProvider",

+ "id": "EmailPassword-OAUTH",

+ "displayName": "Email with password",

+ "identityProviderType": "EmailPassword",

+ "state": null

+ }

+ ]

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "extension_6ea3bc85aec24b1c92ff4a117afb6621_RewardsNumber",

+ "label": "Rewards number",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^.*",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^.*",

+ "options": []

+ }

+ ]

+ }

+ ]

+ },

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "extension_6ea3bc85aec24b1c92ff4a117afb6621_RewardsNumber",

+ "displayName": "RewardsNumber",

+ "description": null,

+ "userFlowAttributeType": "custom",

+ "dataType": "string"

+ },

+ {

+ "id": "displayName",

+ "displayName": "Display Name",

+ "description": "Display Name of the User.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ }

+ ]

+ },

+ "onUserCreateStart": {

+ "@odata.type": "#microsoft.graph.onUserCreateStartExternalUsersSelfServiceSignUp",

+ "userTypeToCreate": "member"

+ }

+ }

+ ]

+}

+```

+ Title: "List customAuthenticationExtensions"

+description: "Get a list of the customAuthenticationExtension objects and their properties."

+ms.localizationpriority: medium

+# List customAuthenticationExtensions

+Namespace: microsoft.graph

+Get a list of the [customAuthenticationExtension](../resources/customauthenticationextension.md) objects and their properties. Currently, only [onTokenIssuanceStartCustomExtension](../resources/ontokenissuancestartcustomextension.md) objects are returned.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CustomAuthenticationExtension.Read.All, Application.Read.All, CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CustomAuthenticationExtension.Read.All, Application.Read.All, CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /identity/customAuthenticationExtensions

+```

+## Optional query parameters

+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [customAuthenticationExtension](../resources/customauthenticationextension.md) objects in the response body. An **@odata.type** property is returned for each object to specify the type of customAuthenticationExtension.

+## Examples

+### Request

+The following is an example of a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_customauthenticationextension"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/identity/customAuthenticationExtensions

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.customAuthenticationExtension)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/customAuthenticationExtensions",

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartCustomExtension",

+ "id": "6fc5012e-7665-43d6-9708-4370863f4e6e",

+ "displayName": "onTokenIssuanceStartCustomExtension",

+ "description": "Fetch additional claims from custom user store",

+ "clientConfiguration": null,

+ "behaviorOnError": null,

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "api://authenticationeventsAPI.contoso.net/a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ },

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.httpRequestEndpoint",

+ "targetUrl": "https://authenticationeventsAPI.contoso.net"

+ },

+ "claimsForTokenConfiguration": [

+ {

+ "claimIdInApiResponse": "DateOfBirth"

+ },

+ {

+ "claimIdInApiResponse": "CustomRoles"

+ }

+ ]

+ }

+ ]

+}

+```

+ Title: "Create authenticationEventListener"

+description: "Create a new authenticationEventListener object."

+ms.localizationpriority: medium

+# Create authenticationEventListener

+Namespace: microsoft.graph

+Create a new [authenticationEventListener](../resources/authenticationeventlistener.md) object. You can create one of the following subtypes that are derived from **authenticationEventListener**.

+- [onTokenIssuanceStartListener resource type](../resources/ontokenissuancestartlistener.md)

+- [onInteractiveAuthFlowStartListener resource type](../resources/oninteractiveauthflowstartlistener.md)

+- [onAuthenticationMethodLoadStartListener resource type](../resources/onauthenticationmethodloadstartlistener.md)

+- [onAttributeCollectionListener resource type](../resources/onattributecollectionlistener.md)

+- [onUserCreateStartListener resource type](../resources/onusercreatestartlistener.md)

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /identity/authenticationEventListeners

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [authenticationEventListener](../resources/authenticationeventlistener.md) object.

+You can specify the following properties when creating an **authenticationEventListener**. You must specify the **@odata.type** property to specify the type of authenticationEventListener to create; for example, `@odata.type": "microsoft.graph.onTokenIssuanceStartListener"`.

+|Property|Type|Description|

+|:|:|:|

+|authenticationEventsFlowId|String|The identifier of the authentication events flow. Optional.|

+|conditions|[authenticationConditions](../resources/authenticationconditions.md)|The conditions on which this authenticationEventListener should trigger. Optional.|

+|handler|[onAttributeCollectionHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be set for the **onAttributeCollectionListener** listener type.|

+|handler|[onAuthenticationMethodLoadStartHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be set for the **onAuthenticationMethodLoadStartListener** listener type.|

+|handler|[onInteractiveAuthFlowStartHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be set for the **onInteractiveAuthFlowStartListener** listener type.|

+|handler|[onTokenIssuanceStartHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be set for the **onTokenIssuanceStartListener** listener type.|

+|handler|[onUserCreateStartHandler](../resources/ontokenissuancestarthandler.md)|The handler to invoke when conditions are met. Can be set for the **onUserCreateStartListener** listener type.|

+|priority|Int32| The priority of this handler. Between 0 (lower priority) and 1000 (higher priority). Required.|

+## Response

+If successful, this method returns a `201 Created` response code and an [authenticationEventListener](../resources/authenticationeventlistener.md) object in the response body. The **@odata.type** property specifies the type of the created object.

+## Examples

+### Request

+The following is an example of a request to create a onTokenIssuanceStartListener.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_authenticationeventlistener_from_"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/identity/authenticationEventListeners

+Content-Type: application/json

+Content-length: 312

+{

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartListener",

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications": [

+ {

+ "appId": "a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ }

+ ]

+ }

+ },

+ "priority": 500,

+ "handler": {

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartCustomExtensionHandler",

+ "customExtension": {

+ "id": "6fc5012e-7665-43d6-9708-4370863f4e6e"

+ }

+ }

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.authenticationEventListener"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventListeners/$entity",

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartListener",

+ "id": "990d94e5-cc8f-4c4b-97b4-27e2678aac28",

+ "priority": 500,

+ "authenticationEventsFlowId": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false,

+ "includeApplications": [

+ {

+ "appId": "a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ }

+ ]

+ }

+ },

+ "handler": {

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartCustomExtensionHandler",

+ "customExtension": {

+ "id": "6fc5012e-7665-43d6-9708-4370863f4e6e"

+ }

+ }

+}

+```

+ Title: "Create authenticationEventsFlow"

+description: "Create a new authenticationEventsFlow object."

+ms.localizationpriority: medium

+# Create authenticationEventsFlow

+Namespace: microsoft.graph

+Create a new [authenticationEventsFlow](../resources/authenticationeventsflow.md) object that is of the type specified in the request body. You can create only an [externalUsersSelfServiceSignupEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object type.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|EventListener.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|EventListener.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /identity/authenticationEventsFlows

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [authenticationEventsFlow](../resources/authenticationeventsflow.md) object.

+You can specify the following properties when creating an **authenticationEventsFlow**. You must include the **@odata.type** property with a value of the specific user flow type in the body. For example, `"@odata.type": "#microsoft.graph.externalUsersSelfServiceSignupEventsFlow"`.

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|Required. The display name for the events policy. Must be unique.|

+|description|String|Optional. The description of the events policy.|

+|conditions|[authenticationConditions](../resources/authenticationconditions.md)|Optional. The conditions representing the context of the authentication request which is used to decide whether the events policy is invoked.|

+|priority|Int32|Optional. The priority to use for each individual event of the events policy. If multiple competing listeners for an event have the same priority, one is chosen and an error is silently logged. Default is 500. |

+|onInteractiveAuthFlowStart|[onInteractiveAuthFlowStartHandler](../resources/oninteractiveauthflowstarthandler.md)|Required. The configuration for what to invoke when an authentication flow is ready to be initiated. |

+|onAuthenticationMethodLoadStart|[onAuthenticationMethodLoadStartHandler](../resources/onauthenticationmethodloadstarthandler.md)|Required. The configuration for what to invoke when authentication methods are ready to be presented to the user. Must have at least one identity provider linked.|

+|onAttributeCollection|[onAttributeCollectionHandler](../resources/onattributecollectionhandler.md)|The configuration for what to invoke when attributes are ready to be collected from the user.|

+|onUserCreateStart|[onUserCreateStartHandler](../resources/onusercreatestarthandler.md)|The configuration for what to invoke during user creation.|

+## Response

+If successful, this method returns a `201 Created` response code and a JSON representation of an [authenticationEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object in the response body. An **@odata.type** property with the value of the specific user flow type created is included in the response body. For example, `"@odata.type": "#microsoft.graph.externalUsersSelfServiceSignupEventsFlow"`.

+## Examples

+### Example 1: Create a basic External Identities sign-up and sign-in user flow on an Azure AD customer tenant

+#### Request

+The following is an example of a request. In this example, you create a user flow named "Woodgrove User Flow" with the following configuration.

+- Allow sign up and sign in.

+- Allow users to create a local email with password account.

+- Collect the **Display Name** built-in attribute from the user.

+- Defines how the attributes to be collected will be displayed to the user.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_authenticationeventsflow_selfservicesignup"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/identity/authenticationEventsFlows

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "displayName": "Woodgrove Drive User Flow",

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "id": "EmailPassword-OAUTH"

+ }

+ ]

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "displayName",

+ "displayName": "Display Name",

+ "description": "Display Name of the User.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ }

+ ],

+ "attributeCollectionPage": {

+ "views": [

+ {

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "Text",

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$"

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$"

+ }

+ ]

+ }

+ ]

+ }

+ }

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.authenticationEventsFlow"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows/$entity",

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "0313cc37-d421-421d-857b-87804d61e33e",

+ "displayName": "Woodgrove Drive User Flow",

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp"

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "accessPackages": [],

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ }

+ ]

+ }

+ ]

+ }

+ }

+}

+```

+### Example 2: Create a basic external identities sign-up and sign-in user flow with an attached application on an Azure AD customer tenant

+#### Request

+The following is an example of a request. In this example, you create a user flow named "Woodgrove User Flow" with the following configuration.

+- Allow sign up and sign in.

+- Allow users to create a local email with password account.

+- Collect the **Display Name** built-in attribute from the user.

+- Defines how the attributes to be collected will be displayed to the user.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_authenticationeventsflow_selfservicesignup_includeapplications"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/identity/authenticationEventsFlows

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "displayName": "Woodgrove Drive User Flow",

+ "conditions": {

+ "applications": {

+ "includeApplications": [

+ {

+ "appId": "63856651-13d9-4784-9abf-20758d509e19"

+ }

+ ]

+ }

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "id": "EmailPassword-OAUTH"

+ }

+ ]

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "displayName",

+ "displayName": "Display Name",

+ "description": "Display Name of the User.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ }

+ ],

+ "attributeCollectionPage": {

+ "views": [

+ {

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "Text",

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$"

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$"

+ }

+ ]

+ }

+ ]

+ }

+ }

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.authenticationEventsFlow"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows/$entity",

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "1d51b447-eb52-4ec8-ae4e-0a35ebc148ea",

+ "displayName": "Woodgrove Drive User Flow",

+ "description": null,

+ "priority": 500,

+ "onAttributeCollectionStart": null,

+ "onAttributeCollectionSubmit": null,

+ "onUserCreateStart": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp"

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "accessPackages": [],

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ }

+ ]

+ }

+ ]

+ }

+ }

+}

+```

+### Example 3: Create an External Identities sign-up and sign-in user flow with social providers and a custom attribute

+#### Request

+The following is an example of a request. In this example, you create a user flow named "Woodgrove Drive User Flow" with the following configuration

+- Allow sign up and sign in.

+- Allow users to create a local email with password account, or authenticate with Google or Facebook

+- Collect the **Display Name** built-in attribute and a **Favorite Color** custom attribute.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_authenticationeventsflow__selfservicesignup_socialproviders_customattribute"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/identity/authenticationEventsFlows

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "displayName": "Woodgrove User Flow 2",

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp",

+ "identityProviders": [

+ {

+ "id": "EmailPassword-OAUTH"

+ },

+ {

+ "id": "Google-OAUTH"

+ },

+ {

+ "id": "Facebook-OAUTH"

+ }

+ ]

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "attributes": [

+ {

+ "id": "email",

+ "displayName": "Email Address",

+ "description": "Email address of the user",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "displayName",

+ "displayName": "Display Name",

+ "description": "Display Name of the User.",

+ "userFlowAttributeType": "builtIn",

+ "dataType": "string"

+ },

+ {

+ "id": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "displayName": "Favorite color",

+ "description": "what is your favorite color",

+ "userFlowAttributeType": "custom",

+ "dataType": "string"

+ }

+ ],

+ "attributeCollectionPage": {

+ "views": [

+ {

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "Text",

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$"

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$"

+ },

+ {

+ "attribute": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "label": "Favorite color",

+ "inputType": "text",

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$"

+ }

+ ]

+ }

+ ]

+ }

+ }

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+#### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.authenticationEventsFlow"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/authenticationEventsFlows/$entity",

+ "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",

+ "id": "{authentictionEventsFlow-id}",

+ "displayName": "Woodgrove User Flow 2",

+ "description": null,

+ "priority": 500,

+ "onAttributeCollectionStart": null,

+ "onAttributeCollectionSubmit": null,

+ "onUserCreateStart": null,

+ "conditions": {

+ "applications": {

+ "includeAllApplications": false

+ }

+ },

+ "onInteractiveAuthFlowStart": {

+ "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",

+ "isSignUpAllowed": true

+ },

+ "onAuthenticationMethodLoadStart": {

+ "@odata.type": "#microsoft.graph.onAuthenticationMethodLoadStartExternalUsersSelfServiceSignUp"

+ },

+ "onAttributeCollection": {

+ "@odata.type": "#microsoft.graph.onAttributeCollectionExternalUsersSelfServiceSignUp",

+ "accessPackages": [],

+ "attributeCollectionPage": {

+ "customStringsFileId": null,

+ "views": [

+ {

+ "title": null,

+ "description": null,

+ "inputs": [

+ {

+ "attribute": "email",

+ "label": "Email Address",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": true,

+ "editable": false,

+ "writeToDirectory": true,

+ "required": true,

+ "validationRegEx": "^[a-zA-Z0-9.!#$%&amp;&#8217;'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:.[a-zA-Z0-9-]+)*$",

+ "options": []

+ },

+ {

+ "attribute": "displayName",

+ "label": "Display Name",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ },

+ {

+ "attribute": "extension_6ea3bc85aec24b1c92ff4a117afb6621_Favoritecolor",

+ "label": "Favorite color",

+ "inputType": "text",

+ "defaultValue": null,

+ "hidden": false,

+ "editable": true,

+ "writeToDirectory": true,

+ "required": false,

+ "validationRegEx": "^[a-zA-Z_][0-9a-zA-Z_ ]*[0-9a-zA-Z_]+$",

+ "options": []

+ }

+ ]

+ }

+ ]

+ }

+ }

+}

+```

+ Title: "Create customAuthenticationExtension"

+description: "Create a new customAuthenticationExtension object."

+ms.localizationpriority: medium

+# Create customAuthenticationExtension

+Namespace: microsoft.graph

+Create a new [customAuthenticationExtension](../resources/customauthenticationextension.md) object. Only the **onTokenIssuanceStartCustomExtension** object type is supported.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|CustomAuthenticationExtension.ReadWrite.All, Policy.ReadWrite.AuthenticationFlows, Application.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /identity/customAuthenticationExtensions

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [customAuthenticationExtension](../resources/customauthenticationextension.md) object.

+You can specify the following properties when creating a **customAuthenticationExtension**. You must specify the **@odata.type** property with a value of the customAuthenticationExtension object type that you want to create. For example, to create an **onTokenIssuanceStartCustomExtension** object, set **@odata.type** to `#microsoft.graph.onTokenIssuanceStartCustomExtension`.

+|Property|Type|Description|

+|:|:|:|

+|authenticationConfiguration|[customExtensionAuthenticationConfiguration](../resources/customextensionauthenticationconfiguration.md)|The authentication configuration for this custom extension. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Optional.|

+|clientConfiguration|[customExtensionClientConfiguration](../resources/customextensionclientconfiguration.md)|The connection settings for the custom extension. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Optional.|

+|description|String|Description for the custom extension. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Optional.|

+|displayName|String|Display name for the custom extension. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Optional.|

+|endpointConfiguration|[customExtensionEndpointConfiguration](../resources/customextensionendpointconfiguration.md)|Configuration for the API endpoint that the custom extension will call. Inherited from [customCalloutExtension](../resources/customcalloutextension.md). Optional.|

+## Response

+If successful, this method returns a `201 Created` response code and a [customAuthenticationExtension](../resources/customauthenticationextension.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request to create an onTokenIssuanceStartCustomExtension object type.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "create_customauthenticationextension_from_"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/identity/customAuthenticationExtensions

+Content-Type: application/json

+Content-length: 468

+{

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartCustomExtension",

+ "displayName": "onTokenIssuanceStartCustomExtension",

+ "description": "Fetch additional claims from custom user store",

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.httpRequestEndpoint",

+ "targetUrl": "https://authenticationeventsAPI.contoso.com"

+ },

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "api://authenticationeventsAPI.contoso.com/a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ },

+ "clientConfiguration": {

+ "timeoutInMilliseconds": 2000,

+ "maximumRetries": 1

+ },

+ "claimsForTokenConfiguration": [

+ {

+ "claimIdInApiResponse": "DateOfBirth"

+ },

+ {

+ "claimIdInApiResponse": "CustomRoles"

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+### Response

+The following is an example of the response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.customAuthenticationExtension"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/customAuthenticationExtensions/$entity",

+ "@odata.type": "#microsoft.graph.onTokenIssuanceStartCustomExtension",

+ "id": "6fc5012e-7665-43d6-9708-4370863f4e6e",

+ "displayName": "onTokenIssuanceStartCustomExtension",

+ "description": "Fetch additional claims from custom user store",

+ "clientConfiguration": null,

+ "behaviorOnError": null,

+ "authenticationConfiguration": {

+ "@odata.type": "#microsoft.graph.azureAdTokenAuthentication",

+ "resourceId": "api://authenticationeventsAPI.contoso.com/a13d0fc1-04ab-4ede-b215-63de0174cbb4"

+ },

+ "clientConfiguration": {

+ "timeoutInMilliseconds": 2000,

+ "maximumRetries": 1

+ },

+ "endpointConfiguration": {

+ "@odata.type": "#microsoft.graph.httpRequestEndpoint",

+ "targetUrl": "https://authenticationeventsAPI.contoso.com"

+ },

+ "claimsForTokenConfiguration": [

+ {

+ "claimIdInApiResponse": "DateOfBirth"

+ },

+ {

+ "claimIdInApiResponse": "CustomRoles"

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+If successful, this method returns a `200 OK` response code and a [identityProvider](../resources/identityprovider.md) or [openIdConnectProvider](../resources/openidconnectprovider.md) (only for Azure AD B2C) object in the response body.

+<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->

+If successful, this method returns a `200 OK` response code and a [identityUserFlowAttribute](../resources/identityuserflowattribute.md) object in the response body.

+ "name": "impactedresourcethis.complete",

+ "sampleKeys": ["0cb31920-84b9-471f-a6fb-468c1a847088_Microsoft.Identity.IAM.Insights.ApplicationCredentialExpiry", "dbd9935e-15b7-4800-9049-8d8704c23ad2"]

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+ "name": "impactedresourcethis.dismiss",

+ "sampleKeys": ["0cb31920-84b9-471f-a6fb-468c1a847088_Microsoft.Identity.IAM.Insights.ApplicationCredentialExpiry", "dbd9935e-15b7-4800-9049-8d8704c23ad2"]

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+ "name": "get_impactedresource",

+ "sampleKeys": ["0cb31920-84b9-471f-a6fb-468c1a847088_Microsoft.Identity.IAM.Insights.ApplicationCredentialExpiry", "dbd9935e-15b7-4800-9049-8d8704c23ad2"]

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+ "name": "impactedresourcethis.postpone",

+ "sampleKeys": ["0cb31920-84b9-471f-a6fb-468c1a847088_Microsoft.Identity.IAM.Insights.ApplicationCredentialExpiry", "dbd9935e-15b7-4800-9049-8d8704c23ad2"]

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+ "name": "impactedresourcethis.reactivate",

+ "sampleKeys": ["0cb31920-84b9-471f-a6fb-468c1a847088_Microsoft.Identity.IAM.Insights.ApplicationCredentialExpiry", "dbd9935e-15b7-4800-9049-8d8704c23ad2"]

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+# [C#](#tab/csharp)

+# [Go](#tab/go)

+# [PHP](#tab/php)

+|status|[certificateStatus](../resources/intune-apps-certificatestatus.md)|Whether the Certificate Status Provisioned or not Provisioned. Possible values are: notProvisioned, provisioned. Default is notProvisioned. Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. Possible values are: `notProvisioned`, `provisioned`.|

+|status|[certificateStatus](../resources/intune-apps-certificatestatus.md)|Whether the Certificate Status Provisioned or not Provisioned. Possible values are: notProvisioned, provisioned. Default is notProvisioned. Uploading a valid cert file through the Intune admin console will automatically populate this value in the HTTP response. Supports: $filter, $select, $top, $OrderBy, $skip. $Search is not supported. Possible values are: `notProvisioned`, `provisioned`.|

+|status|[certificateStatus](../resources/intune-apps-certificatestatus.md)|The Cert Status Provisioned or not Provisioned. Possible values are: `notProvisioned`, `provisioned`.|