VerifiedId-Profile.ReadWrite.All

This role can read and write Verified Id profiles in a tenant.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the VerifiedId-Profile.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	-	e4a9cb5e-4767-48f8-9029-decf26a54456
DisplayText	-	Read and write Verified Id profiles
Description	-	This role can read and write Verified Id profiles in a tenant.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /identity/verifiedId/profiles/{verifiedIdProfileId}
	GET /identity/verifiedId/profiles
	GET /identity/verifiedId/profiles/{verifiedIdProfileId}
	PATCH /identity/verifiedId/profiles/{verifiedIdProfileId}
	POST /identity/verifiedId/profiles

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: faceCheckConfiguration

Property	Type	Description
isEnabled	Boolean	Defines if Face Check is required. Currently must always be true.
sourcePhotoClaimName	Source of photo to validate Face Check against. Currently must always be `portrait`

Graph reference: verifiedIdProfile

Property	Type	Description
description	String	Description for the verified ID profile. Required.
faceCheckConfiguration	faceCheckConfiguration	Set of properties configuring Entra Verified ID Face Check behavior. Required.
id	String	Profile identifier. Inherited from entity.
lastModifiedDateTime	DateTimeOffset	DateTime the profile was last modified. Optional.
name	String	Display name for the verified ID profile. Required.
priority	Int32	Defines profile processing priority if multiple profiles are configured. Optional.
state	verifiedIdProfileState	Enablement state for the profile. The possible values are: `enabled`, `disabled`, `unknownFutureValue`. Required.
verifierDid	String	Decentralized Identifier (DID) string that represents the verifier in the verifiable credential exchange. Required.
verifiedIdProfileConfiguration	verifiedIdProfileConfiguration	Set of properties expressing the accepted issuer, claims binding, and credential type. Required.
verifiedIdUsageConfigurations	verifiedIdUsageConfiguration collection	Collection defining the usage purpose for the profile. The possible values are: `recovery`, `onboarding`, `all`, `unknownFutureValue`. Required.

Graph reference: verifiedIdProfileConfiguration

Property	Type	Description
acceptedIssuer	String	Trusted Verified ID issuer.
claimBindings	claimBinding collection	Claim bindings from Verified ID to source attributes.
claimBindingSource	claimBindingSource	Source to validate against Verified ID claims. The possible values are: `directory`, `unknownFutureValue`.
type	String	Verified ID type.

Graph reference: verifiedIdUsageConfiguration

Property	Type	Description
isEnabledForTestOnly	Boolean	Sets profile usage for evaluation (test-only) or production.
purpose	verifiedIdUsageConfigurationPurpose	Sets the supported scenarios for a Verified ID profile. Currently only `recovery` is supported. The possible values are: `recovery`, `onboarding`, `all`, `unknownFutureValue`.

Table of Contents

VerifiedId-Profile.ReadWrite.All

Graph Methods

Resources