ESC
Type to search...
Navigate Open ESC Close

IdentityProvider.ReadWrite.All

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write All Resources

Allows the app to read and write your organization’s identity (authentication) providers’ properties without a signed in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read and write identity providers

Allows the app to read and write your organization’s identity (authentication) providers’ properties without a signed in user.

Permission ID: 90db2b9a-d928-4d33-a4dd-8442ae3d41e4
Delegated Permission Admin consent required

Read and write identity providers

Allows the app to read and write your organization’s identity (authentication) providers’ properties on behalf of the user.

User sees: Allows the app to read and write your organization’s identity (authentication) providers’ properties on your behalf.
Permission ID: f13ce604-1677-429f-90bd-8a10b9f01325

Properties

Microsoft Graph v1.0 exact-category-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
clientId StringNullable The client ID for the application. This is the client ID obtained when registering the application with the identity provider. Required. Not nullable.
clientSecret StringNullable The client secret for the application. This is the client secret obtained when registering the application with the identity provider. This is write-only. A read operation will return . Required. Not nullable.
id String The ID of the identity provider.
name StringNullable The display name of the identity provider. Not nullable.
type StringNullable The identity provider type is a required field. For B2B scenario: Google, Facebook. For B2C scenario: Microsoft, Google, Amazon, LinkedIn, Facebook, GitHub, Twitter, Weibo, QQ, WeChat, OpenIDConnect. Not nullable.

JSON Representation

Microsoft Graph v1.0 exact-category-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "id": "String",
  "type": "String",
  "name": "String",
  "clientId": "String",
  "clientSecret": "String"
}

Relationships

Relationships metadata is not available for this permission mapping.

View resource documentation

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/{samlOrWsFedExternalDomainFederation ID}/domains
GET /identity/identityProviders
GET /identity/identityProviders/{id}
GET /identity/identityProviders/availableProviderTypes
GET /identityProviders
GET /identityProviders/{id}
GET /identityProviders/availableProviderTypes
POST /directory/federationConfigurations/{samlOrWsFedExternalDomainFederation ID}/microsoft.graph.samlOrWsFedExternalDomainFederation/domains
POST /directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation
POST /identity/identityProviders
POST /identityProviders
PATCH /directory/federationConfigurations/graph.samlOrWsFedExternalDomainFederation/{samlOrWsFedExternalDomainFederation ID}
PATCH /identity/identityProviders/{id}
PATCH /identityProviders/{id}
DELETE /directory/federationConfigurations/{samlOrWsFedExternalDomainFederation ID}
DELETE /identity/identityProviders/{id}
DELETE /identityProviders/{id}
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation/{samlOrWsFedExternalDomainFederation ID}/domains
GET /identity/identityProviders
GET /identity/identityProviders/{id}
GET /identity/identityProviders/availableProviderTypes
GET /identityProviders
GET /identityProviders/{id}
GET /identityProviders/availableProviderTypes
POST /directory/federationConfigurations/{samlOrWsFedExternalDomainFederation ID}/microsoft.graph.samlOrWsFedExternalDomainFederation/domains
POST /directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation
POST /identity/identityProviders
POST /identityProviders
PATCH /directory/federationConfigurations/graph.samlOrWsFedExternalDomainFederation/{samlOrWsFedExternalDomainFederation ID}
PATCH /identity/identityProviders/{id}
PATCH /identityProviders/{id}
DELETE /directory/federationConfigurations/{samlOrWsFedExternalDomainFederation ID}
DELETE /identity/identityProviders/{id}
DELETE /identityProviders/{id}
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgIdentityProvider /identity/identityProviders
List identityProviders
Get-MgIdentityProvider /identity/identityProviders/{id}
Get identityProvider
Get-MgIdentityProvider /identityProviders
List identityProviders
Get-MgIdentityProvider /identityProviders/{id}
Get identityProvider
Invoke-MgAvailableIdentityProviderType /identity/identityProviders/availableProviderTypes
List availableProviderTypes
Invoke-MgAvailableIdentityProviderType /identityProviders/availableProviderTypes
List availableProviderTypes
New-MgIdentityProvider /identity/identityProviders
Create identityProvider
New-MgIdentityProvider /identityProviders
Create identityProvider
Remove-MgDirectoryFederationConfiguration /directory/federationConfigurations/{samlOrWsFedExternalDomainFederation ID}
Delete samlOrWsFedExternalDomainFederation
Remove-MgIdentityProvider /identity/identityProviders/{id}
Delete identityProvider
Remove-MgIdentityProvider /identityProviders/{id}
Delete identityProvider
Update-MgIdentityProvider /identity/identityProviders/{id}
Update identityProvider
Update-MgIdentityProvider /identityProviders/{id}
Update identityProvider
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaIdentityProvider /identity/identityProviders
List identityProviders
Get-MgBetaIdentityProvider /identity/identityProviders/{id}
Get identityProvider
Get-MgBetaIdentityProvider /identityProviders
List identityProviders
Get-MgBetaIdentityProvider /identityProviders/{id}
Get identityProvider
Invoke-MgBetaAvailableIdentityProviderType /identity/identityProviders/availableProviderTypes
List availableProviderTypes
Invoke-MgBetaAvailableIdentityProviderType /identityProviders/availableProviderTypes
List availableProviderTypes
New-MgBetaIdentityProvider /identity/identityProviders
Create identityProvider
New-MgBetaIdentityProvider /identityProviders
Create identityProvider
Remove-MgBetaDirectoryFederationConfiguration /directory/federationConfigurations/{samlOrWsFedExternalDomainFederation ID}
Delete samlOrWsFedExternalDomainFederation
Remove-MgBetaIdentityProvider /identity/identityProviders/{id}
Delete identityProvider
Remove-MgBetaIdentityProvider /identityProviders/{id}
Delete identityProvider
Update-MgBetaIdentityProvider /identity/identityProviders/{id}
Update identityProvider
Update-MgBetaIdentityProvider /identityProviders/{id}
Update identityProvider

Code Examples

C# / .NET SDK
Create identityProvider
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new SocialIdentityProvider
{
	OdataType = "microsoft.graph.socialIdentityProvider",
	DisplayName = "Login with Amazon",
	IdentityProviderType = "Amazon",
	ClientId = "56433757-cadd-4135-8431-2c9e3fd68ae8",
	ClientSecret = "000000000000",
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.IdentityProviders.PostAsync(requestBody);
JavaScript
Create externalDomainName
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

const externalDomainName = {
    '@odata.type': 'microsoft.graph.externalDomainName',
    id: 'contososuites.com'
};

await client.api('/directory/federationConfigurations/d5a56845-6845-d5a5-4568-a5d54568a5d5/microsoft.graph.samlOrWsFedExternalDomainFederation/domains')
	.post(externalDomainName);
PowerShell
Create identityProvider
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "microsoft.graph.socialIdentityProvider"
	displayName = "Login with Amazon"
	identityProviderType = "Amazon"
	clientId = "56433757-cadd-4135-8431-2c9e3fd68ae8"
	clientSecret = "000000000000"
}

New-MgIdentityProvider -BodyParameter $params
Python
Create identityProvider
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.social_identity_provider import SocialIdentityProvider
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = SocialIdentityProvider(
	odata_type = "microsoft.graph.socialIdentityProvider",
	display_name = "Login with Amazon",
	identity_provider_type = "Amazon",
	client_id = "56433757-cadd-4135-8431-2c9e3fd68ae8",
	client_secret = "000000000000",
)

result = await graph_client.identity.identity_providers.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for IdentityProvider.ReadWrite.All

4

Grant Admin Consent

Application permissions always require admin consent.