Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Retrieve a user's single temporaryAccessPassAuthenticationMethod object.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ❌ |
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permissions acting on self
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | UserAuthenticationMethod.Read | UserAuthenticationMethod.ReadWrite, UserAuthenticationMethod.Read.All, UserAuthenticationMethod.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Not supported. | Not supported. |
Permissions acting on other users
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | UserAuthenticationMethod.Read.All | UserAuthenticationMethod.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | UserAuthenticationMethod.Read.All | UserAuthenticationMethod.ReadWrite.All |
Important
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
- Global Reader
- Authentication Administrator
- Privileged Authentication Administrator
HTTP request
Retrieve details of your own temporary access pass authentication method.
GET /me/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}
Note
Calling the /me endpoint requires a signed-in user and therefore a delegated permission. Application permissions aren't supported when using the /me endpoint.
Retrieve details of your own or another user's temporary access pass authentication method.
GET /users/{id | userPrincipalName}/authentication/temporaryAccessPassMethods/{temporaryAccessPassAuthenticationMethodId}
Request headers
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Request body
Don't supply a request body for this method.
Response
If successful, this method returns a 200 OK response code and a collection of temporaryAccessPassAuthenticationMethod objects in the response body. This API will only return a single object in the collection as a user can have only one Temporary Access Pass method.
Examples
Request
GET https://graph.microsoft.com/v1.0/users/071cc716-8147-4397-a5ba-b2105951cc0b/authentication/temporaryAccessPassMethods/05267842-25b2-4b21-8abd-8e4982796f7f
Response
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethod",
"id": "6f1967b7-15e8-4935-ac26-d50770ed07a7",
"temporaryAccessPass": null,
"createdDateTime": "2022-06-02T16:21:09.5893903Z",
"startDateTime": "2022-06-05T00:00:00Z",
"lifetimeInMinutes": 60,
"isUsableOnce": false,
"isUsable": false,
"methodUsabilityReason": "NotYetValid"
}