Authentication Extensibility Password Administrator

Entra ID · Security · EAM ControlPlane

Authentication Extensibility Password Administrator

Privilegiada
Control PlaneSecurity
Role Actions
1
Control Plane
1
Management Plane
0
User Access
0
Não classificadas
0
Template ID
0b00bede-4072-4d22-b441-e7df02a1ef63
Categoria
Security
EAM Tier
Control Plane (Tier 0)
Enterprise Access Model: Control Plane

Controle total do tenant. Comprometimento leva a takeover completo. Isole de planos inferiores.

Descrição

Trigger a password submit event for custom authentication to migrate user passwords from an external identity system to Microsoft Entra External ID

Role Definition (JSON)

{
"@odata.type": "#microsoft.graph.unifiedRoleDefinition",
"id": "0b00bede-4072-4d22-b441-e7df02a1ef63",
"displayName": "Authentication Extensibility Password Administrator",
"description": "Trigger a password submit event for custom authentication to migrate user passwords from an external identity system to Microsoft Entra External ID",
"isBuiltIn": true,
"isEnabled": true,
"isPrivileged": true,
"rolePermissions": [
{
"allowedResourceActions": [
"microsoft.directory/onPasswordSubmitCustomAuthenticationExtension/allProperties/allTasks"

Permissões completas

Todas as 1 role actions desta role, classificadas por tier do EAM.

Role ActionCategoriaTier
microsoft.directory/onPasswordSubmitCustomAuthenticationExtension/allProperties/allTasks
AuthenticationTier 0

1 de 1 role actions

PowerShell

Get-MgRoleManagementDirectoryRoleDefinition `
  -UnifiedRoleDefinitionId "0b00bede-4072-4d22-b441-e7df02a1ef63"

Microsoft Graph

GET https://graph.microsoft.com/v1.0/
  roleManagement/directory/
  roleDefinitions/0b00bede-4072-4d22-b441-e7df02a1ef63
Ver documentação oficial na Microsoft Learn

Roles relacionadas