/create-auth-method-azure-ad

post

https://api.akeyless.io/create-auth-method-azure-ad

Body Params

access-expires

int64

Defaults to 0

Access expiration date in Unix timestamp (select 0 for access without expiry date)

allowed-client-type

array of strings

limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]

allowed-client-type

audience

string

Defaults to https://management.azure.com/

Deprecated (Deprecated) The audience in the JWT

audit-logs-claims

array of strings

Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"

audit-logs-claims

bound-group-id

array of strings

A list of group ids that the access is restricted to

bound-group-id

bound-ips

array of strings

A CIDR whitelist with the IPs that the access is restricted to

bound-ips

bound-providers

array of strings

A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc)

bound-providers

bound-resource-id

array of strings

A list of full resource ids that the access is restricted to

bound-resource-id

bound-resource-names

array of strings

A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc).

bound-resource-names

bound-resource-types

array of strings

A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc)

bound-resource-types

bound-rg-id

array of strings

A list of resource groups that the access is restricted to

bound-rg-id

bound-spid

array of strings

A list of service principal IDs that the access is restricted to

bound-spid

bound-sub-id

array of strings

A list of subscription ids that the access is restricted to

bound-sub-id

bound-tenant-id

string

required

The Azure tenant id that the access is restricted to

delete_protection

string

Protection from accidental deletion of this object [true/false]

description

string

Auth Method description

expiration-event-in

array of strings

How many days before the expiration of the auth method would you like to be notified.

expiration-event-in

force-sub-claims

boolean

if true: enforce role-association must include sub claims

gw-bound-ips

array of strings

A CIDR whitelist with the GW IPs that the access is restricted to

gw-bound-ips

issuer

string

Defaults to https://sts.windows.net/---bound_tenant_id---

Issuer URL

json

boolean

Defaults to false

Set output format to JSON

jwks-uri

string

Defaults to https://login.microsoftonline.com/common/discovery/keys

The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server.

jwt-ttl

int64

Defaults to 0

Jwt TTL

name

string

required

Auth Method name

product-type

array of strings

Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]

product-type

token

string

Authentication token (see /auth and /configure)

uid-token

string

The universal identity token, Required only for universal_identity authentication

unique-identifier

string

A unique identifier (ID) value which is a "sub claim" name that contains details uniquely identifying that resource. This "sub claim" is used to distinguish between different identities.

Responses

200createAuthMethodAzureADResponse wraps response body.

defaulterrorResponse wraps any error to return it as a JSON object with one "error" field.