Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Create a new verifiedIdProfile object.
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | VerifiedId-Profile.ReadWrite.All | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Not supported. | Not supported. |
Important
For delegated access using work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role that grants the permissions required for this operation. Authentication Policy Administrator is the least privileged role supported for this operation.
HTTP request
POST /identity/verifiedId/profiles
Request headers
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
Request body
In the request body, supply a JSON representation of the verifiedIdProfile object.
You can specify the following properties when creating a verifiedIdProfile.
| Property | Type | Description |
|---|---|---|
| name | String | Display name for the verified Id profile. Required. |
| description | String | Description for the verified Id profile. Required. |
| state | verifiedIdProfileState | Enablement state for the profile. The possible values are: enabled, disabled, unknownFutureValue. Required. |
| verifierDid | String | Decentralized Identifier (DID) string that represents the verifier in the verifiable credential exchange. Required. |
| priority | Int32 | Defines profile processing priority if multiple profiles are configured. Optional. |
| verifiedIdProfileConfiguration | verifiedIdProfileConfiguration | Set of properties expressing the accepted issuer, claims binding, and credential type. Required. |
| faceCheckConfiguration | faceCheckConfiguration | Set of properties configuring Entra Verified ID Face Check behavior. Required. |
| verifiedIdUsageConfigurations | verifiedIdUsageConfiguration collection | Collection defining the usage purpose for the profile. The possible values are: recovery, onboarding, all, unknownFutureValue. Required. |
Response
If successful, this method returns a 201 Created response code and a verifiedIdProfile object in the response body.
Examples
Request
The following example shows a request.
POST https://graph.microsoft.com/v1.0/identity/verifiedId/profiles
Content-Type: application/json
{
"name": "Contoso Verified ID",
"description": "Contoso Verified Identity",
"lastModifiedDateTime": null,
"state": "enabled",
"verifierDid": "did:web:eu.did-dev.contoso.io",
"priority": 0,
"verifiedIdProfileConfiguration": {
"type": "verifiedIdentity",
"acceptedIssuer": "did:web:eu.did-dev.contoso.io",
"claimBindingSource": "directory",
"claimBindings": [
{
"matchConfidenceLevel": "exact",
"sourceAttribute": "First name",
"verifiedIdClaim": "vc.credentialSubject.firstName"
},
{
"matchConfidenceLevel": "exact",
"sourceAttribute": "Last name",
"verifiedIdClaim": "vc.credentialSubject.lastName"
}
],
"claimValidation": {
"isEnabled": true,
"customExtensionId": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
}
},
"faceCheckConfiguration": {
"isEnabled": true,
"sourcePhotoClaimName": "portrait"
},
"verifiedIdUsageConfigurations": [
{
"isEnabledForTestOnly": true,
"purpose": "recovery"
}
]
}
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identity/verifiedId/profiles/$entity",
"id": "ca15ec56-7adf-42ee-847b-00c3008264fb",
"name": "Contoso Verified ID",
"description": "Contoso Verified ID",
"lastModifiedDateTime": null,
"state": "enabled",
"verifierDid": "did:web:eu.did-dev.contoso.io",
"priority": 0,
"verifiedIdProfileConfiguration": {
"type": "verifiedIdentity",
"acceptedIssuer": "did:web:eu.did-dev.contoso.io",
"claimBindingSource": "directory",
"claimBindings": [
{
"matchConfidenceLevel": "exact",
"sourceAttribute": "First name",
"verifiedIdClaim": "vc.credentialSubject.firstName"
},
{
"matchConfidenceLevel": "exact",
"sourceAttribute": "Last name",
"verifiedIdClaim": "vc.credentialSubject.lastName"
}
],
"claimValidation": {
"isEnabled": true,
"customExtensionId": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
}
},
"faceCheckConfiguration": {
"isEnabled": true,
"sourcePhotoClaimName": "portrait"
},
"verifiedIdUsageConfigurations": [
{
"isEnabledForTestOnly": true,
"purpose": "onboarding"
}
]
}