Table of Contents

SignInIdentifier.ReadWrite.All

Allows the app to read and write your organization's sign-in identifiers, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the SignInIdentifier.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier 7fc588a2-ea2d-4d1f-bcf7-33c324b149b8 b4673c3c-7b5a-4012-9826-7c7e3c8db6af
DisplayText Read and write all sign-in identifiers Read and write all sign-in identifiers
Description Allows the app to read and write your organization's sign-in identifiers, without a signed-in user. Allows the app to read and write your organization's sign-in identifiers, on behalf of the signed-in user.
AdminConsentRequired Yes Yes

Graph Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: customUsernameSignInIdentifier

Property Type Description
isEnabled Boolean Indicates whether this custom username sign-in identifier type is enabled for user authentication in the tenant. Inherited from signInIdentifierBase.
name String The unique name identifier for this custom username sign-in identifier configuration. Possible values include: CustomUsername1, CustomUsername2. Inherited from signInIdentifierBase.
validationRegex String The regular expression pattern used to validate custom usernames. The pattern must be a valid regex, can't exceed 60 characters in length, and can't be an email-supported regex pattern.