UserAuthMethod-TAP.Read | Graph Permissions

Permission Details

Delegated Permission

Read the signed-in user's Temporary Access Pass authentication methods

Allows the app to read the signed-in user's Temporary Access Pass authentication methods. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods.

Permission ID: 84ded88f-26ba-49d6-b776-efec398de692

Properties

Microsoft Graph v1.0 endpoint-derived-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property	Type	Description
`id`	`String`	Unique identifier. Read-only.
`emailMethods`	`emailAuthenticationMethod collection`	The email address registered to a user for authentication.
`externalAuthenticationMethods`	`externalAuthenticationMethod collection`	Represents the external MFA registered to a user for authentication using an external identity provider.
`fido2Methods`	`fido2AuthenticationMethod collection`	Represents the FIDO2 security keys registered to a user for authentication.
`methods`	`authenticationMethod collection`	Represents all authentication methods registered to a user.
`microsoftAuthenticatorMethods`	`microsoftAuthenticatorAuthenticationMethod collection`	The details of the Microsoft Authenticator app registered to a user for authentication.
`operations`	`longRunningOperation collection`	Represents the status of a long-running operation, such as a password reset operation.
`passwordMethods`	`passwordAuthenticationMethod collection`	Represents the password registered to a user for authentication. For security, the password itself is never returned in the object, but action can be taken to reset a password.
`phoneMethods`	`phoneAuthenticationMethod collection`	The phone numbers registered to a user for authentication.
`platformCredentialMethods`	`platformCredentialAuthenticationMethod collection`	Represents a platform credential instance registered to a user on Mac OS.
`softwareOathMethods`	`softwareOathAuthenticationMethod collection`	The software OATH time-based one-time password (TOTP) applications registered to a user for authentication.
`temporaryAccessPassMethods`	`temporaryAccessPassAuthenticationMethod collection`	Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes.
`windowsHelloForBusinessMethods`	`windowsHelloForBusinessAuthenticationMethod collection`	Represents the Windows Hello for Business authentication method registered to a user for authentication.

JSON Representation

Microsoft Graph v1.0 endpoint-derived-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation

{
  "@odata.type": "#microsoft.graph.authentication"
}

Relationships

Microsoft Graph v1.0 endpoint-derived-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship	Type	Description
`emailMethods`	`emailAuthenticationMethod collection`	The email address registered to a user for authentication.
`externalAuthenticationMethods`	`externalAuthenticationMethod collection`	Represents the external MFA registered to a user for authentication using an external identity provider.
`fido2Methods`	`fido2AuthenticationMethod collection`	Represents the FIDO2 security keys registered to a user for authentication.
`methods`	`authenticationMethod collection`	Represents all authentication methods registered to a user.
`microsoftAuthenticatorMethods`	`microsoftAuthenticatorAuthenticationMethod collection`	The details of the Microsoft Authenticator app registered to a user for authentication.
`operations`	`longRunningOperation collection`	Represents the status of a long-running operation, such as a password reset operation.
`passwordMethods`	`passwordAuthenticationMethod collection`	Represents the password registered to a user for authentication. For security, the password itself is never returned in the object, but action can be taken to reset a password.
`platformCredentialMethods`	`platformCredentialAuthenticationMethod collection`	Represents a platform credential instance registered to a user on Mac OS.
`phoneMethods`	`phoneAuthenticationMethod collection`	The phone numbers registered to a user for authentication.
`softwareOathMethods`	`softwareOathAuthenticationMethod collection`	The software OATH time-based one-time password (TOTP) applications registered to a user for authentication.
`temporaryAccessPassMethods`	`temporaryAccessPassAuthenticationMethod collection`	Represents a Temporary Access Pass registered to a user for authentication through time-limited passcodes.
`windowsHelloForBusinessMethods`	`windowsHelloForBusinessAuthenticationMethod collection`	Represents the Windows Hello for Business authentication method registered to a user for authentication.
`hardwareOathMethods`	`hardwareOathAuthenticationMethod collection`	The hardware OATH time-based one-time password (TOTP) devices assigned to a user for authentication.
`passwordlessMicrosoftAuthenticatorMethods`	`passwordlessMicrosoftAuthenticatorAuthenticationMethod collection`	Represents the Microsoft Authenticator Passwordless Phone Sign-in methods registered to a user for authentication.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/me/authentication/temporaryAccessPassMethods`
GET `/me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}`
GET `/users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods`
GET `/users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}`
POST `/users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods`

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/me/authentication/temporaryAccessPassMethods`
GET `/me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}`
GET `/users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods`
GET `/users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}`
POST `/users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgUserAuthenticationTemporaryAccessPassMethod` /me/authentication/temporaryAccessPassMethods List temporaryAccessPassMethods
`Get-MgUserAuthenticationTemporaryAccessPassMethod` /me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId} Get temporaryAccessPassAuthenticationMethod
`New-MgUserAuthenticationTemporaryAccessPassMethod` /users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods Create temporaryAccessPassMethod

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgBetaUserAuthenticationTemporaryAccessPassMethod` /me/authentication/temporaryAccessPassMethods List temporaryAccessPassMethods
`Get-MgBetaUserAuthenticationTemporaryAccessPassMethod` /me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId} Get temporaryAccessPassAuthenticationMethod
`New-MgBetaUserAuthenticationTemporaryAccessPassMethod` /users/{id \| userPrincipalName}/authentication/temporaryAccessPassMethods Create temporaryAccessPassMethod

Code Examples

C# / .NET SDK

Create temporaryAccessPassMethod

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new TemporaryAccessPassAuthenticationMethod
{
	StartDateTime = DateTimeOffset.Parse("2022-06-05T00:00:00.000Z"),
	LifetimeInMinutes = 60,
	IsUsableOnce = false,
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users["{user-id}"].Authentication.TemporaryAccessPassMethods.PostAsync(requestBody);

JavaScript

Create temporaryAccessPassMethod

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const temporaryAccessPassAuthenticationMethod = {
    startDateTime: '2022-06-05T00:00:00.000Z',
    lifetimeInMinutes: 60,
    isUsableOnce: false
};

await client.api('/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/temporaryAccessPassMethods')
	.post(temporaryAccessPassAuthenticationMethod);

PowerShell

Create temporaryAccessPassMethod

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	startDateTime = [System.DateTime]::Parse("2022-06-05T00:00:00.000Z")
	lifetimeInMinutes = 60
	isUsableOnce = $false
}

New-MgUserAuthenticationTemporaryAccessPassMethod -UserId $userId -BodyParameter $params

Python

Create temporaryAccessPassMethod

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.temporary_access_pass_authentication_method import TemporaryAccessPassAuthenticationMethod
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = TemporaryAccessPassAuthenticationMethod(
	start_date_time = "2022-06-05T00:00:00.000Z",
	lifetime_in_minutes = 60,
	is_usable_once = False,
)

result = await graph_client.users.by_user_id('user-id').authentication.temporary_access_pass_methods.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Delegated permissions and search for UserAuthMethod-TAP.Read

4

Grant Admin Consent

This delegated permission requires admin consent.