< Back

New-AADIntSAMLToken

Fri Jan 10, 2020 5:56 pm

NAME New-AADIntSAMLToken



SYNOPSIS

Creates a SAML token





SYNTAX

New-AADIntSAMLToken [-UserName <String>] -ImmutableID <String> -Issuer <String> [-ByPassMFA <Boolean>] [-NotBefore

<DateTime>] [-NotAfter <DateTime>] [-DeviceIdentifier <Guid>] -UseBuiltInCertificate [<CommonParameters>]



New-AADIntSAMLToken [-UserName <String>] -ImmutableID <String> -Issuer <String> [-ByPassMFA <Boolean>] [-NotBefore

<DateTime>] [-NotAfter <DateTime>] [-DeviceIdentifier <Guid>] -Certificate <X509Certificate2> [<CommonParameters>]



New-AADIntSAMLToken [-UserName <String>] -ImmutableID <String> -Issuer <String> [-ByPassMFA <Boolean>] [-NotBefore

<DateTime>] [-NotAfter <DateTime>] [-DeviceIdentifier <Guid>] -PfxFileName <String> [-PfxPassword <String>]

[<CommonParameters>]





DESCRIPTION

Creates a valid SAML token for given user





PARAMETERS

-UserName <String>

User Principal Name (UPN) of the user. Not used by AAD Identity Federation so can be any email address.



Required? false

Position? named

Default value joulupukki@korvatunturi.fi

Accept pipeline input? false

Accept wildcard characters? false



-ImmutableID <String>

Immutable ID of the user. For synced users, this is user's AD object GUID encoded in B64.

For non-synced users this must be set manually, can be any unique string within the tenant.

User doesn't have to federated user.



Required? true

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-Issuer <String>

Issuer identification of Identity Provider (IdP). Usually this is a FQDN of the ADFS server, but can be any

unique string within Azure AD. Must match federation information of validated domain in the tenant.



Required? true

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-ByPassMFA <Boolean>

Whether to add an attribute to by-pass MFA. Default is $True.



Required? false

Position? named

Default value True

Accept pipeline input? false

Accept wildcard characters? false



-NotBefore <DateTime>



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-NotAfter <DateTime>



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-DeviceIdentifier <Guid>



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-UseBuiltInCertificate [<SwitchParameter>]



Required? true

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false



-Certificate <X509Certificate2>

A X509 certificate used to sign the SAML token. Must match federation information of validated domain in the

tenant.



Required? true

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-PfxFileName <String>

The full path to .pfx file from where to load the certificate



Required? true

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



-PfxPassword <String>

The password of the .pfx file



Required? false

Position? named

Default value

Accept pipeline input? false

Accept wildcard characters? false



<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,

ErrorAction, ErrorVariable, WarningAction, WarningVariable,

OutBuffer, PipelineVariable, and OutVariable. For more information, see

about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).



INPUTS



OUTPUTS



-------------------------- EXAMPLE 1 --------------------------



PS C:\\>New-AADIntSAMLToken -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"

-PfxFileName "MyCert.pfx" -PfxPassword -Password "mypassword"













-------------------------- EXAMPLE 2 --------------------------



PS C:\\>$cert=Get-AADIntCertificate -FileName "MyCert.pfx" -Password "mypassword"



PS C:\\>New-AADIntSAMLToken -ImmutableId "Ah2J42BsPUOBoUcsCYn7vA==" -Issuer "http://mysts.company.com/adfs/ls"

-Certificate $cert











RELATED LINKS





CommonParameters : True

WorkflowCommonParameters : False

details : @{name=New-AADIntUser; noun=; verb=}

Syntax : @{syntaxItem=System.Object[]}

parameters : @{parameter=System.Object[]}

inputTypes : @{inputType=}

returnValues : @{returnValue=}

aliases : None



remarks : None

alertSet :

description :

examples :

Synopsis :

New-AADIntUser [[-AccessToken] <string>] [[-LicenseOptions] <Object>]

[[-AlternateEmailAddresses] <Object>] [[-AlternateMobilePhones] <Object>]

[[-AlternativeSecurityIds] <Object>] [[-BlockCredential] <Object>] [[-City] <Object>]

[[-CloudExchangeRecipientDisplayType] <Object>] [[-Country] <Object>] [[-Department]

<Object>] [[-DirSyncProvisioningErrors] <Object>] [[-DisplayName] <Object>] [[-Errors]

<Object>] [[-Fax] <Object>] [[-FirstName] <Object>] [[-ImmutableId] <Object>]

[[-IndirectLicenseErrors] <Object>] [[-IsBlackberryUser] <Object>] [[-IsLicensed] <Object>]

[[-LastDirSyncTime] <Object>] [[-LastName] <Object>] [[-LastPasswordChangeTimestamp]

<Object>] [[-LicenseAssignmentDetails] <Object>] [[-LicenseReconciliationNeeded] <Object>]

[[-Licenses] <Object>] [[-LiveId] <Object>] [[-MSExchRecipientTypeDetails] <Object>]

[[-MSRtcSipDeploymentLocator] <Object>] [[-MSRtcSipPrimaryUserAddress] <Object>]

[[-MobilePhone] <Object>] [[-OathTokenMetadata] <Object>] [[-ObjectId] <Object>] [[-Office]

<Object>] [[-OverallProvisioningStatus] <Object>] [[-PasswordNeverExpires] <Object>]

[[-PasswordResetNotRequiredDuringActivate] <Object>] [[-PhoneNumber] <Object>]

[[-PortalSettings] <Object>] [[-PostalCode] <Object>] [[-PreferredDataLocation] <Object>]

[[-PreferredLanguage] <Object>] [[-ProxyAddresses] <Object>] [[-ReleaseTrack] <Object>]

[[-ServiceInformation] <Object>] [[-SignInName] <Object>] [[-SoftDeletionTimestamp]

<Object>] [[-State] <Object>] [[-StreetAddress] <Object>] [[-StrongAuthenticationMethods]

<Object>] [[-StrongAuthenticationPhoneAppDetails] <Object>]

[[-StrongAuthenticationProofupTime] <Object>] [[-StrongAuthenticationRequirements]

<Object>] [[-StrongAuthenticationUserDetails] <Object>] [[-StrongPasswordRequired]

<Object>] [[-StsRefreshTokensValidFrom] <Object>] [[-Title] <Object>] [[-UsageLocation]

<Object>] [[-UserLandingPageIdentifierForO365Shell] <Object>] [[-UserPrincipalName]

<Object>] [[-UserThemeIdentifierForO365Shell] <Object>] [[-UserType] <Object>]

[[-ValidationStatus] <Object>] [[-WhenCreated] <Object>] [[-LicenseAssignment] <Object>]

[[-DisabledServicePlans] <Object>] [[-Error] <Object>] [[-ReferencedObjectId] <Object>]

[[-Status] <Object>] [[-ForceChangePassword] <bool>] [[-Password] <string>]

[<CommonParameters>]



ModuleName : AADInternals

nonTerminatingErrors :

xmlns:command : http://schemas.microsoft.com/maml/dev/command/2004/10

xmlns:dev : http://schemas.microsoft.com/maml/dev/2004/10

xmlns:maml : http://schemas.microsoft.com/maml/2004/10

Name : New-AADIntUser

Category : Function

Component :

Role :

Functionality :