Microsoft.Entra.CertificateBasedAuthentication-Help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserCBAAuthorizationInfo</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserCBAAuthorizationInfo</command:noun> <maml:description> <maml:para>Retrieves authorization information for a Microsoft Entra ID user, including certificate-based authentication identifiers.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraUserCBAAuthorizationInfo` cmdlet retrieves authorization information for a specified user in Microsoft Entra ID. This includes certificate user identifiers that are used for certificate-based authentication (CBA).</maml:para> <maml:para>By default, the command returns a formatted object with parsed certificate details. You can use the `-Raw` parameter to get the unprocessed response from the Microsoft Graph API.</maml:para> <maml:para>`Get-EntraUserAuthorizationInfo` is an alias of `Get-EntraUserCBAAuthorizationInfo`.</maml:para> <maml:para>In delegated scenarios using work or school accounts, the signed-in user must have a Microsoft Entra role or custom role with the necessary permissions. The following least privileged roles support this operation:</maml:para> <maml:para>- Privileged Authentication Administrator (for Cloud-only users)</maml:para> <maml:para>- Hybrid Identity Administrator (for synchronized users)</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserCBAAuthorizationInfo</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="0" aliases="ObjectId, UPN, Identity, UserPrincipalName"> <maml:name>UserId</maml:name> <maml:description> <maml:para>Specifies the identifier of the user. This can be either a User Principal Name (UPN, email address) or a GUID (user ID).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="RawResponse"> <maml:name>Raw</maml:name> <maml:description> <maml:para>Indicates that the cmdlet returns the raw API response without processing. Use this parameter when you want to see the complete, unmodified response from Microsoft Graph.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue, ByPropertyName)" position="0" aliases="ObjectId, UPN, Identity, UserPrincipalName"> <maml:name>UserId</maml:name> <maml:description> <maml:para>Specifies the identifier of the user. This can be either a User Principal Name (UPN, email address) or a GUID (user ID).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="RawResponse"> <maml:name>Raw</maml:name> <maml:description> <maml:para>Indicates that the cmdlet returns the raw API response without processing. Use this parameter when you want to see the complete, unmodified response from Microsoft Graph.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>You can pipe a string that contains a user ID or UPN to this cmdlet.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Management.Automation.PSObject</maml:name> </dev:type> <maml:description> <maml:para>By default, the cmdlet returns a custom PSObject with the following properties:</maml:para> <maml:para>Id: The unique identifier of the user DisplayName: The display name of the user UserPrincipalName: The user principal name (email address) of the user UserType: The type of user account (for example, "Member", "Guest") AuthorizationInfo: An object containing: CertificateUserIds: An array of parsed certificate user ID objects RawAuthorizationInfo: The original authorization info from the API.</maml:para> <maml:para>Note: When the `-Raw` parameter is used, the cmdlet returns the raw API response as a PSObject.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>Certificate user IDs are returned in the X509 format. The common types are:</maml:para> <maml:para>PN: Principal Name S: Subject I: Issuer SR: Serial Number SKI: Subject Key Identifier SHA1-PUKEY: SHA1 Public Key</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Get authorization information for a user by User Principal Name</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' Get-EntraUserCBAAuthorizationInfo -UserId 'SawyerM@contoso.com' Id : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb DisplayName : Sawyer Miller UserPrincipalName : SawyerM@contoso.com UserType : Member AuthorizationInfo : @{CertificateUserIds=System.Object[]; RawAuthorizationInfo=System.Collections.Hashtable}</dev:code> <dev:remarks> <maml:para>This command retrieves the authorization information for the user with the specified User Principal Name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 2: Retrieve authorization information for a user ---</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' $userInfo = Get-EntraUserCBAAuthorizationInfo -UserId 'SawyerM@contoso.com' $userInfo.AuthorizationInfo.CertificateUserIds | Format-Table Type, TypeName, Value Type TypeName Value ---- -------- ----- PN PrincipalName sawyerm@marketing.contoso.com S Subject CN=sawyerm@marketing.contoso.com</dev:code> <dev:remarks> <maml:para>This example retrieves the authorization information.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 3: Extract specific certificate user IDs -------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' $userInfo = Get-EntraUserCBAAuthorizationInfo -UserId 'SawyerM@contoso.com' $userInfo.AuthorizationInfo.CertificateUserIds | Where-Object Type -eq "PN" | Select-Object -ExpandProperty Value sawyerm@marketing.contoso.com</dev:code> <dev:remarks> <maml:para>This example retrieves the authorization information and then filters to display only the Principal Name certificate values.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------- Example 5: Retrieve raw API response -------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' Get-EntraUserCBAAuthorizationInfo -UserId 'SawyerM@contoso.com' -Raw Name Value ---- ----- userType Member authorizationInfo {[certificateUserIds, System.Object[]]} id aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb @odata.context https://graph.microsoft.com/.. displayName Sawyer Miller userPrincipalName sawyerm@contoso.com</dev:code> <dev:remarks> <maml:para>This command retrieves the raw, unprocessed authorization information directly from the API.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 6: Use the results with pipeline -----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' Get-EntraUserCBAAuthorizationInfo -UserId 'SawyerM@contoso.com' | Select-Object UserPrincipalName, @{ Name = 'CertificateTypes'; Expression = { $_.AuthorizationInfo.CertificateUserIds.Type -join ", " } } UserPrincipalName CertificateTypes ----------------- ---------------- sawyerm@marketing.contoso.com PN, S</dev:code> <dev:remarks> <maml:para>This example retrieves the authorization information and creates a custom view showing the user principal name and certificate types.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.CertificateBasedAuthentication/Get-EntraUserCBAAuthorizationInfo</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUserCBACertificateUserId</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://aka.ms/aadcba</maml:linkText> <maml:uri>https://aka.ms/aadcba</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>certificateUserIds</maml:linkText> <maml:uri>https://learn.microsoft.com/entra/identity/authentication/concept-certificate-based-authentication-certificateuserids</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserCertificateUserIdsFromCertificate</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserCertificateUserIdsFromCertificate</command:noun> <maml:description> <maml:para>Returns an object with the certificate values needed to configure CertificateUserIDs for Certificate-Based Authentication in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraUserCertificateUserIdsFromCertificate` returns an object with certificateUserIDs values derived from the provided certificate file, following the format required by Microsoft Entra ID for Certificate-Based Authentication, as described in the official documentation (https://learn.microsoft.com/entra/identity/authentication/concept-certificate-based-authentication-certificateuserids).</maml:para> <maml:para>In delegated scenarios using work or school accounts, the signed-in user must have a Microsoft Entra role or custom role with the necessary permissions. The following least privileged roles support this operation:</maml:para> <maml:para>- Privileged Authentication Administrator (for Cloud-only users)</maml:para> <maml:para>- Hybrid Identity Administrator (for synchronized users)</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserCertificateUserIdsFromCertificate</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path to the certificate file, it can be either a cer or pem file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="CertificateObject, Cert"> <maml:name>Certificate</maml:name> <maml:description> <maml:para>Certificate from which the certificateUserIDs mappings will be extracted</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Security.Cryptography.X509Certificates.X509Certificate2</command:parameterValue> <dev:type> <maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="3" aliases="none"> <maml:name>CertificateMapping</maml:name> <maml:description> <maml:para>One of the values `PrincipalName`, `RFC822Name`, `IssuerAndSubject`, `Subject`, `SKI`, `SHA1PublicKey`, and `IssuerAndSerialNumber`. The meaning of each value is describe in the official documentation of certificateUserIds (https://learn.microsoft.com/entra/identity/authentication/concept-certificate-based-authentication-certificateuserids).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path to the certificate file, it can be either a cer or pem file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="CertificateObject, Cert"> <maml:name>Certificate</maml:name> <maml:description> <maml:para>Certificate from which the certificateUserIDs mappings will be extracted</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Security.Cryptography.X509Certificates.X509Certificate2</command:parameterValue> <dev:type> <maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="3" aliases="none"> <maml:name>CertificateMapping</maml:name> <maml:description> <maml:para>One of the values `PrincipalName`, `RFC822Name`, `IssuerAndSubject`, `Subject`, `SKI`, `SHA1PublicKey`, and `IssuerAndSerialNumber`. The meaning of each value is describe in the official documentation of certificateUserIds (https://learn.microsoft.com/entra/identity/authentication/concept-certificate-based-authentication-certificateuserids).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieve certificate object from a certificate path</maml:title> <dev:code>Get-EntraUserCertificateUserIdsFromCertificate -Path 'C:\path\to\certificate.cer' Name Value ---- ----- Subject X509:<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest IssuerAndSerialNumber X509:<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA<SR>eF3gH4iJ5kL6mN7oP8qR9sT0uV RFC822Name X509:<RFC822>user@contoso.com SHA1PublicKey X509:<SHA1-PUKEY>cD2eF3gH4iJ5kL6mN7oP8qR9sT IssuerAndSubject X509:<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest SKI X509:<SKI>aB1cD2eF3gH4iJ5kL6mN7oP8qR PrincipalName X509:<PN>bob@contoso.com</dev:code> <dev:remarks> <maml:para>This example shows how to get all possible certificate mappings as an object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Retrieve certificate object from a certificate path and certificate mapping</maml:title> <dev:code>Get-EntraUserCertificateUserIdsFromCertificate -Path 'C:\path\to\certificate.cer' -CertificateMapping 'Subject' X509:<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest</dev:code> <dev:remarks> <maml:para>This command returns the PrincipalName property.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 3: Retrieve certificate object from a certificate --</maml:title> <dev:code>$text = "-----BEGIN CERTIFICATE----- MIIDiz...= -----END CERTIFICATE-----" $bytes = [System.Text.Encoding]::UTF8.GetBytes($text) $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($bytes) Get-EntraUserCertificateUserIdsFromCertificate -Certificate $certificate -CertificateMapping 'Subject' X509:<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest</dev:code> <dev:remarks> <maml:para>This command returns the PrincipalName property.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.CertificateBasedAuthentication/Get-EntraUserCertificateUserIdsFromCertificate</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUserCBACertificateUserId</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://aka.ms/aadcba</maml:linkText> <maml:uri>https://aka.ms/aadcba</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>certificateUserIds</maml:linkText> <maml:uri>https://learn.microsoft.com/entra/identity/authentication/concept-certificate-based-authentication-certificateuserids</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraUserCBACertificateUserId</command:name> <command:verb>Set</command:verb> <command:noun>EntraUserCBACertificateUserId</command:noun> <maml:description> <maml:para>Sets certificate-based authentication user IDs for a user in Microsoft Entra ID using a certificate file or object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Configures certificate-based authentication user IDs for a user in Microsoft Entra ID. Accepts a certificate file path or object, and one or more certificate mapping types to apply to the user's authorization information.</maml:para> <maml:para>`Update-EntraUserCBACertificateUserId` is an alias of `Set-EntraUserCBACertificateUserId`.</maml:para> <maml:para>In delegated scenarios using work or school accounts, the signed-in user must have a Microsoft Entra role or custom role with the necessary permissions. The following least privileged roles support this operation:</maml:para> <maml:para>- Privileged Authentication Administrator (for Cloud-only users)</maml:para> <maml:para>- Hybrid Identity Administrator (for synchronized users)</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraUserCBACertificateUserId</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ObjectId, UPN, Identity, UserPrincipalName"> <maml:name>UserId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CertificatePath"> <maml:name>CertPath</maml:name> <maml:description> <maml:para>Path to the certificate file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CertificateObject, Certificate"> <maml:name>Cert</maml:name> <maml:description> <maml:para>Certificate object used to extract certificate user IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Security.Cryptography.X509Certificates.X509Certificate2</command:parameterValue> <dev:type> <maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CertificateMapping</maml:name> <maml:description> <maml:para>One or more certificate mapping types to be applied. Valid values are: PrincipalName, RFC822Name, IssuerAndSubject, Subject, SKI, SHA1PublicKey, and IssuerAndSerialNumber.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="ObjectId, UPN, Identity, UserPrincipalName"> <maml:name>UserId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CertificatePath"> <maml:name>CertPath</maml:name> <maml:description> <maml:para>Path to the certificate file.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CertificateObject, Certificate"> <maml:name>Cert</maml:name> <maml:description> <maml:para>Certificate object used to extract certificate user IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Security.Cryptography.X509Certificates.X509Certificate2</command:parameterValue> <dev:type> <maml:name>System.Security.Cryptography.X509Certificates.X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CertificateMapping</maml:name> <maml:description> <maml:para>One or more certificate mapping types to be applied. Valid values are: PrincipalName, RFC822Name, IssuerAndSubject, Subject, SKI, SHA1PublicKey, and IssuerAndSerialNumber.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Update user's certificate authorization information using certificate path</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.ReadWrite.All', 'User.ReadWrite.All' Set-EntraUserCBACertificateUserId -UserId 'SawyerM@contoso.com' -CertPath 'C:\path\to\certificate.cer' -CertificateMapping @('Subject', 'PrincipalName')</dev:code> <dev:remarks> <maml:para>This example sets the certificate user IDs for the specified user using a certificate file, mapping both the Subject and PrincipalName fields. You can use `Get-EntraUserCBAAuthorizationInfo` command to view updated details.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Update user's certificate authorization information using a certificate</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.ReadWrite.All', 'User.ReadWrite.All' $text = '-----BEGIN CERTIFICATE----- MIIDiz...= -----END CERTIFICATE-----' $bytes = [System.Text.Encoding]::UTF8.GetBytes($text) $certificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($bytes) Set-EntraUserCBACertificateUserId -UserId 'SawyerM@contoso.com' -Cert $certificate -CertificateMapping @('RFC822Name', 'SKI')</dev:code> <dev:remarks> <maml:para>This example sets the certificate user IDs for the specified user using a certificate object, mapping the RFC822Name and SKI fields. You can use `Get-EntraUserCBAAuthorizationInfo` command to view updated details.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.CertificateBasedAuthentication/Set-EntraUserCBACertificateUserId</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUserCBAAuthorizationInfo</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUserCertificateUserIdsFromCertificate</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://aka.ms/aadcba</maml:linkText> <maml:uri>https://aka.ms/aadcba</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>certificateUserIds</maml:linkText> <maml:uri>https://learn.microsoft.com/entra/identity/authentication/concept-certificate-based-authentication-certificateuserids</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |