VerifiedId-Profile.ReadWrite.All
Export JSON
Export CSV
Copy URL
Print
Delegated
Read/Write
All Resources
This role can read and write Verified Id profiles in a tenant.
Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access
App-Only Access
Permission Details
Delegated Permission
Admin consent required
Read and write Verified Id profiles
This role can read and write Verified Id profiles in a tenant.
User sees: This role can read and write Verified Id profiles in a tenant.
Permission ID:
e4a9cb5e-4767-48f8-9029-decf26a54456
Properties
Microsoft Graph beta
exact-category-docs
Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.
| Property | Type | Description |
|---|---|---|
description |
String |
Description for the verified ID profile. Required. |
faceCheckConfiguration |
faceCheckConfiguration |
Set of properties configuring Entra Verified ID Face Check behavior. Required. |
id |
String |
Profile identifier. Inherited from entity. |
lastModifiedDateTime |
DateTimeOffsetNullable |
DateTime the profile was last modified. Optional. |
name |
String |
Display name for the verified ID profile. Required. |
priority |
Int32Nullable |
Defines profile processing priority if multiple profiles are configured. Optional. |
state |
verifiedIdProfileState |
Enablement state for the profile. The possible values are: enabled, disabled, unknownFutureValue. Required. |
verifierDid |
String |
Decentralized Identifier (DID) string that represents the verifier in the verifiable credential exchange. Required. |
verifiedIdProfileConfiguration |
verifiedIdProfileConfiguration |
Set of properties expressing the accepted issuer, claims binding, and credential type. Required. |
verifiedIdUsageConfigurations |
verifiedIdUsageConfiguration collection |
Collection defining the usage purpose for the profile. The possible values are: recovery, onboarding, all, unknownFutureValue. Required. |
JSON Representation
Microsoft Graph beta
exact-category-docs
JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.
JSON representation
{
"@odata.type": "#microsoft.graph.verifiedIdProfile",
"id": "String (identifier)",
"name": "String",
"description": "String",
"lastModifiedDateTime": "String (timestamp)",
"state": "String",
"verifierDid": "String",
"priority": "Integer",
"verifiedIdProfileConfiguration": {
"@odata.type": "microsoft.graph.verifiedIdProfileConfiguration"
},
"faceCheckConfiguration": {
"@odata.type": "microsoft.graph.faceCheckConfiguration"
},
"verifiedIdUsageConfigurations": [
{
"@odata.type": "microsoft.graph.verifiedIdUsageConfiguration"
}
]
}Relationships
Microsoft Graph beta
schema-derived
Relationships is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.
| Relationship | Type | Description |
|---|---|---|
faceCheckConfiguration |
faceCheckConfiguration |
Related faceCheckConfiguration data exposed by this resource. |
state |
verifiedIdProfileState |
Related state data exposed by this resource. |
verifiedIdProfileConfiguration |
verifiedIdProfileConfiguration |
Related verifiedIdProfileConfiguration data exposed by this resource. |
verifiedIdUsageConfigurations |
verifiedIdUsageConfiguration collection |
Collection defining the usage purpose for the profile. The possible values are: recovery, onboarding, all, unknownFutureValue. Required. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
No API methods available for this version.
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
No deterministic PowerShell command map is available for this permission.
Browse PowerShell docs
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
C# / .NET SDK
Create verifiedIdProfile
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new VerifiedIdProfile
{
Name = "Contoso Verified ID",
Description = "Contoso Verified Identity",
LastModifiedDateTime = null,
State = VerifiedIdProfileState.Enabled,
VerifierDid = "did:web:eu.did-dev.contoso.io",
Priority = 0,
VerifiedIdProfileConfiguration = new VerifiedIdProfileConfiguration
{
Type = "verifiedIdentity",
AcceptedIssuer = "did:web:eu.did-dev.contoso.io",
ClaimBindingSource = ClaimBindingSource.Directory,
ClaimBindings = new List<ClaimBinding>
{
new ClaimBinding
{
SourceAttribute = "First name",
VerifiedIdClaim = "vc.credentialSubject.firstName",
},
new ClaimBinding
{
SourceAttribute = "Last name",
VerifiedIdClaim = "vc.credentialSubject.lastName",
},
},
},
FaceCheckConfiguration = new FaceCheckConfiguration
{
IsEnabled = true,
SourcePhotoClaimName = "portrait",
},
VerifiedIdUsageConfigurations = new List<VerifiedIdUsageConfiguration>
{
new VerifiedIdUsageConfiguration
{
IsEnabledForTestOnly = true,
Purpose = VerifiedIdUsageConfigurationPurpose.Recovery,
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Identity.VerifiedId.Profiles.PostAsync(requestBody);
JavaScript
Create verifiedIdProfile
const options = {
authProvider,
};
const client = Client.init(options);
const verifiedIdProfile = {
name: 'Contoso Verified ID',
description: 'Contoso Verified Identity',
lastModifiedDateTime: null,
state: 'enabled',
verifierDid: 'did:web:eu.did-dev.contoso.io',
priority: 0,
verifiedIdProfileConfiguration: {
type: 'verifiedIdentity',
acceptedIssuer: 'did:web:eu.did-dev.contoso.io',
claimBindingSource: 'directory',
claimBindings: [
{
sourceAttribute: 'First name',
verifiedIdClaim: 'vc.credentialSubject.firstName'
},
{
sourceAttribute: 'Last name',
verifiedIdClaim: 'vc.credentialSubject.lastName'
}
]
},
faceCheckConfiguration: {
isEnabled: true,
sourcePhotoClaimName: 'portrait'
},
verifiedIdUsageConfigurations: [
{
isEnabledForTestOnly: true,
purpose: 'recovery'
}
]
};
await client.api('/identity/verifiedId/profiles')
.version('beta')
.post(verifiedIdProfile);
PowerShell
Create verifiedIdProfile
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
name = "Contoso Verified ID"
description = "Contoso Verified Identity"
lastModifiedDateTime = $null
state = "enabled"
verifierDid = "did:web:eu.did-dev.contoso.io"
priority = 0
verifiedIdProfileConfiguration = @{
type = "verifiedIdentity"
acceptedIssuer = "did:web:eu.did-dev.contoso.io"
claimBindingSource = "directory"
claimBindings = @(
@{
sourceAttribute = "First name"
verifiedIdClaim = "vc.credentialSubject.firstName"
}
@{
sourceAttribute = "Last name"
verifiedIdClaim = "vc.credentialSubject.lastName"
}
)
}
faceCheckConfiguration = @{
isEnabled = $true
sourcePhotoClaimName = "portrait"
}
verifiedIdUsageConfigurations = @(
@{
isEnabledForTestOnly = $true
purpose = "recovery"
}
)
}
New-MgBetaIdentityVerifiedIdProfile -BodyParameter $params
Python
Create verifiedIdProfile
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.verified_id_profile import VerifiedIdProfile
from msgraph_beta.generated.models.verified_id_profile_state import VerifiedIdProfileState
from msgraph_beta.generated.models.verified_id_profile_configuration import VerifiedIdProfileConfiguration
from msgraph_beta.generated.models.claim_binding_source import ClaimBindingSource
from msgraph_beta.generated.models.claim_binding import ClaimBinding
from msgraph_beta.generated.models.face_check_configuration import FaceCheckConfiguration
from msgraph_beta.generated.models.verified_id_usage_configuration import VerifiedIdUsageConfiguration
from msgraph_beta.generated.models.verified_id_usage_configuration_purpose import VerifiedIdUsageConfigurationPurpose
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = VerifiedIdProfile(
name = "Contoso Verified ID",
description = "Contoso Verified Identity",
last_modified_date_time = None,
state = VerifiedIdProfileState.Enabled,
verifier_did = "did:web:eu.did-dev.contoso.io",
priority = 0,
verified_id_profile_configuration = VerifiedIdProfileConfiguration(
type = "verifiedIdentity",
accepted_issuer = "did:web:eu.did-dev.contoso.io",
claim_binding_source = ClaimBindingSource.Directory,
claim_bindings = [
ClaimBinding(
source_attribute = "First name",
verified_id_claim = "vc.credentialSubject.firstName",
),
ClaimBinding(
source_attribute = "Last name",
verified_id_claim = "vc.credentialSubject.lastName",
),
],
),
face_check_configuration = FaceCheckConfiguration(
is_enabled = True,
source_photo_claim_name = "portrait",
),
verified_id_usage_configurations = [
VerifiedIdUsageConfiguration(
is_enabled_for_test_only = True,
purpose = VerifiedIdUsageConfigurationPurpose.Recovery,
),
],
)
result = await graph_client.identity.verified_id.profiles.post(request_body)App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Delegated permissions and search for VerifiedId-Profile.ReadWrite.All
4
Grant Admin Consent
This delegated permission requires admin consent.