< Back
New-AADIntSAMLToken
Post
NAME New-AADIntSAMLToken
SYNOPSIS
Creates a SAML token
SYNTAX
New-AADIntSAMLToken [-UserName <String>] -ImmutableID <String> -Issuer <String> [-ByPassMFA <Boolean>] [-NotBefore
<DateTime>] [-NotAfter <DateTime>] [-DeviceIdentifier <Guid>] -UseBuiltInCertificate [<CommonParameters>]
New-AADIntSAMLToken [-UserName <String>] -ImmutableID <String> -Issuer <String> [-ByPassMFA <Boolean>] [-NotBefore
<DateTime>] [-NotAfter <DateTime>] [-DeviceIdentifier <Guid>] -Certificate <X509Certificate2> [<CommonParameters>]
New-AADIntSAMLToken [-UserName <String>] -ImmutableID <String> -Issuer <String> [-ByPassMFA <Boolean>] [-NotBefore
<DateTime>] [-NotAfter <DateTime>] [-DeviceIdentifier <Guid>] -PfxFileName <String> [-PfxPassword <String>]
[<CommonParameters>]
DESCRIPTION
Creates a valid SAML token for given user
PARAMETERS
-UserName <String>
User Principal Name (UPN) of the user. Not used by AAD Identity Federation so can be any email address.
Required? false
Position? named
Default value joulupukki@korvatunturi.fi
Accept pipeline input? false
Accept wildcard characters? false
-ImmutableID <String>
Immutable ID of the user. For synced users, this is user's AD object GUID encoded in B64.
For non-synced users this must be set manually, can be any unique string within the tenant.
User doesn't have to federated user.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Issuer <String>
Issuer identification of Identity Provider (IdP). Usually this is a FQDN of the ADFS server, but can be any
unique string within Azure AD. Must match federation information of validated domain in the tenant.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ByPassMFA <Boolean>
Whether to add an attribute to by-pass MFA. Default is $True.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-NotBefore <DateTime>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-NotAfter <DateTime>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DeviceIdentifier <Guid>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-UseBuiltInCertificate [<SwitchParameter>]
Required? true
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Certificate <X509Certificate2>
A X509 certificate used to sign the SAML token. Must match federation information of validated domain in the
tenant.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PfxFileName <String>
The full path to .pfx file from where to load the certificate
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PfxPassword <String>
The password of the .pfx file
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-AADIntSAMLToken -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"
-PfxFileName "MyCert.pfx" -PfxPassword -Password "mypassword"
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$cert=Get-AADIntCertificate -FileName "MyCert.pfx" -Password "mypassword"
PS C:\\>New-AADIntSAMLToken -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"
-Certificate $cert
RELATED LINKS
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-AADIntUser; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-AADIntUser [[-AccessToken] <string>] [[-LicenseOptions] <Object>]
[[-AlternateEmailAddresses] <Object>] [[-AlternateMobilePhones] <Object>]
[[-AlternativeSecurityIds] <Object>] [[-BlockCredential] <Object>] [[-City] <Object>]
[[-CloudExchangeRecipientDisplayType] <Object>] [[-Country] <Object>] [[-Department]
<Object>] [[-DirSyncProvisioningErrors] <Object>] [[-DisplayName] <Object>] [[-Errors]
<Object>] [[-Fax] <Object>] [[-FirstName] <Object>] [[-ImmutableId] <Object>]
[[-IndirectLicenseErrors] <Object>] [[-IsBlackberryUser] <Object>] [[-IsLicensed] <Object>]
[[-LastDirSyncTime] <Object>] [[-LastName] <Object>] [[-LastPasswordChangeTimestamp]
<Object>] [[-LicenseAssignmentDetails] <Object>] [[-LicenseReconciliationNeeded] <Object>]
[[-Licenses] <Object>] [[-LiveId] <Object>] [[-MSExchRecipientTypeDetails] <Object>]
[[-MSRtcSipDeploymentLocator] <Object>] [[-MSRtcSipPrimaryUserAddress] <Object>]
[[-MobilePhone] <Object>] [[-OathTokenMetadata] <Object>] [[-ObjectId] <Object>] [[-Office]
<Object>] [[-OverallProvisioningStatus] <Object>] [[-PasswordNeverExpires] <Object>]
[[-PasswordResetNotRequiredDuringActivate] <Object>] [[-PhoneNumber] <Object>]
[[-PortalSettings] <Object>] [[-PostalCode] <Object>] [[-PreferredDataLocation] <Object>]
[[-PreferredLanguage] <Object>] [[-ProxyAddresses] <Object>] [[-ReleaseTrack] <Object>]
[[-ServiceInformation] <Object>] [[-SignInName] <Object>] [[-SoftDeletionTimestamp]
<Object>] [[-State] <Object>] [[-StreetAddress] <Object>] [[-StrongAuthenticationMethods]
<Object>] [[-StrongAuthenticationPhoneAppDetails] <Object>]
[[-StrongAuthenticationProofupTime] <Object>] [[-StrongAuthenticationRequirements]
<Object>] [[-StrongAuthenticationUserDetails] <Object>] [[-StrongPasswordRequired]
<Object>] [[-StsRefreshTokensValidFrom] <Object>] [[-Title] <Object>] [[-UsageLocation]
<Object>] [[-UserLandingPageIdentifierForO365Shell] <Object>] [[-UserPrincipalName]
<Object>] [[-UserThemeIdentifierForO365Shell] <Object>] [[-UserType] <Object>]
[[-ValidationStatus] <Object>] [[-WhenCreated] <Object>] [[-LicenseAssignment] <Object>]
[[-DisabledServicePlans] <Object>] [[-Error] <Object>] [[-ReferencedObjectId] <Object>]
[[-Status] <Object>] [[-ForceChangePassword] <bool>] [[-Password] <string>]
[<CommonParameters>]
ModuleName : AADInternals
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-AADIntUser
Category : Function
Component :
Role :
Functionality :
SYNOPSIS
Creates a SAML token
SYNTAX
New-AADIntSAMLToken [-UserName <String>] -ImmutableID <String> -Issuer <String> [-ByPassMFA <Boolean>] [-NotBefore
<DateTime>] [-NotAfter <DateTime>] [-DeviceIdentifier <Guid>] -UseBuiltInCertificate [<CommonParameters>]
New-AADIntSAMLToken [-UserName <String>] -ImmutableID <String> -Issuer <String> [-ByPassMFA <Boolean>] [-NotBefore
<DateTime>] [-NotAfter <DateTime>] [-DeviceIdentifier <Guid>] -Certificate <X509Certificate2> [<CommonParameters>]
New-AADIntSAMLToken [-UserName <String>] -ImmutableID <String> -Issuer <String> [-ByPassMFA <Boolean>] [-NotBefore
<DateTime>] [-NotAfter <DateTime>] [-DeviceIdentifier <Guid>] -PfxFileName <String> [-PfxPassword <String>]
[<CommonParameters>]
DESCRIPTION
Creates a valid SAML token for given user
PARAMETERS
-UserName <String>
User Principal Name (UPN) of the user. Not used by AAD Identity Federation so can be any email address.
Required? false
Position? named
Default value joulupukki@korvatunturi.fi
Accept pipeline input? false
Accept wildcard characters? false
-ImmutableID <String>
Immutable ID of the user. For synced users, this is user's AD object GUID encoded in B64.
For non-synced users this must be set manually, can be any unique string within the tenant.
User doesn't have to federated user.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Issuer <String>
Issuer identification of Identity Provider (IdP). Usually this is a FQDN of the ADFS server, but can be any
unique string within Azure AD. Must match federation information of validated domain in the tenant.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ByPassMFA <Boolean>
Whether to add an attribute to by-pass MFA. Default is $True.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-NotBefore <DateTime>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-NotAfter <DateTime>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DeviceIdentifier <Guid>
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-UseBuiltInCertificate [<SwitchParameter>]
Required? true
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Certificate <X509Certificate2>
A X509 certificate used to sign the SAML token. Must match federation information of validated domain in the
tenant.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PfxFileName <String>
The full path to .pfx file from where to load the certificate
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PfxPassword <String>
The password of the .pfx file
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>New-AADIntSAMLToken -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"
-PfxFileName "MyCert.pfx" -PfxPassword -Password "mypassword"
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$cert=Get-AADIntCertificate -FileName "MyCert.pfx" -Password "mypassword"
PS C:\\>New-AADIntSAMLToken -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"
-Certificate $cert
RELATED LINKS
CommonParameters : True
WorkflowCommonParameters : False
details : @{name=New-AADIntUser; noun=; verb=}
Syntax : @{syntaxItem=System.Object[]}
parameters : @{parameter=System.Object[]}
inputTypes : @{inputType=}
returnValues : @{returnValue=}
aliases : None
remarks : None
alertSet :
description :
examples :
Synopsis :
New-AADIntUser [[-AccessToken] <string>] [[-LicenseOptions] <Object>]
[[-AlternateEmailAddresses] <Object>] [[-AlternateMobilePhones] <Object>]
[[-AlternativeSecurityIds] <Object>] [[-BlockCredential] <Object>] [[-City] <Object>]
[[-CloudExchangeRecipientDisplayType] <Object>] [[-Country] <Object>] [[-Department]
<Object>] [[-DirSyncProvisioningErrors] <Object>] [[-DisplayName] <Object>] [[-Errors]
<Object>] [[-Fax] <Object>] [[-FirstName] <Object>] [[-ImmutableId] <Object>]
[[-IndirectLicenseErrors] <Object>] [[-IsBlackberryUser] <Object>] [[-IsLicensed] <Object>]
[[-LastDirSyncTime] <Object>] [[-LastName] <Object>] [[-LastPasswordChangeTimestamp]
<Object>] [[-LicenseAssignmentDetails] <Object>] [[-LicenseReconciliationNeeded] <Object>]
[[-Licenses] <Object>] [[-LiveId] <Object>] [[-MSExchRecipientTypeDetails] <Object>]
[[-MSRtcSipDeploymentLocator] <Object>] [[-MSRtcSipPrimaryUserAddress] <Object>]
[[-MobilePhone] <Object>] [[-OathTokenMetadata] <Object>] [[-ObjectId] <Object>] [[-Office]
<Object>] [[-OverallProvisioningStatus] <Object>] [[-PasswordNeverExpires] <Object>]
[[-PasswordResetNotRequiredDuringActivate] <Object>] [[-PhoneNumber] <Object>]
[[-PortalSettings] <Object>] [[-PostalCode] <Object>] [[-PreferredDataLocation] <Object>]
[[-PreferredLanguage] <Object>] [[-ProxyAddresses] <Object>] [[-ReleaseTrack] <Object>]
[[-ServiceInformation] <Object>] [[-SignInName] <Object>] [[-SoftDeletionTimestamp]
<Object>] [[-State] <Object>] [[-StreetAddress] <Object>] [[-StrongAuthenticationMethods]
<Object>] [[-StrongAuthenticationPhoneAppDetails] <Object>]
[[-StrongAuthenticationProofupTime] <Object>] [[-StrongAuthenticationRequirements]
<Object>] [[-StrongAuthenticationUserDetails] <Object>] [[-StrongPasswordRequired]
<Object>] [[-StsRefreshTokensValidFrom] <Object>] [[-Title] <Object>] [[-UsageLocation]
<Object>] [[-UserLandingPageIdentifierForO365Shell] <Object>] [[-UserPrincipalName]
<Object>] [[-UserThemeIdentifierForO365Shell] <Object>] [[-UserType] <Object>]
[[-ValidationStatus] <Object>] [[-WhenCreated] <Object>] [[-LicenseAssignment] <Object>]
[[-DisabledServicePlans] <Object>] [[-Error] <Object>] [[-ReferencedObjectId] <Object>]
[[-Status] <Object>] [[-ForceChangePassword] <bool>] [[-Password] <string>]
[<CommonParameters>]
ModuleName : AADInternals
nonTerminatingErrors :
xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10
xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10
xmlns:maml : http://schemas.microsoft.com/maml/2004/10
Name : New-AADIntUser
Category : Function
Component :
Role :
Functionality :