Authentication Extensibility Password Administrator
PrivilegiadaControl PlaneSecurity
Role Actions
1Control Plane
1Management Plane
0User Access
0Não classificadas
0Template ID
0b00bede-4072-4d22-b441-e7df02a1ef63Categoria
SecurityEAM Tier
Control Plane (Tier 0)Enterprise Access Model: Control Plane
Controle total do tenant. Comprometimento leva a takeover completo. Isole de planos inferiores.
Descrição
Trigger a password submit event for custom authentication to migrate user passwords from an external identity system to Microsoft Entra External ID
Role Definition (JSON)
{"@odata.type": "#microsoft.graph.unifiedRoleDefinition","id": "0b00bede-4072-4d22-b441-e7df02a1ef63","displayName": "Authentication Extensibility Password Administrator","description": "Trigger a password submit event for custom authentication to migrate user passwords from an external identity system to Microsoft Entra External ID","isBuiltIn": true,"isEnabled": true,"isPrivileged": true,"rolePermissions": [{"allowedResourceActions": ["microsoft.directory/onPasswordSubmitCustomAuthenticationExtension/allProperties/allTasks"
Permissões completas
Todas as 1 role actions desta role, classificadas por tier do EAM.
| Role Action | Categoria | Tier |
|---|---|---|
microsoft.directory/onPasswordSubmitCustomAuthenticationExtension/allProperties/allTasks | Authentication | Tier 0 |
1 de 1 role actions
PowerShell
Get-MgRoleManagementDirectoryRoleDefinition ` -UnifiedRoleDefinitionId "0b00bede-4072-4d22-b441-e7df02a1ef63"
Microsoft Graph
GET https://graph.microsoft.com/v1.0/ roleManagement/directory/ roleDefinitions/0b00bede-4072-4d22-b441-e7df02a1ef63