Allows the app to read your organization's custom authentication extensions on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the CustomAuthenticationExtension.Read.All permission.
If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant
Category
Application
Delegated
Identifier
88bb2658-5d9e-454f-aacd-a3933e079526
b2052569-c98c-4f36-a5fb-43e5c111e6d0
DisplayText
Read all custom authentication extensions
Read your organization's custom authentication extensions
Description
Allows the app to read your organization's custom authentication extensions without a signed-in user.
Allows the app to read your organization's custom authentication extensions on behalf of the signed-in user.
Configuration for securing the API call. For example, using OAuth client credentials flow. Inherited from customCalloutExtension.
clientConfiguration
customExtensionClientConfiguration
HTTP connection settings that define how long Microsoft Entra ID can wait for a connection, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed. Inherited from customCalloutExtension.
description
String
Description for the onAttributeCollectionStartCustomExtension object. Inherited from customCalloutExtension.
displayName
String
Display name for the onAttributeCollectionStartCustomExtension object. Inherited from customCalloutExtension.
endpointConfiguration
customExtensionEndpointConfiguration
The type and details for configuring the endpoint to call the app's workflow. Inherited from customCalloutExtension.
id
String
Identifier for the onAttributeCollectionStartCustomExtension object. Inherited from entity. Inherited from entity.
Configuration for securing the API call. For example, using OAuth client credentials flow. Inherited from customCalloutExtension.
clientConfiguration
customExtensionClientConfiguration
HTTP connection settings that define how long Microsoft Entra ID can wait for a connection, how many times you can retry a timed-out connection and the exception scenarios when retries are allowed. Inherited from customCalloutExtension.
description
String
Description for the onAttributeCollectionSubmitCustomExtension object. Inherited from customCalloutExtension.
displayName
String
Display name for the onAttributeCollectionSubmitCustomExtension object. Inherited from customCalloutExtension.
endpointConfiguration
customExtensionEndpointConfiguration
The type and details for configuring the endpoint to call the app's workflow. Inherited from customCalloutExtension.
id
String
Identifier for the onAttributeCollectionSubmitCustomExtension object. Inherited from entity. Inherited from entity.
The authentication configuration for this custom authentication extension. Inherited from customCalloutExtension.
claimsForTokenConfiguration
onTokenIssuanceStartReturnClaim collection
Collection of claims to be returned by the API called by this custom authentication extension. Used to populate claims mapping experience in Microsoft Entra admin center. Optional.
clientConfiguration
customExtensionClientConfiguration
The connection settings for the custom authentication extension. Inherited from customCalloutExtension.
description
String
Description for the custom authentication extension. Inherited from customCalloutExtension.
displayName
String
Display name for the custom authentication extension. Inherited from customCalloutExtension.
endpointConfiguration
customExtensionEndpointConfiguration
Configuration for the API endpoint that the custom authentication extension will call. Inherited from customCalloutExtension.
id
String
Identifier for onTokenIssuanceStartCustomExtension. Inherited from entity.