PUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/slots/{slot}/config/authsettingsV2/?api-version=2023-01-01

Name	Type	Required	Description
`name`	String	Yes	Name of web app.
`slot`	String	Yes	Name of web app slot. If not specified then will default to production slot.
`subscriptionId`	String	Yes	Your Azure subscription ID. This is a GUID-formatted string (e.g. 00000000-0000-0000-0000-000000000000).
`resourceGroupName`	String	Yes	Name of the resource group to which the resource belongs.

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"

Name	Type	Required	Description
`id`	String	No	Resource Id.
`name`	String	No	Resource Name.
`properties`	Object	No	SiteAuthSettingsV2 resource specific properties
`properties.httpSettings`	Object	No	The configuration settings of the HTTP requests for authentication and authorization requests made against App Service Authentication/Authorization.
`properties.httpSettings.forwardProxy`	Object	No	The configuration settings of a forward proxy used to make the requests.
`properties.httpSettings.forwardProxy.convention`	String	No	The convention used to determine the url of the request made. Possible values: `"NoProxy"` `"Custom"` `"Standard"`
`properties.httpSettings.forwardProxy.customHostHeaderName`	String	No	The name of the header containing the host of the request.
`properties.httpSettings.forwardProxy.customProtoHeaderName`	String	No	The name of the header containing the scheme of the request.
`properties.httpSettings.routes`	Object	No	The configuration settings of the paths HTTP requests.
`properties.httpSettings.routes.apiPrefix`	String	No	The prefix that should precede all the authentication/authorization paths.
`properties.httpSettings.requireHttps`	Boolean	No	`false` if the authentication/authorization responses not having the HTTPS scheme are permissible; otherwise, `true`.
`properties.platform`	Object	No	The configuration settings of the platform of App Service Authentication/Authorization.
`properties.platform.runtimeVersion`	String	No	The RuntimeVersion of the Authentication / Authorization feature in use for the current app. The setting in this value can control the behavior of certain features in the Authentication / Authorization module.
`properties.platform.enabled`	Boolean	No	`true` if the Authentication / Authorization feature is enabled for the current app; otherwise, `false`.
`properties.platform.configFilePath`	String	No	The path of the config file containing auth settings if they come from a file. If the path is relative, base will the site's root directory.
`properties.globalValidation`	Object	No	The configuration settings that determines the validation flow of users using App Service Authentication/Authorization.
`properties.globalValidation.unauthenticatedClientAction`	String	No	The action to take when an unauthenticated client attempts to access the app. Possible values: `"RedirectToLoginPage"` `"AllowAnonymous"` `"Return401"` `"Return403"`
`properties.globalValidation.excludedPaths[]`	Array	No	The paths for which unauthenticated flow would not be redirected to the login page.
`properties.globalValidation.requireAuthentication`	Boolean	No	`true` if the authentication flow is required any request is made; otherwise, `false`.
`properties.globalValidation.redirectToProvider`	String	No	The default authentication provider to use when multiple providers are configured. This setting is only needed if multiple providers are configured and the unauthenticated client action is set to "RedirectToLoginPage".
`properties.login`	Object	No	The configuration settings of the login flow of users using App Service Authentication/Authorization.
`properties.login.cookieExpiration`	Object	No	The configuration settings of the session cookie's expiration.
`properties.login.cookieExpiration.convention`	String	No	The convention used when determining the session cookie's expiration. Possible values: `"IdentityProviderDerived"` `"FixedTime"`
`properties.login.cookieExpiration.timeToExpiration`	String	No	The time after the request is made when the session cookie should expire.
`properties.login.routes`	Object	No	The routes that specify the endpoints used for login and logout requests.
`properties.login.routes.logoutEndpoint`	String	No	The endpoint at which a logout request should be made.
`properties.login.nonce`	Object	No	The configuration settings of the nonce used in the login flow.
`properties.login.nonce.validateNonce`	Boolean	No	`false` if the nonce should not be validated while completing the login flow; otherwise, `true`.
`properties.login.nonce.nonceExpirationInterval`	String	No	The time after the request is made when the nonce should expire.
`properties.login.tokenStore`	Object	No	The configuration settings of the token store.
`properties.login.tokenStore.tokenRefreshExtensionHours`	Number	No	The number of hours after session token expiration that a session token can be used to call the token refresh API. The default is 72 hours.
`properties.login.tokenStore.enabled`	Boolean	No	`true` to durably store platform-specific security tokens that are obtained during login flows; otherwise, `false`. The default is `false`.
`properties.login.tokenStore.fileSystem`	Object	No	The configuration settings of the storage of the tokens if a file system is used.
`properties.login.tokenStore.fileSystem.directory`	String	No	The directory in which the tokens will be stored.
`properties.login.tokenStore.azureBlobStorage`	Object	No	The configuration settings of the storage of the tokens if blob storage is used.
`properties.login.tokenStore.azureBlobStorage.sasUrlSettingName`	String	No	The name of the app setting containing the SAS URL of the blob storage containing the tokens.
`properties.login.preserveUrlFragmentsForLogins`	Boolean	No	`true` if the fragments from the request are preserved after the login request is made; otherwise, `false`.
`properties.login.allowedExternalRedirectUrls[]`	Array	No	External URLs that can be redirected to as part of logging in or logging out of the app. Note that the query string part of the URL is ignored. This is an advanced setting typically only needed by Windows Store application backends. Note that URLs within the current domain are always implicitly allowed.
`properties.identityProviders`	Object	No	The configuration settings of each of the identity providers used to configure App Service Authentication/Authorization.
`properties.identityProviders.azureActiveDirectory`	Object	No	The configuration settings of the Azure Active directory provider.
`properties.identityProviders.azureActiveDirectory.isAutoProvisioned`	Boolean	No	Gets a value indicating whether the Azure AD configuration was auto-provisioned using 1st party tooling. This is an internal flag primarily intended to support the Azure Management Portal. Users should not read or write to this property.
`properties.identityProviders.azureActiveDirectory.enabled`	Boolean	No	`false` if the Azure Active Directory provider should not be enabled despite the set registration; otherwise, `true`.
`properties.identityProviders.azureActiveDirectory.validation`	Object	No	The configuration settings of the Azure Active Directory token validation flow.
`properties.identityProviders.azureActiveDirectory.validation.allowedAudiences[]`	Array	No	The list of audiences that can make successful authentication/authorization requests.
`properties.identityProviders.azureActiveDirectory.validation.jwtClaimChecks`	Object	No	The configuration settings of the checks that should be made while validating the JWT Claims.
`properties.identityProviders.azureActiveDirectory.validation.jwtClaimChecks.allowedGroups[]`	Array	No	The list of the allowed groups.
`properties.identityProviders.azureActiveDirectory.validation.jwtClaimChecks.allowedClientApplications[]`	Array	No	The list of the allowed client applications.
`properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy`	Object	No	The configuration settings of the Azure Active Directory default authorization policy.
`properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedPrincipals`	Object	No	The configuration settings of the Azure Active Directory allowed principals.
`properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedPrincipals.groups[]`	Array	No	The list of the allowed groups.
`properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedPrincipals.identities[]`	Array	No	The list of the allowed identities.
`properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedApplications[]`	Array	No	The configuration settings of the Azure Active Directory allowed applications.
`properties.identityProviders.azureActiveDirectory.login`	Object	No	The configuration settings of the Azure Active Directory login flow.
`properties.identityProviders.azureActiveDirectory.login.loginParameters[]`	Array	No	Login parameters to send to the OpenID Connect authorization endpoint when a user logs in. Each parameter must be in the form "key=value".
`properties.identityProviders.azureActiveDirectory.login.disableWWWAuthenticate`	Boolean	No	`true` if the www-authenticate provider should be omitted from the request; otherwise, `false`.
`properties.identityProviders.azureActiveDirectory.registration`	Object	No	The configuration settings of the Azure Active Directory app registration.
`properties.identityProviders.azureActiveDirectory.registration.clientSecretCertificateThumbprint`	String	No	An alternative to the client secret, that is the thumbprint of a certificate used for signing purposes. This property acts as a replacement for the Client Secret. It is also optional.
`properties.identityProviders.azureActiveDirectory.registration.openIdIssuer`	String	No	The OpenID Connect Issuer URI that represents the entity which issues access tokens for this application. When using Azure Active Directory, this value is the URI of the directory tenant, e.g. https://login.microsoftonline.com/v2.0/{tenant-guid}/. This URI is a case-sensitive identifier for the token issuer. More information on OpenID Connect Discovery: http://openid.net/specs/openid-connect-discovery-1_0.html
`properties.identityProviders.azureActiveDirectory.registration.clientSecretCertificateIssuer`	String	No	An alternative to the client secret thumbprint, that is the issuer of a certificate used for signing purposes. This property acts as a replacement for the Client Secret Certificate Thumbprint. It is also optional.
`properties.identityProviders.azureActiveDirectory.registration.clientId`	String	No	The Client ID of this relying party application, known as the client_id. This setting is required for enabling OpenID Connection authentication with Azure Active Directory or other 3rd party OpenID Connect providers. More information on OpenID Connect: http://openid.net/specs/openid-connect-core-1_0.html
`properties.identityProviders.azureActiveDirectory.registration.clientSecretSettingName`	String	No	The app setting name that contains the client secret of the relying party application.
`properties.identityProviders.azureActiveDirectory.registration.clientSecretCertificateSubjectAlternativeName`	String	No	An alternative to the client secret thumbprint, that is the subject alternative name of a certificate used for signing purposes. This property acts as a replacement for the Client Secret Certificate Thumbprint. It is also optional.
`properties.identityProviders.apple`	Object	No	The configuration settings of the Apple provider.
`properties.identityProviders.apple.enabled`	Boolean	No	`false` if the Apple provider should not be enabled despite the set registration; otherwise, `true`.
`properties.identityProviders.apple.login`	Object	No	The configuration settings of the login flow, including the scopes that should be requested.
`properties.identityProviders.apple.login.scopes[]`	Array	No	A list of the scopes that should be requested while authenticating.
`properties.identityProviders.apple.registration`	Object	No	The configuration settings of the registration for the Apple provider
`properties.identityProviders.apple.registration.clientId`	String	No	The Client ID of the app used for login.
`properties.identityProviders.apple.registration.clientSecretSettingName`	String	No	The app setting name that contains the client secret.
`properties.identityProviders.gitHub`	Object	No	The configuration settings of the GitHub provider.
`properties.identityProviders.gitHub.enabled`	Boolean	No	`false` if the GitHub provider should not be enabled despite the set registration; otherwise, `true`.
`properties.identityProviders.gitHub.login`	Object	No	The configuration settings of the login flow, including the scopes that should be requested.
`properties.identityProviders.gitHub.login.scopes[]`	Array	No	A list of the scopes that should be requested while authenticating.
`properties.identityProviders.gitHub.registration`	Object	No	The configuration settings of the app registration for providers that have client ids and client secrets
`properties.identityProviders.gitHub.registration.clientId`	String	No	The Client ID of the app used for login.
`properties.identityProviders.gitHub.registration.clientSecretSettingName`	String	No	The app setting name that contains the client secret.
`properties.identityProviders.customOpenIdConnectProviders`	Object	No	The map of the name of the alias of each custom Open ID Connect provider to the configuration settings of the custom Open ID Connect provider.
`properties.identityProviders.customOpenIdConnectProviders.name`	Object	No	The configuration settings of the custom Open ID Connect provider.
`properties.identityProviders.customOpenIdConnectProviders.name.enabled`	Boolean	No	`false` if the custom Open ID provider provider should not be enabled; otherwise, `true`.
`properties.identityProviders.customOpenIdConnectProviders.name.login`	Object	No	The configuration settings of the login flow of the custom Open ID Connect provider.
`properties.identityProviders.customOpenIdConnectProviders.name.login.scopes[]`	Array	No	A list of the scopes that should be requested while authenticating.
`properties.identityProviders.customOpenIdConnectProviders.name.login.nameClaimType`	String	No	The name of the claim that contains the users name.
`properties.identityProviders.customOpenIdConnectProviders.name.registration`	Object	No	The configuration settings of the app registration for the custom Open ID Connect provider.
`properties.identityProviders.customOpenIdConnectProviders.name.registration.clientCredential`	Object	No	The authentication client credentials of the custom Open ID Connect provider.
`properties.identityProviders.customOpenIdConnectProviders.name.registration.clientCredential.method`	String	No	The method that should be used to authenticate the user. Possible values: `"ClientSecretPost"`
`properties.identityProviders.customOpenIdConnectProviders.name.registration.clientCredential.clientSecretSettingName`	String	No	The app setting that contains the client secret for the custom Open ID Connect provider.
`properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration`	Object	No	The configuration settings of the endpoints used for the custom Open ID Connect provider.
`properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.authorizationEndpoint`	String	No	The endpoint to be used to make an authorization request.
`properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.certificationUri`	String	No	The endpoint that provides the keys necessary to validate the token.
`properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.issuer`	String	No	The endpoint that issues the token.
`properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.wellKnownOpenIdConfiguration`	String	No	The endpoint that contains all the configuration endpoints for the provider.
`properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.tokenEndpoint`	String	No	The endpoint to be used to request a token.
`properties.identityProviders.customOpenIdConnectProviders.name.registration.clientId`	String	No	The client id of the custom Open ID Connect provider.
`properties.identityProviders.legacyMicrosoftAccount`	Object	No	The configuration settings of the legacy Microsoft Account provider.
`properties.identityProviders.legacyMicrosoftAccount.enabled`	Boolean	No	`false` if the legacy Microsoft Account provider should not be enabled despite the set registration; otherwise, `true`.
`properties.identityProviders.legacyMicrosoftAccount.validation`	Object	No	The configuration settings of the Allowed Audiences validation flow.
`properties.identityProviders.legacyMicrosoftAccount.validation.allowedAudiences[]`	Array	No	The configuration settings of the allowed list of audiences from which to validate the JWT token.
`properties.identityProviders.legacyMicrosoftAccount.login`	Object	No	The configuration settings of the login flow, including the scopes that should be requested.
`properties.identityProviders.legacyMicrosoftAccount.login.scopes[]`	Array	No	A list of the scopes that should be requested while authenticating.
`properties.identityProviders.legacyMicrosoftAccount.registration`	Object	No	The configuration settings of the app registration for providers that have client ids and client secrets
`properties.identityProviders.legacyMicrosoftAccount.registration.clientId`	String	No	The Client ID of the app used for login.
`properties.identityProviders.legacyMicrosoftAccount.registration.clientSecretSettingName`	String	No	The app setting name that contains the client secret.
`properties.identityProviders.twitter`	Object	No	The configuration settings of the Twitter provider.
`properties.identityProviders.twitter.enabled`	Boolean	No	`false` if the Twitter provider should not be enabled despite the set registration; otherwise, `true`.
`properties.identityProviders.twitter.registration`	Object	No	The configuration settings of the app registration for the Twitter provider.
`properties.identityProviders.twitter.registration.consumerSecretSettingName`	String	No	The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.
`properties.identityProviders.twitter.registration.consumerKey`	String	No	The OAuth 1.0a consumer key of the Twitter application used for sign-in. This setting is required for enabling Twitter Sign-In. Twitter Sign-In documentation: https://dev.twitter.com/web/sign-in
`properties.identityProviders.facebook`	Object	No	The configuration settings of the Facebook provider.
`properties.identityProviders.facebook.graphApiVersion`	String	No	The version of the Facebook api to be used while logging in.
`properties.identityProviders.facebook.enabled`	Boolean	No	`false` if the Facebook provider should not be enabled despite the set registration; otherwise, `true`.
`properties.identityProviders.facebook.login`	Object	No	The configuration settings of the login flow, including the scopes that should be requested.
`properties.identityProviders.facebook.login.scopes[]`	Array	No	A list of the scopes that should be requested while authenticating.
`properties.identityProviders.facebook.registration`	Object	No	The configuration settings of the app registration for providers that have app ids and app secrets
`properties.identityProviders.facebook.registration.appSecretSettingName`	String	No	The app setting name that contains the app secret.
`properties.identityProviders.facebook.registration.appId`	String	No	The App ID of the app used for login.
`properties.identityProviders.azureStaticWebApps`	Object	No	The configuration settings of the Azure Static Web Apps provider.
`properties.identityProviders.azureStaticWebApps.enabled`	Boolean	No	`false` if the Azure Static Web Apps provider should not be enabled despite the set registration; otherwise, `true`.
`properties.identityProviders.azureStaticWebApps.registration`	Object	No	The configuration settings of the registration for the Azure Static Web Apps provider
`properties.identityProviders.azureStaticWebApps.registration.clientId`	String	No	The Client ID of the app used for login.
`properties.identityProviders.google`	Object	No	The configuration settings of the Google provider.
`properties.identityProviders.google.enabled`	Boolean	No	`false` if the Google provider should not be enabled despite the set registration; otherwise, `true`.
`properties.identityProviders.google.validation`	Object	No	The configuration settings of the Allowed Audiences validation flow.
`properties.identityProviders.google.validation.allowedAudiences[]`	Array	No	The configuration settings of the allowed list of audiences from which to validate the JWT token.
`properties.identityProviders.google.login`	Object	No	The configuration settings of the login flow, including the scopes that should be requested.
`properties.identityProviders.google.login.scopes[]`	Array	No	A list of the scopes that should be requested while authenticating.
`properties.identityProviders.google.registration`	Object	No	The configuration settings of the app registration for providers that have client ids and client secrets
`properties.identityProviders.google.registration.clientId`	String	No	The Client ID of the app used for login.
`properties.identityProviders.google.registration.clientSecretSettingName`	String	No	The app setting name that contains the client secret.
`type`	String	No	Resource type.
`kind`	String	No	Kind of resource.

Name

Type

Required

Description

id

String

No

Resource Id.

name

String

No

Resource Name.

properties

Object

No

SiteAuthSettingsV2 resource specific properties

properties.httpSettings

Object

No

The configuration settings of the HTTP requests for authentication and authorization requests made against App Service Authentication/Authorization.

properties.httpSettings.forwardProxy

Object

No

The configuration settings of a forward proxy used to make the requests.

properties.httpSettings.forwardProxy.convention

String

No

The convention used to determine the url of the request made.

Possible values:

"NoProxy"
"Custom"
"Standard"

properties.httpSettings.forwardProxy.customHostHeaderName

String

No

The name of the header containing the host of the request.

properties.httpSettings.forwardProxy.customProtoHeaderName

String

No

The name of the header containing the scheme of the request.

properties.httpSettings.routes

Object

No

The configuration settings of the paths HTTP requests.

properties.httpSettings.routes.apiPrefix

String

No

The prefix that should precede all the authentication/authorization paths.

properties.httpSettings.requireHttps

Boolean

No

false if the authentication/authorization responses not having the HTTPS scheme are permissible; otherwise, true.

properties.platform

Object

No

The configuration settings of the platform of App Service Authentication/Authorization.

properties.platform.runtimeVersion

String

No

The RuntimeVersion of the Authentication / Authorization feature in use for the current app. The setting in this value can control the behavior of certain features in the Authentication / Authorization module.

properties.platform.enabled

Boolean

No

true if the Authentication / Authorization feature is enabled for the current app; otherwise, false.

properties.platform.configFilePath

String

No

The path of the config file containing auth settings if they come from a file. If the path is relative, base will the site's root directory.

properties.globalValidation

Object

No

The configuration settings that determines the validation flow of users using App Service Authentication/Authorization.

properties.globalValidation.unauthenticatedClientAction

String

No

The action to take when an unauthenticated client attempts to access the app.

Possible values:

"RedirectToLoginPage"
"AllowAnonymous"
"Return401"
"Return403"

properties.globalValidation.excludedPaths[]

Array

No

The paths for which unauthenticated flow would not be redirected to the login page.

properties.globalValidation.requireAuthentication

Boolean

No

true if the authentication flow is required any request is made; otherwise, false.

properties.globalValidation.redirectToProvider

String

No

The default authentication provider to use when multiple providers are configured. This setting is only needed if multiple providers are configured and the unauthenticated client action is set to "RedirectToLoginPage".

properties.login

Object

No

The configuration settings of the login flow of users using App Service Authentication/Authorization.

properties.login.cookieExpiration

Object

No

The configuration settings of the session cookie's expiration.

properties.login.cookieExpiration.convention

String

No

The convention used when determining the session cookie's expiration.

Possible values:

"IdentityProviderDerived"
"FixedTime"

properties.login.cookieExpiration.timeToExpiration

String

No

The time after the request is made when the session cookie should expire.

properties.login.routes

Object

No

The routes that specify the endpoints used for login and logout requests.

properties.login.routes.logoutEndpoint

String

No

The endpoint at which a logout request should be made.

properties.login.nonce

Object

No

The configuration settings of the nonce used in the login flow.

properties.login.nonce.validateNonce

Boolean

No

false if the nonce should not be validated while completing the login flow; otherwise, true.

properties.login.nonce.nonceExpirationInterval

String

No

The time after the request is made when the nonce should expire.

properties.login.tokenStore

Object

No

The configuration settings of the token store.

properties.login.tokenStore.tokenRefreshExtensionHours

Number

No

The number of hours after session token expiration that a session token can be used to call the token refresh API. The default is 72 hours.

properties.login.tokenStore.enabled

Boolean

No

true to durably store platform-specific security tokens that are obtained during login flows; otherwise, false. The default is false.

properties.login.tokenStore.fileSystem

Object

No

The configuration settings of the storage of the tokens if a file system is used.

properties.login.tokenStore.fileSystem.directory

String

No

The directory in which the tokens will be stored.

properties.login.tokenStore.azureBlobStorage

Object

No

The configuration settings of the storage of the tokens if blob storage is used.

properties.login.tokenStore.azureBlobStorage.sasUrlSettingName

String

No

The name of the app setting containing the SAS URL of the blob storage containing the tokens.

properties.login.preserveUrlFragmentsForLogins

Boolean

No

true if the fragments from the request are preserved after the login request is made; otherwise, false.

properties.login.allowedExternalRedirectUrls[]

Array

No

External URLs that can be redirected to as part of logging in or logging out of the app. Note that the query string part of the URL is ignored. This is an advanced setting typically only needed by Windows Store application backends. Note that URLs within the current domain are always implicitly allowed.

properties.identityProviders

Object

No

The configuration settings of each of the identity providers used to configure App Service Authentication/Authorization.

properties.identityProviders.azureActiveDirectory

Object

No

The configuration settings of the Azure Active directory provider.

properties.identityProviders.azureActiveDirectory.isAutoProvisioned

Boolean

No

Gets a value indicating whether the Azure AD configuration was auto-provisioned using 1st party tooling. This is an internal flag primarily intended to support the Azure Management Portal. Users should not read or write to this property.

properties.identityProviders.azureActiveDirectory.enabled

Boolean

No

false if the Azure Active Directory provider should not be enabled despite the set registration; otherwise, true.

properties.identityProviders.azureActiveDirectory.validation

Object

No

The configuration settings of the Azure Active Directory token validation flow.

properties.identityProviders.azureActiveDirectory.validation.allowedAudiences[]

Array

No

The list of audiences that can make successful authentication/authorization requests.

properties.identityProviders.azureActiveDirectory.validation.jwtClaimChecks

Object

No

The configuration settings of the checks that should be made while validating the JWT Claims.

properties.identityProviders.azureActiveDirectory.validation.jwtClaimChecks.allowedGroups[]

Array

No

The list of the allowed groups.

properties.identityProviders.azureActiveDirectory.validation.jwtClaimChecks.allowedClientApplications[]

Array

No

The list of the allowed client applications.

properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy

Object

No

The configuration settings of the Azure Active Directory default authorization policy.

properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedPrincipals

Object

No

The configuration settings of the Azure Active Directory allowed principals.

properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedPrincipals.groups[]

Array

No

The list of the allowed groups.

properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedPrincipals.identities[]

Array

No

The list of the allowed identities.

properties.identityProviders.azureActiveDirectory.validation.defaultAuthorizationPolicy.allowedApplications[]

Array

No

The configuration settings of the Azure Active Directory allowed applications.

properties.identityProviders.azureActiveDirectory.login

Object

No

The configuration settings of the Azure Active Directory login flow.

properties.identityProviders.azureActiveDirectory.login.loginParameters[]

Array

No

Login parameters to send to the OpenID Connect authorization endpoint when a user logs in. Each parameter must be in the form "key=value".

properties.identityProviders.azureActiveDirectory.login.disableWWWAuthenticate

Boolean

No

true if the www-authenticate provider should be omitted from the request; otherwise, false.

properties.identityProviders.azureActiveDirectory.registration

Object

No

The configuration settings of the Azure Active Directory app registration.

properties.identityProviders.azureActiveDirectory.registration.clientSecretCertificateThumbprint

String

No

An alternative to the client secret, that is the thumbprint of a certificate used for signing purposes. This property acts as a replacement for the Client Secret. It is also optional.

properties.identityProviders.azureActiveDirectory.registration.openIdIssuer

String

No

The OpenID Connect Issuer URI that represents the entity which issues access tokens for this application. When using Azure Active Directory, this value is the URI of the directory tenant, e.g. https://login.microsoftonline.com/v2.0/{tenant-guid}/. This URI is a case-sensitive identifier for the token issuer. More information on OpenID Connect Discovery: http://openid.net/specs/openid-connect-discovery-1_0.html

properties.identityProviders.azureActiveDirectory.registration.clientSecretCertificateIssuer

String

No

An alternative to the client secret thumbprint, that is the issuer of a certificate used for signing purposes. This property acts as a replacement for the Client Secret Certificate Thumbprint. It is also optional.

properties.identityProviders.azureActiveDirectory.registration.clientId

String

No

The Client ID of this relying party application, known as the client_id. This setting is required for enabling OpenID Connection authentication with Azure Active Directory or other 3rd party OpenID Connect providers. More information on OpenID Connect: http://openid.net/specs/openid-connect-core-1_0.html

properties.identityProviders.azureActiveDirectory.registration.clientSecretSettingName

String

No

The app setting name that contains the client secret of the relying party application.

properties.identityProviders.azureActiveDirectory.registration.clientSecretCertificateSubjectAlternativeName

String

No

An alternative to the client secret thumbprint, that is the subject alternative name of a certificate used for signing purposes. This property acts as a replacement for the Client Secret Certificate Thumbprint. It is also optional.

properties.identityProviders.apple

Object

No

The configuration settings of the Apple provider.

properties.identityProviders.apple.enabled

Boolean

No

false if the Apple provider should not be enabled despite the set registration; otherwise, true.

properties.identityProviders.apple.login

Object

No

The configuration settings of the login flow, including the scopes that should be requested.

properties.identityProviders.apple.login.scopes[]

Array

No

A list of the scopes that should be requested while authenticating.

properties.identityProviders.apple.registration

Object

No

The configuration settings of the registration for the Apple provider

properties.identityProviders.apple.registration.clientId

String

No

The Client ID of the app used for login.

properties.identityProviders.apple.registration.clientSecretSettingName

String

No

The app setting name that contains the client secret.

properties.identityProviders.gitHub

Object

No

The configuration settings of the GitHub provider.

properties.identityProviders.gitHub.enabled

Boolean

No

false if the GitHub provider should not be enabled despite the set registration; otherwise, true.

properties.identityProviders.gitHub.login

Object

No

The configuration settings of the login flow, including the scopes that should be requested.

properties.identityProviders.gitHub.login.scopes[]

Array

No

A list of the scopes that should be requested while authenticating.

properties.identityProviders.gitHub.registration

Object

No

The configuration settings of the app registration for providers that have client ids and client secrets

properties.identityProviders.gitHub.registration.clientId

String

No

The Client ID of the app used for login.

properties.identityProviders.gitHub.registration.clientSecretSettingName

String

No

The app setting name that contains the client secret.

properties.identityProviders.customOpenIdConnectProviders

Object

No

The map of the name of the alias of each custom Open ID Connect provider to the configuration settings of the custom Open ID Connect provider.

properties.identityProviders.customOpenIdConnectProviders.name

Object

No

The configuration settings of the custom Open ID Connect provider.

properties.identityProviders.customOpenIdConnectProviders.name.enabled

Boolean

No

false if the custom Open ID provider provider should not be enabled; otherwise, true.

properties.identityProviders.customOpenIdConnectProviders.name.login

Object

No

The configuration settings of the login flow of the custom Open ID Connect provider.

properties.identityProviders.customOpenIdConnectProviders.name.login.scopes[]

Array

No

A list of the scopes that should be requested while authenticating.

properties.identityProviders.customOpenIdConnectProviders.name.login.nameClaimType

String

No

The name of the claim that contains the users name.

properties.identityProviders.customOpenIdConnectProviders.name.registration

Object

No

The configuration settings of the app registration for the custom Open ID Connect provider.

properties.identityProviders.customOpenIdConnectProviders.name.registration.clientCredential

Object

No

The authentication client credentials of the custom Open ID Connect provider.

properties.identityProviders.customOpenIdConnectProviders.name.registration.clientCredential.method

String

No

The method that should be used to authenticate the user.

Possible values:

"ClientSecretPost"

properties.identityProviders.customOpenIdConnectProviders.name.registration.clientCredential.clientSecretSettingName

String

No

The app setting that contains the client secret for the custom Open ID Connect provider.

properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration

Object

No

The configuration settings of the endpoints used for the custom Open ID Connect provider.

properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.authorizationEndpoint

String

No

The endpoint to be used to make an authorization request.

properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.certificationUri

String

No

The endpoint that provides the keys necessary to validate the token.

properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.issuer

String

No

The endpoint that issues the token.

properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.wellKnownOpenIdConfiguration

String

No

The endpoint that contains all the configuration endpoints for the provider.

properties.identityProviders.customOpenIdConnectProviders.name.registration.openIdConnectConfiguration.tokenEndpoint

String

No

The endpoint to be used to request a token.

properties.identityProviders.customOpenIdConnectProviders.name.registration.clientId

String

No

The client id of the custom Open ID Connect provider.

properties.identityProviders.legacyMicrosoftAccount

Object

No

The configuration settings of the legacy Microsoft Account provider.

properties.identityProviders.legacyMicrosoftAccount.enabled

Boolean

No

false if the legacy Microsoft Account provider should not be enabled despite the set registration; otherwise, true.

properties.identityProviders.legacyMicrosoftAccount.validation

Object

No

The configuration settings of the Allowed Audiences validation flow.

properties.identityProviders.legacyMicrosoftAccount.validation.allowedAudiences[]

Array

No

The configuration settings of the allowed list of audiences from which to validate the JWT token.

properties.identityProviders.legacyMicrosoftAccount.login

Object

No

The configuration settings of the login flow, including the scopes that should be requested.

properties.identityProviders.legacyMicrosoftAccount.login.scopes[]

Array

No

A list of the scopes that should be requested while authenticating.

properties.identityProviders.legacyMicrosoftAccount.registration

Object

No

The configuration settings of the app registration for providers that have client ids and client secrets

properties.identityProviders.legacyMicrosoftAccount.registration.clientId

String

No

The Client ID of the app used for login.

properties.identityProviders.legacyMicrosoftAccount.registration.clientSecretSettingName

String

No

The app setting name that contains the client secret.

properties.identityProviders.twitter

Object

No

The configuration settings of the Twitter provider.

properties.identityProviders.twitter.enabled

Boolean

No

false if the Twitter provider should not be enabled despite the set registration; otherwise, true.

properties.identityProviders.twitter.registration

Object

No

The configuration settings of the app registration for the Twitter provider.

properties.identityProviders.twitter.registration.consumerSecretSettingName

String

No

The app setting name that contains the OAuth 1.0a consumer secret of the Twitter application used for sign-in.

properties.identityProviders.twitter.registration.consumerKey

String

No

The OAuth 1.0a consumer key of the Twitter application used for sign-in. This setting is required for enabling Twitter Sign-In. Twitter Sign-In documentation: https://dev.twitter.com/web/sign-in

properties.identityProviders.facebook

Object

No

The configuration settings of the Facebook provider.

properties.identityProviders.facebook.graphApiVersion

String

No

The version of the Facebook api to be used while logging in.

properties.identityProviders.facebook.enabled

Boolean

No

false if the Facebook provider should not be enabled despite the set registration; otherwise, true.

properties.identityProviders.facebook.login

Object

No

The configuration settings of the login flow, including the scopes that should be requested.

properties.identityProviders.facebook.login.scopes[]

Array

No

A list of the scopes that should be requested while authenticating.

properties.identityProviders.facebook.registration

Object

No

The configuration settings of the app registration for providers that have app ids and app secrets

properties.identityProviders.facebook.registration.appSecretSettingName

String

No

The app setting name that contains the app secret.

properties.identityProviders.facebook.registration.appId

String

No

The App ID of the app used for login.

properties.identityProviders.azureStaticWebApps

Object

No

The configuration settings of the Azure Static Web Apps provider.

properties.identityProviders.azureStaticWebApps.enabled

Boolean

No

false if the Azure Static Web Apps provider should not be enabled despite the set registration; otherwise, true.

properties.identityProviders.azureStaticWebApps.registration

Object

No

The configuration settings of the registration for the Azure Static Web Apps provider

properties.identityProviders.azureStaticWebApps.registration.clientId

String

No

The Client ID of the app used for login.

properties.identityProviders.google

Object

No

The configuration settings of the Google provider.

properties.identityProviders.google.enabled

Boolean

No

false if the Google provider should not be enabled despite the set registration; otherwise, true.

properties.identityProviders.google.validation

Object

No

The configuration settings of the Allowed Audiences validation flow.

properties.identityProviders.google.validation.allowedAudiences[]

Array

No

The configuration settings of the allowed list of audiences from which to validate the JWT token.

properties.identityProviders.google.login

Object

No

The configuration settings of the login flow, including the scopes that should be requested.

properties.identityProviders.google.login.scopes[]

Array

No

A list of the scopes that should be requested while authenticating.

properties.identityProviders.google.registration

Object

No

The configuration settings of the app registration for providers that have client ids and client secrets

properties.identityProviders.google.registration.clientId

String

No

The Client ID of the app used for login.

properties.identityProviders.google.registration.clientSecretSettingName

String

No

The app setting name that contains the client secret.

type

String

No

Resource type.

kind

String

No

Kind of resource.

Servers

Path parameters

Request headers

Request body fields

How to start integrating