AADVerifiedIdAuthorityContract

Parameters

Parameter Attribute DataType Description Allowed Values
id Write String Id of the Verified ID Authority Contract.
linkedDomainUrl Key String URL of the linked domain of the authority.
authorityId Write String Id of the Verified ID Authority.
name Key String Name of the Verified ID Authority Contract.
displays Write MSFT_AADVerifiedIdAuthorityContractDisplayModel[] Display settings of the Authority Contract.
rules Write MSFT_AADVerifiedIdAuthorityContractRulesModel Rules settings of the Authority Contract.
Ensure Write String Present ensures the policy exists, absent ensures it is removed. Present, Absent
Credential Write PSCredential Credentials of the Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
ApplicationSecret Write PSCredential Secret of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

Parameters

Parameter Attribute DataType Description Allowed Values
uri Write String URI of the logo. If this is a URL, it must be reachable over the public internet anonymously.
description Write String Description of the logo.

MSFT_AADVerifiedIdAuthorityContractDisplayCard

Parameters

Parameter Attribute DataType Description Allowed Values
title Write String Title of the credential.
issuedBy Write String The name of the issuer of the credential.
backgroundColor Write String Background color of the credential in hex, for example, #FFAABB.
textColor Write String Text color of the credential in hex, for example, #FFAABB.
description Write String Supplemental text displayed alongside each credential.
logo Write MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo The logo to use for the credential.

MSFT_AADVerifiedIdAuthorityContractDisplayConsent

Parameters

Parameter Attribute DataType Description Allowed Values
title Write String Title of the consent.
instructions Write String Supplemental text to use when displaying consent.

MSFT_AADVerifiedIdAuthorityContractDisplayClaims

Parameters

Parameter Attribute DataType Description Allowed Values
label Write String The label of the claim in display.
claim Write String The name of the claim to which the label applies.
type Write String The type of the claim.
description Write String The description of the claim.

MSFT_AADVerifiedIdAuthorityContractDisplayModel

Parameters

Parameter Attribute DataType Description Allowed Values
locale Write String The locale of this display.
card Write MSFT_AADVerifiedIdAuthorityContractDisplayCard The display properties of the verifiable credential.
consent Write MSFT_AADVerifiedIdAuthorityContractDisplayConsent Supplemental data when the verifiable credential is issued.
claims Write MSFT_AADVerifiedIdAuthorityContractDisplayClaims[] Labels for the claims included in the verifiable credential.

MSFT_AADVerifiedIdAuthorityContractClaimMapping

Parameters

Parameter Attribute DataType Description Allowed Values
inputClaim Write String The name of the claim to use from the input.
outputClaim Write String The name of the claim in the verifiable credential.
indexed Write Boolean Indicating whether the value of this claim is used for searching.
required Write Boolean Indicating whether this mapping is required or not.
type Write String Type of claim.

MSFT_AADVerifiedIdAuthorityContractAttestationValues

Parameters

Parameter Attribute DataType Description Allowed Values
mapping Write MSFT_AADVerifiedIdAuthorityContractClaimMapping[] Rules to map input claims into output claims in the verifiable credential.
required Write Boolean Indicating whether this attestation is required or not.
trustedIssuers Write StringArray[] A list of DIDs allowed to issue the verifiable credential for this contract.
credentialType Write String Required credential type of the input.
configuration Write String Location of the identity provider's configuration document.
clientId Write String Client ID to use when obtaining the ID token.
redirectUri Write String Redirect URI to use when obtaining the ID token. MUST BE vcclient://openid/
scopeValue Write String Space delimited list of scopes to use when obtaining the ID token.

MSFT_AADVerifiedIdAuthorityContractAttestations

Parameters

Parameter Attribute DataType Description Allowed Values
idTokenHints Write MSFT_AADVerifiedIdAuthorityContractAttestationValues[] Id token hints attestations.
idTokens Write MSFT_AADVerifiedIdAuthorityContractAttestationValues[] Id token attestations.
presentations Write MSFT_AADVerifiedIdAuthorityContractAttestationValues[] Presentations attestations.
selfIssued Write MSFT_AADVerifiedIdAuthorityContractAttestationValues[] Self Issued attestations.
accessTokens Write MSFT_AADVerifiedIdAuthorityContractAttestationValues[] Access Token attestations.

MSFT_AADVerifiedIdAuthorityContractCustomStatusEndpoint

Parameters

Parameter Attribute DataType Description Allowed Values
url Write String The URL of the custom status endpoint.
type Write String The type of the endpoint.

MSFT_AADVerifiedIdAuthorityContractVcType

Parameters

Parameter Attribute DataType Description Allowed Values
type Write StringArray[] The type of the vc.

MSFT_AADVerifiedIdAuthorityContractRulesModel

Parameters

Parameter Attribute DataType Description Allowed Values
attestations Write MSFT_AADVerifiedIdAuthorityContractAttestations Describing supported inputs for the rules.
validityInterval Write UInt32 This value shows the lifespan of the credential.
vc Write MSFT_AADVerifiedIdAuthorityContractVcType Types for this contract.
customStatusEndpoint Write MSFT_AADVerifiedIdAuthorityContractCustomStatusEndpoint Status endpoint to include in the verifiable credential for this contract.

Description

Azure AD Verified Identity Authority Contract Use the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract. Documentation Link: https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • None
  • Update

    • None

Application permissions

  • Read

    • None
  • Update

    • None

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADVerifiedIdAuthorityContract 'AADVerifiedIdAuthorityContract-Sample Custom Verified Credentials'
        {
            displays             = @(
                MSFT_AADVerifiedIdAuthorityContractDisplayModel{
                    consent = MSFT_AADVerifiedIdAuthorityContractDisplayConsent{
                        instructions = 'Sign in with your account to get your card.'
                        title = 'Do you want to get your Verified Credential?'
                    }
                    card = MSFT_AADVerifiedIdAuthorityContractDisplayCard{
                        description = 'Use your verified credential to prove to anyone that you know all about verifiable credentials.'
                        issuedBy = 'Microsoft'
                        backgroundColor = '#000000'
                        textColor = '#ffffff'
                        logo = MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo{
                            uri = 'https://didcustomerplayground.z13.web.core.windows.net/VerifiedCredentialExpert_icon.png'
                            description = 'Verified Credential Expert Logo'
                        }
                        title = 'Verified Credential Expert'
                    }
                    locale = 'en-US'
                    claims = @(
                        MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
                            label = 'First name'
                            claim = 'vc.credentialSubject.firstName'
                            type = 'String'
                        }
                        MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
                            label = 'Last name'
                            claim = 'vc.credentialSubject.lastName'
                            type = 'String'
                        }
                    )

                }
            );
            Ensure               = "Present";
            linkedDomainUrl      = "https://$OrganizationName/";
            name                 = "Sample Custom Verified Credentials";
            rules                = MSFT_AADVerifiedIdAuthorityContractRulesModel{
                validityInterval = 2592000
                vc = MSFT_AADVerifiedIdAuthorityContractVcType{
                    type = @('VerifiedCredentialExpert')
                }
                            attestations = MSFT_AADVerifiedIdAuthorityContractAttestations{
                    idTokenHints = @(
                        MSFT_AADVerifiedIdAuthorityContractAttestationValues{
                            mapping = @(
                                MSFT_AADVerifiedIdAuthorityContractClaimMapping{
                                    inputClaim = '$.given_name'
                                    indexed = $False
                                    outputClaim = 'firstName'
                                    required = $True
                                }
                                MSFT_AADVerifiedIdAuthorityContractClaimMapping{
                                    inputClaim = '$.family_name'
                                    indexed = $True
                                    outputClaim = 'lastName'
                                    required = $True
                                }
                            )
                            required = $False
                        }
                    )

                }

            };
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
        }
    }
}

Example 2

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADVerifiedIdAuthorityContract 'AADVerifiedIdAuthorityContract-Sample Custom Verified Credentials'
        {
            displays             = @(
                MSFT_AADVerifiedIdAuthorityContractDisplayModel{
                    consent = MSFT_AADVerifiedIdAuthorityContractDisplayConsent{
                        instructions = 'Sign in with your account to get your card.'
                        title = 'Do you want to get your sample Verified Credential?' #drift
                    }
                    card = MSFT_AADVerifiedIdAuthorityContractDisplayCard{
                        description = 'Use your verified credential to prove to anyone that you know all about verifiable credentials.'
                        issuedBy = 'Microsoft'
                        backgroundColor = '#000000'
                        textColor = '#ffffff'
                        logo = MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo{
                            uri = 'https://didcustomerplayground.z13.web.core.windows.net/VerifiedCredentialExpert_icon.png'
                            description = 'Verified Credential Expert Logo'
                        }
                        title = 'Verified Credential Expert'
                    }
                    locale = 'en-US'
                    claims = @(
                        MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
                            label = 'First name'
                            claim = 'vc.credentialSubject.firstName'
                            type = 'String'
                        }
                        MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
                            label = 'Last name'
                            claim = 'vc.credentialSubject.lastName'
                            type = 'String'
                        }
                    )

                }
            );
            Ensure               = "Present";
            linkedDomainUrl      = "https://$OrganizationName/";
            name                 = "Sample Custom Verified Credentials";
            rules                = MSFT_AADVerifiedIdAuthorityContractRulesModel{
                validityInterval = 2592000
                vc = MSFT_AADVerifiedIdAuthorityContractVcType{
                    type = @('VerifiedCredentialExpert')
                }
                            attestations = MSFT_AADVerifiedIdAuthorityContractAttestations{
                    idTokenHints = @(
                        MSFT_AADVerifiedIdAuthorityContractAttestationValues{
                            mapping = @(
                                MSFT_AADVerifiedIdAuthorityContractClaimMapping{
                                    inputClaim = '$.given_name'
                                    indexed = $False
                                    outputClaim = 'firstName'
                                    required = $True
                                }
                                MSFT_AADVerifiedIdAuthorityContractClaimMapping{
                                    inputClaim = '$.family_name'
                                    indexed = $True
                                    outputClaim = 'lastName'
                                    required = $True
                                }
                            )
                            required = $False
                        }
                    )

                }

            };
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
        }
    }
}

Example 3

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter()]
        [System.String]
        $ApplicationId,

        [Parameter()]
        [System.String]
        $TenantId,

        [Parameter()]
        [System.String]
        $CertificateThumbprint
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADVerifiedIdAuthorityContract 'AADVerifiedIdAuthorityContract-Sample Custom Verified Credentials'
        {
            displays             = @(
                MSFT_AADVerifiedIdAuthorityContractDisplayModel{
                    consent = MSFT_AADVerifiedIdAuthorityContractDisplayConsent{
                        instructions = 'Sign in with your account to get your card.'
                        title = 'Do you want to get your Verified Credential?'
                    }
                    card = MSFT_AADVerifiedIdAuthorityContractDisplayCard{
                        description = 'Use your verified credential to prove to anyone that you know all about verifiable credentials.'
                        issuedBy = 'Microsoft'
                        backgroundColor = '#000000'
                        textColor = '#ffffff'
                        logo = MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo{
                            uri = 'https://didcustomerplayground.z13.web.core.windows.net/VerifiedCredentialExpert_icon.png'
                            description = 'Verified Credential Expert Logo'
                        }
                        title = 'Verified Credential Expert'
                    }
                    locale = 'en-US'
                    claims = @(
                        MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
                            label = 'First name'
                            claim = 'vc.credentialSubject.firstName'
                            type = 'String'
                        }
                        MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
                            label = 'Last name'
                            claim = 'vc.credentialSubject.lastName'
                            type = 'String'
                        }
                    )

                }
            );
            Ensure               = "Absent";
            linkedDomainUrl      = "https://$OrganizationName/";
            name                 = "Sample Custom Verified Credentials";
            rules                = MSFT_AADVerifiedIdAuthorityContractRulesModel{
                validityInterval = 2592000
                vc = MSFT_AADVerifiedIdAuthorityContractVcType{
                    type = @('VerifiedCredentialExpert')
                }
                            attestations = MSFT_AADVerifiedIdAuthorityContractAttestations{
                    idTokenHints = @(
                        MSFT_AADVerifiedIdAuthorityContractAttestationValues{
                            mapping = @(
                                MSFT_AADVerifiedIdAuthorityContractClaimMapping{
                                    inputClaim = '$.given_name'
                                    indexed = $False
                                    outputClaim = 'firstName'
                                    required = $True
                                }
                                MSFT_AADVerifiedIdAuthorityContractClaimMapping{
                                    inputClaim = '$.family_name'
                                    indexed = $True
                                    outputClaim = 'lastName'
                                    required = $True
                                }
                            )
                            required = $False
                        }
                    )

                }

            };
            ApplicationId         = $ApplicationId
            TenantId              = $TenantId
            CertificateThumbprint = $CertificateThumbprint
        }
    }
}