| Display name | External Identity Provider Administrator | ||
|---|---|---|---|
| Id | be2f45a1-457d-42af-a067-6ec1fa63bc45 | ||
| Description | Can configure identity providers for use in direct federation. | ||
| Detailed description | This administrator manages federation between Microsoft Entra tenants and external identity providers. With this role, users can add new identity providers and configure all available settings (e.g. authentication path, service id, assigned key containers). This user can enable the tenant to trust authentications from external identity providers. The resulting impact on end user experiences depends on the type of tenant: (1) Microsoft Entra tenants for employees and partners: The addition of a federation (e.g. with Gmail) will immediately impact all guest invitations not yet redeemed. (2) Azure Active Directory B2C tenants: The addition of a federation (e.g. with Facebook, or with another Microsoft Entra tenant) does not immediately impact end user flows until the identity provider is added as an option in a user flow (aka built-in policy). To change user flows, the limited role of "External ID user flow administrator" is required. | ||
| Categories | identity | ||
| isPrivileged | True Privileged | ||
| EntraOps Tier Level | ControlPlane | ||
| #Resource Actions unique | 56 | ||
| #Resource Actions Operations unique | 56 | ||
| #Resource Actions privileged | 2 | ||
| #Resource Actions direct | 2 | ||
| Resource Actions inherited | True | ||
| #Resource Actions inherited | 54 | ||
| Resource Actions inherited from | Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b) | ||
| #Resource Actions overlap direct&inherited | 0 | ||
| Resource Actions overlap direct&inherited | |||
| #Resource Actions inherited to | 0 other Entra Id Roles | ||
| Resource Actions inherited to | n/a | ||
| #Resource Actions conditioned | 0 | ||
| #Resource Actions unconditioned | 56 | ||
| #NameSpaces | 1 | ||
| NameSpaces | microsoft.directory: 56 | ||
| Actions | allTasks: 1 read: 54 update: 1 |
||
| Operations actionVerbs | GET: 54 n/a: 1 PATCH: 1 |
||
| Resource Actions where Consent Policy applies | 0 | ||
| Resource Actions / Consent Policy | n/a | ||
| JSON enriched |
|
||
| JSON raw (v1.0 endpoint) |
|
||
| JSON raw (beta endpoint) |
|