AADCustomAuthenticationExtension

Parameters

Parameter Attribute DataType Description Allowed Values
DisplayName Key String Display Name of the custom security attribute. Must be unique within an attribute set. Can be up to 32 characters long and include Unicode characters. Can't contain spaces or special characters. Can't be changed later. Case sensitive.
Id Write String Unique identifier of the Attribute Definition.
CustomAuthenticationExtensionType Write String Defines the custom authentication extension type.
Description Write String Description of the custom security attribute. Can be up to 128 characters long and include Unicode characters. Can't contain spaces or special characters. Can be changed later.
AuthenticationConfigurationType Write String Defines the authentication configuration type
AuthenticationConfigurationResourceId Write String Defines the authentication configuration resource id
ClientConfigurationTimeoutMilliseconds Write UInt32 Defines the client configuration timeout in milliseconds
ClientConfigurationMaximumRetries Write UInt32 Defines the client configuration max retries
EndpointConfiguration Write MSFT_AADCustomAuthenticationExtensionEndPointConfiguration Defines the endpoint configuration
ClaimsForTokenConfiguration Write MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration[] Defines the list of claims for token configurations
Ensure Write String Present ensures the instance exists, absent ensures it is removed. Absent, Present
Credential Write PSCredential Credentials of the workload's Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
ApplicationSecret Write PSCredential Secret of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

MSFT_AADCustomAuthenticationExtensionEndPointConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
EndpointType Write String Defines the type of the endpoint configuration
LogicAppWorkflowName Write String Defines the workflow name for the logic app
ResourceGroupName Write String Defines the resource group name for the logic app
SubscriptionId Write String Defines the subscription id for the logic app
TargetUrl Write String Defines the target url for the http endpoint

MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration

Parameters

Parameter Attribute DataType Description Allowed Values
ClaimIdInApiResponse Write String Defines the claim id in api response.

Description

Custom authentication extensions define interactions with external systems during a user authentication session.

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • None
  • Update

    • None

Application permissions

  • Read

    • CustomSecAttributeDefinition.Read.All
  • Update

    • CustomSecAttributeDefinition.ReadWrite.All

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        AADCustomAuthenticationExtension "AADCustomAuthenticationExtension1"
        {
            AuthenticationConfigurationResourceId  = "api://microsoft365dsc.com/11105949-846e-42a1-a873-f12db8345013"
            AuthenticationConfigurationType        = "#microsoft.graph.azureAdTokenAuthentication"
            ClaimsForTokenConfiguration            = @(
                MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration{
                    ClaimIdInApiResponse = 'MyClaim'
                }
                MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration{
                    ClaimIdInApiResponse = 'My2ndClaim'
                }
            )
            ClientConfigurationMaximumRetries      = 1
            ClientConfigurationTimeoutMilliseconds = 2000
            CustomAuthenticationExtensionType      = "#microsoft.graph.onTokenIssuanceStartCustomExtension"
            Description                            = "DSC Testing 1"
            DisplayName                            = "DSCTestExtension"
            EndPointConfiguration                  = MSFT_AADCustomAuthenticationExtensionEndPointConfiguration{
                EndpointType = '#microsoft.graph.httpRequestEndpoint'
                TargetUrl = 'https://Microsoft365DSC.com'
            }
            Ensure                                 = "Present";
            Id                                     = "11105949-846e-42a1-a873-f12db8345013"
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
        }
    }
}

Example 2

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC
    node localhost
    {
        AADCustomAuthenticationExtension "AADCustomAuthenticationExtension1"
        {
            AuthenticationConfigurationResourceId  = "api://microsoft365dsc.com/11105949-846e-42a1-a873-f12db8345013"
            AuthenticationConfigurationType        = "#microsoft.graph.azureAdTokenAuthentication"
            ClaimsForTokenConfiguration            = @(
                MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration{
                    ClaimIdInApiResponse = 'MyClaim'
                }
                MSFT_AADCustomAuthenticationExtensionClaimForTokenConfiguration{
                    ClaimIdInApiResponse = 'My2ndClaim'
                }
            )
            ClientConfigurationMaximumRetries      = 1
            ClientConfigurationTimeoutMilliseconds = 2000
            CustomAuthenticationExtensionType      = "#microsoft.graph.onTokenIssuanceStartCustomExtension"
            Description                            = "DSC Testing 1"
            DisplayName                            = "DSCTestExtension"
            EndPointConfiguration                  = MSFT_AADCustomAuthenticationExtensionEndPointConfiguration{
                EndpointType = '#microsoft.graph.httpRequestEndpoint'
                TargetUrl = 'https://Microsoft365DSC.com'
            }
            Ensure                                 = "Present";
            Id                                     = "11105949-846e-42a1-a873-f12db8345013"
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
        }
    }
}

Example 3

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADCustomAuthenticationExtension "AADCustomAuthenticationExtension1"
        {
            DisplayName               = "DSCTestExtension"
            Ensure                    = "Absent"
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
        }
    }
}