AADVerifiedIdAuthorityContract
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| id |
Write |
String |
Id of the Verified ID Authority Contract. |
|
| linkedDomainUrl |
Key |
String |
URL of the linked domain of the authority. |
|
| authorityId |
Write |
String |
Id of the Verified ID Authority. |
|
| name |
Key |
String |
Name of the Verified ID Authority Contract. |
|
| displays |
Write |
MSFT_AADVerifiedIdAuthorityContractDisplayModel[] |
Display settings of the Authority Contract. |
|
| rules |
Write |
MSFT_AADVerifiedIdAuthorityContractRulesModel |
Rules settings of the Authority Contract. |
|
| Ensure |
Write |
String |
Present ensures the policy exists, absent ensures it is removed. |
Present, Absent |
| Credential |
Write |
PSCredential |
Credentials of the Admin |
|
| ApplicationId |
Write |
String |
Id of the Azure Active Directory application to authenticate with. |
|
| TenantId |
Write |
String |
Id of the Azure Active Directory tenant used for authentication. |
|
| ApplicationSecret |
Write |
PSCredential |
Secret of the Azure Active Directory tenant used for authentication. |
|
| CertificateThumbprint |
Write |
String |
Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. |
|
| ManagedIdentity |
Write |
Boolean |
Managed ID being used for authentication. |
|
| AccessTokens |
Write |
StringArray[] |
Access token used for authentication. |
|
MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| uri |
Write |
String |
URI of the logo. If this is a URL, it must be reachable over the public internet anonymously. |
|
| description |
Write |
String |
Description of the logo. |
|
MSFT_AADVerifiedIdAuthorityContractDisplayCard
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| title |
Write |
String |
Title of the credential. |
|
| issuedBy |
Write |
String |
The name of the issuer of the credential. |
|
| backgroundColor |
Write |
String |
Background color of the credential in hex, for example, #FFAABB. |
|
| textColor |
Write |
String |
Text color of the credential in hex, for example, #FFAABB. |
|
| description |
Write |
String |
Supplemental text displayed alongside each credential. |
|
| logo |
Write |
MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo |
The logo to use for the credential. |
|
MSFT_AADVerifiedIdAuthorityContractDisplayConsent
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| title |
Write |
String |
Title of the consent. |
|
| instructions |
Write |
String |
Supplemental text to use when displaying consent. |
|
MSFT_AADVerifiedIdAuthorityContractDisplayClaims
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| label |
Write |
String |
The label of the claim in display. |
|
| claim |
Write |
String |
The name of the claim to which the label applies. |
|
| type |
Write |
String |
The type of the claim. |
|
| description |
Write |
String |
The description of the claim. |
|
MSFT_AADVerifiedIdAuthorityContractDisplayModel
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| locale |
Write |
String |
The locale of this display. |
|
| card |
Write |
MSFT_AADVerifiedIdAuthorityContractDisplayCard |
The display properties of the verifiable credential. |
|
| consent |
Write |
MSFT_AADVerifiedIdAuthorityContractDisplayConsent |
Supplemental data when the verifiable credential is issued. |
|
| claims |
Write |
MSFT_AADVerifiedIdAuthorityContractDisplayClaims[] |
Labels for the claims included in the verifiable credential. |
|
MSFT_AADVerifiedIdAuthorityContractClaimMapping
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| inputClaim |
Write |
String |
The name of the claim to use from the input. |
|
| outputClaim |
Write |
String |
The name of the claim in the verifiable credential. |
|
| indexed |
Write |
Boolean |
Indicating whether the value of this claim is used for searching. |
|
| required |
Write |
Boolean |
Indicating whether this mapping is required or not. |
|
| type |
Write |
String |
Type of claim. |
|
MSFT_AADVerifiedIdAuthorityContractAttestationValues
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| mapping |
Write |
MSFT_AADVerifiedIdAuthorityContractClaimMapping[] |
Rules to map input claims into output claims in the verifiable credential. |
|
| required |
Write |
Boolean |
Indicating whether this attestation is required or not. |
|
| trustedIssuers |
Write |
StringArray[] |
A list of DIDs allowed to issue the verifiable credential for this contract. |
|
| credentialType |
Write |
String |
Required credential type of the input. |
|
| configuration |
Write |
String |
Location of the identity provider's configuration document. |
|
| clientId |
Write |
String |
Client ID to use when obtaining the ID token. |
|
| redirectUri |
Write |
String |
Redirect URI to use when obtaining the ID token. MUST BE vcclient://openid/ |
|
| scopeValue |
Write |
String |
Space delimited list of scopes to use when obtaining the ID token. |
|
MSFT_AADVerifiedIdAuthorityContractAttestations
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| idTokenHints |
Write |
MSFT_AADVerifiedIdAuthorityContractAttestationValues[] |
Id token hints attestations. |
|
| idTokens |
Write |
MSFT_AADVerifiedIdAuthorityContractAttestationValues[] |
Id token attestations. |
|
| presentations |
Write |
MSFT_AADVerifiedIdAuthorityContractAttestationValues[] |
Presentations attestations. |
|
| selfIssued |
Write |
MSFT_AADVerifiedIdAuthorityContractAttestationValues[] |
Self Issued attestations. |
|
| accessTokens |
Write |
MSFT_AADVerifiedIdAuthorityContractAttestationValues[] |
Access Token attestations. |
|
MSFT_AADVerifiedIdAuthorityContractCustomStatusEndpoint
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| url |
Write |
String |
The URL of the custom status endpoint. |
|
| type |
Write |
String |
The type of the endpoint. |
|
MSFT_AADVerifiedIdAuthorityContractVcType
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| type |
Write |
StringArray[] |
The type of the vc. |
|
MSFT_AADVerifiedIdAuthorityContractRulesModel
Parameters
| Parameter |
Attribute |
DataType |
Description |
Allowed Values |
| attestations |
Write |
MSFT_AADVerifiedIdAuthorityContractAttestations |
Describing supported inputs for the rules. |
|
| validityInterval |
Write |
UInt32 |
This value shows the lifespan of the credential. |
|
| vc |
Write |
MSFT_AADVerifiedIdAuthorityContractVcType |
Types for this contract. |
|
| customStatusEndpoint |
Write |
MSFT_AADVerifiedIdAuthorityContractCustomStatusEndpoint |
Status endpoint to include in the verifiable credential for this contract. |
|
Description
Azure AD Verified Identity Authority Contract
Use the VerifiableCredential.Contract.ReadWrite permission to read and write the authority contract.
Documentation Link: https://learn.microsoft.com/en-us/entra/verified-id/admin-api#contracts
Permissions
Microsoft Graph
To authenticate with the Microsoft Graph API, this resource required the following permissions:
Delegated permissions
Application permissions
Examples
Example 1
This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADVerifiedIdAuthorityContract 'AADVerifiedIdAuthorityContract-Sample Custom Verified Credentials'
{
displays = @(
MSFT_AADVerifiedIdAuthorityContractDisplayModel{
consent = MSFT_AADVerifiedIdAuthorityContractDisplayConsent{
instructions = 'Sign in with your account to get your card.'
title = 'Do you want to get your Verified Credential?'
}
card = MSFT_AADVerifiedIdAuthorityContractDisplayCard{
description = 'Use your verified credential to prove to anyone that you know all about verifiable credentials.'
issuedBy = 'Microsoft'
backgroundColor = '#000000'
textColor = '#ffffff'
logo = MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo{
uri = 'https://didcustomerplayground.z13.web.core.windows.net/VerifiedCredentialExpert_icon.png'
description = 'Verified Credential Expert Logo'
}
title = 'Verified Credential Expert'
}
locale = 'en-US'
claims = @(
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'First name'
claim = 'vc.credentialSubject.firstName'
type = 'String'
}
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'Last name'
claim = 'vc.credentialSubject.lastName'
type = 'String'
}
)
}
);
Ensure = "Present";
linkedDomainUrl = "https://$OrganizationName/";
name = "Sample Custom Verified Credentials";
rules = MSFT_AADVerifiedIdAuthorityContractRulesModel{
validityInterval = 2592000
vc = MSFT_AADVerifiedIdAuthorityContractVcType{
type = @('VerifiedCredentialExpert')
}
attestations = MSFT_AADVerifiedIdAuthorityContractAttestations{
idTokenHints = @(
MSFT_AADVerifiedIdAuthorityContractAttestationValues{
mapping = @(
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.given_name'
indexed = $False
outputClaim = 'firstName'
required = $True
}
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.family_name'
indexed = $True
outputClaim = 'lastName'
required = $True
}
)
required = $False
}
)
}
};
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}
Example 2
This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADVerifiedIdAuthorityContract 'AADVerifiedIdAuthorityContract-Sample Custom Verified Credentials'
{
displays = @(
MSFT_AADVerifiedIdAuthorityContractDisplayModel{
consent = MSFT_AADVerifiedIdAuthorityContractDisplayConsent{
instructions = 'Sign in with your account to get your card.'
title = 'Do you want to get your sample Verified Credential?' #drift
}
card = MSFT_AADVerifiedIdAuthorityContractDisplayCard{
description = 'Use your verified credential to prove to anyone that you know all about verifiable credentials.'
issuedBy = 'Microsoft'
backgroundColor = '#000000'
textColor = '#ffffff'
logo = MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo{
uri = 'https://didcustomerplayground.z13.web.core.windows.net/VerifiedCredentialExpert_icon.png'
description = 'Verified Credential Expert Logo'
}
title = 'Verified Credential Expert'
}
locale = 'en-US'
claims = @(
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'First name'
claim = 'vc.credentialSubject.firstName'
type = 'String'
}
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'Last name'
claim = 'vc.credentialSubject.lastName'
type = 'String'
}
)
}
);
Ensure = "Present";
linkedDomainUrl = "https://$OrganizationName/";
name = "Sample Custom Verified Credentials";
rules = MSFT_AADVerifiedIdAuthorityContractRulesModel{
validityInterval = 2592000
vc = MSFT_AADVerifiedIdAuthorityContractVcType{
type = @('VerifiedCredentialExpert')
}
attestations = MSFT_AADVerifiedIdAuthorityContractAttestations{
idTokenHints = @(
MSFT_AADVerifiedIdAuthorityContractAttestationValues{
mapping = @(
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.given_name'
indexed = $False
outputClaim = 'firstName'
required = $True
}
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.family_name'
indexed = $True
outputClaim = 'lastName'
required = $True
}
)
required = $False
}
)
}
};
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}
Example 3
This example is used to test new resources and showcase the usage of new resources being worked on.
It is not meant to use as a production baseline.
Configuration Example
{
param(
[Parameter()]
[System.String]
$ApplicationId,
[Parameter()]
[System.String]
$TenantId,
[Parameter()]
[System.String]
$CertificateThumbprint
)
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
AADVerifiedIdAuthorityContract 'AADVerifiedIdAuthorityContract-Sample Custom Verified Credentials'
{
displays = @(
MSFT_AADVerifiedIdAuthorityContractDisplayModel{
consent = MSFT_AADVerifiedIdAuthorityContractDisplayConsent{
instructions = 'Sign in with your account to get your card.'
title = 'Do you want to get your Verified Credential?'
}
card = MSFT_AADVerifiedIdAuthorityContractDisplayCard{
description = 'Use your verified credential to prove to anyone that you know all about verifiable credentials.'
issuedBy = 'Microsoft'
backgroundColor = '#000000'
textColor = '#ffffff'
logo = MSFT_AADVerifiedIdAuthorityContractDisplayCredentialLogo{
uri = 'https://didcustomerplayground.z13.web.core.windows.net/VerifiedCredentialExpert_icon.png'
description = 'Verified Credential Expert Logo'
}
title = 'Verified Credential Expert'
}
locale = 'en-US'
claims = @(
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'First name'
claim = 'vc.credentialSubject.firstName'
type = 'String'
}
MSFT_AADVerifiedIdAuthorityContractDisplayClaims{
label = 'Last name'
claim = 'vc.credentialSubject.lastName'
type = 'String'
}
)
}
);
Ensure = "Absent";
linkedDomainUrl = "https://$OrganizationName/";
name = "Sample Custom Verified Credentials";
rules = MSFT_AADVerifiedIdAuthorityContractRulesModel{
validityInterval = 2592000
vc = MSFT_AADVerifiedIdAuthorityContractVcType{
type = @('VerifiedCredentialExpert')
}
attestations = MSFT_AADVerifiedIdAuthorityContractAttestations{
idTokenHints = @(
MSFT_AADVerifiedIdAuthorityContractAttestationValues{
mapping = @(
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.given_name'
indexed = $False
outputClaim = 'firstName'
required = $True
}
MSFT_AADVerifiedIdAuthorityContractClaimMapping{
inputClaim = '$.family_name'
indexed = $True
outputClaim = 'lastName'
required = $True
}
)
required = $False
}
)
}
};
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $CertificateThumbprint
}
}
}