VerifiedId-Profile.ReadWrite.All
Export JSON
Export CSV
Copy URL
Print
Delegated
Read/Write
All Resources
This role can read and write Verified Id profiles in a tenant.
Permission data: May 21, 2026 at 4:34 AM UTC
Delegated Access
App-Only Access
Permission Details
Delegated Permission
Admin consent required
Read and write Verified Id profiles
This role can read and write Verified Id profiles in a tenant.
User sees: This role can read and write Verified Id profiles in a tenant.
Permission ID:
e4a9cb5e-4767-48f8-9029-decf26a54456
Properties
Microsoft Graph v1.0
exact-category-docs
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
description |
String |
Description for the verified ID profile. Required. |
faceCheckConfiguration |
faceCheckConfiguration |
Set of properties configuring Entra Verified ID Face Check behavior. Required. |
id |
String |
Profile identifier. Inherited from entity. |
lastModifiedDateTime |
DateTimeOffsetNullable |
DateTime the profile was last modified. Optional. |
name |
String |
Display name for the verified ID profile. Required. |
priority |
Int32Nullable |
Defines profile processing priority if multiple profiles are configured. Optional. |
state |
verifiedIdProfileState |
Enablement state for the profile. The possible values are: enabled, disabled, unknownFutureValue. Required. |
verifierDid |
String |
Decentralized Identifier (DID) string that represents the verifier in the verifiable credential exchange. Required. |
verifiedIdProfileConfiguration |
verifiedIdProfileConfiguration |
Set of properties expressing the accepted issuer, claims binding, and credential type. Required. |
verifiedIdUsageConfigurations |
verifiedIdUsageConfiguration collection |
Collection defining the usage purpose for the profile. Required. |
JSON Representation
Microsoft Graph v1.0
exact-category-docs
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"@odata.type": "#microsoft.graph.verifiedIdProfile",
"id": "String (identifier)",
"name": "String",
"description": "String",
"lastModifiedDateTime": "String (timestamp)",
"state": "String",
"verifierDid": "String",
"priority": "Integer",
"verifiedIdProfileConfiguration": {
"@odata.type": "microsoft.graph.verifiedIdProfileConfiguration"
},
"faceCheckConfiguration": {
"@odata.type": "microsoft.graph.faceCheckConfiguration"
},
"verifiedIdUsageConfigurations": [
{
"@odata.type": "microsoft.graph.verifiedIdUsageConfiguration"
}
]
}Relationships
Microsoft Graph v1.0
schema-derived
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
faceCheckConfiguration |
faceCheckConfiguration |
Related faceCheckConfiguration data exposed by this resource. |
state |
verifiedIdProfileState |
Related state data exposed by this resource. |
verifiedIdProfileConfiguration |
verifiedIdProfileConfiguration |
Related verifiedIdProfileConfiguration data exposed by this resource. |
verifiedIdUsageConfigurations |
verifiedIdUsageConfiguration collection |
Collection defining the usage purpose for the profile. Required. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
C# / .NET SDK
Create verifiedIdProfile
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new VerifiedIdProfile
{
Name = "Contoso Verified ID",
Description = "Contoso Verified Identity",
LastModifiedDateTime = null,
State = VerifiedIdProfileState.Enabled,
VerifierDid = "did:web:eu.did-dev.contoso.io",
Priority = 0,
VerifiedIdProfileConfiguration = new VerifiedIdProfileConfiguration
{
Type = "verifiedIdentity",
AcceptedIssuer = "did:web:eu.did-dev.contoso.io",
ClaimBindingSource = ClaimBindingSource.Directory,
ClaimBindings = new List<ClaimBinding>
{
new ClaimBinding
{
MatchConfidenceLevel = MatchConfidenceLevel.Exact,
SourceAttribute = "First name",
VerifiedIdClaim = "vc.credentialSubject.firstName",
},
new ClaimBinding
{
MatchConfidenceLevel = MatchConfidenceLevel.Exact,
SourceAttribute = "Last name",
VerifiedIdClaim = "vc.credentialSubject.lastName",
},
},
ClaimValidation = new ClaimValidation
{
IsEnabled = true,
CustomExtensionId = "00aa00aa-bb11-cc22-dd33-44ee44ee44ee",
},
},
FaceCheckConfiguration = new FaceCheckConfiguration
{
IsEnabled = true,
SourcePhotoClaimName = "portrait",
},
VerifiedIdUsageConfigurations = new List<VerifiedIdUsageConfiguration>
{
new VerifiedIdUsageConfiguration
{
IsEnabledForTestOnly = true,
Purpose = VerifiedIdUsageConfigurationPurpose.Recovery,
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.VerifiedId.Profiles.PostAsync(requestBody);
JavaScript
Create verifiedIdProfile
const options = {
authProvider,
};
const client = Client.init(options);
const verifiedIdProfile = {
name: 'Contoso Verified ID',
description: 'Contoso Verified Identity',
lastModifiedDateTime: null,
state: 'enabled',
verifierDid: 'did:web:eu.did-dev.contoso.io',
priority: 0,
verifiedIdProfileConfiguration: {
type: 'verifiedIdentity',
acceptedIssuer: 'did:web:eu.did-dev.contoso.io',
claimBindingSource: 'directory',
claimBindings: [
{
matchConfidenceLevel: 'exact',
sourceAttribute: 'First name',
verifiedIdClaim: 'vc.credentialSubject.firstName'
},
{
matchConfidenceLevel: 'exact',
sourceAttribute: 'Last name',
verifiedIdClaim: 'vc.credentialSubject.lastName'
}
],
claimValidation: {
isEnabled: true,
customExtensionId: '00aa00aa-bb11-cc22-dd33-44ee44ee44ee'
}
},
faceCheckConfiguration: {
isEnabled: true,
sourcePhotoClaimName: 'portrait'
},
verifiedIdUsageConfigurations: [
{
isEnabledForTestOnly: true,
purpose: 'recovery'
}
]
};
await client.api('/identity/verifiedId/profiles')
.post(verifiedIdProfile);
PowerShell
Create verifiedIdProfile
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
name = "Contoso Verified ID"
description = "Contoso Verified Identity"
lastModifiedDateTime = $null
state = "enabled"
verifierDid = "did:web:eu.did-dev.contoso.io"
priority = 0
verifiedIdProfileConfiguration = @{
type = "verifiedIdentity"
acceptedIssuer = "did:web:eu.did-dev.contoso.io"
claimBindingSource = "directory"
claimBindings = @(
@{
matchConfidenceLevel = "exact"
sourceAttribute = "First name"
verifiedIdClaim = "vc.credentialSubject.firstName"
}
@{
matchConfidenceLevel = "exact"
sourceAttribute = "Last name"
verifiedIdClaim = "vc.credentialSubject.lastName"
}
)
claimValidation = @{
isEnabled = $true
customExtensionId = "00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
}
}
faceCheckConfiguration = @{
isEnabled = $true
sourcePhotoClaimName = "portrait"
}
verifiedIdUsageConfigurations = @(
@{
isEnabledForTestOnly = $true
purpose = "recovery"
}
)
}
New-MgIdentityVerifiedIdProfile -BodyParameter $params
Python
Create verifiedIdProfile
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.verified_id_profile import VerifiedIdProfile
from msgraph.generated.models.verified_id_profile_state import VerifiedIdProfileState
from msgraph.generated.models.verified_id_profile_configuration import VerifiedIdProfileConfiguration
from msgraph.generated.models.claim_binding_source import ClaimBindingSource
from msgraph.generated.models.claim_binding import ClaimBinding
from msgraph.generated.models.match_confidence_level import MatchConfidenceLevel
from msgraph.generated.models.claim_validation import ClaimValidation
from msgraph.generated.models.face_check_configuration import FaceCheckConfiguration
from msgraph.generated.models.verified_id_usage_configuration import VerifiedIdUsageConfiguration
from msgraph.generated.models.verified_id_usage_configuration_purpose import VerifiedIdUsageConfigurationPurpose
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = VerifiedIdProfile(
name = "Contoso Verified ID",
description = "Contoso Verified Identity",
last_modified_date_time = None,
state = VerifiedIdProfileState.Enabled,
verifier_did = "did:web:eu.did-dev.contoso.io",
priority = 0,
verified_id_profile_configuration = VerifiedIdProfileConfiguration(
type = "verifiedIdentity",
accepted_issuer = "did:web:eu.did-dev.contoso.io",
claim_binding_source = ClaimBindingSource.Directory,
claim_bindings = [
ClaimBinding(
match_confidence_level = MatchConfidenceLevel.Exact,
source_attribute = "First name",
verified_id_claim = "vc.credentialSubject.firstName",
),
ClaimBinding(
match_confidence_level = MatchConfidenceLevel.Exact,
source_attribute = "Last name",
verified_id_claim = "vc.credentialSubject.lastName",
),
],
claim_validation = ClaimValidation(
is_enabled = True,
custom_extension_id = "00aa00aa-bb11-cc22-dd33-44ee44ee44ee",
),
),
face_check_configuration = FaceCheckConfiguration(
is_enabled = True,
source_photo_claim_name = "portrait",
),
verified_id_usage_configurations = [
VerifiedIdUsageConfiguration(
is_enabled_for_test_only = True,
purpose = VerifiedIdUsageConfigurationPurpose.Recovery,
),
],
)
result = await graph_client.identity.verified_id.profiles.post(request_body)App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Delegated permissions and search for VerifiedId-Profile.ReadWrite.All
4
Grant Admin Consent
This delegated permission requires admin consent.