New-EntraIdentityProvider

Module:

Microsoft.Graph.Entra

Configure a new identity provider in the directory.

Syntax

New-EntraIdentityProvider
   -Type <String>
   -ClientSecret <String>
   -ClientId <String>
   [-Name <String>]
   [<CommonParameters>]

Description

The New-EntraIdentityProvider cmdlet is used to configure an identity provider in the directory.

Adding an identity provider will allow users to sign up for or sign into applications secured by Microsoft Entra ID B2C using the identity provider.

Configuring an identity provider in your Microsoft Entra ID tenant also enables future B2B guest scenarios.

For example, an organization has resources in Office 365 that needs to be shared with a Gmail user. The Gmail user will use their Google account credentials to authenticate and access the documents.

The current set of identity providers can be:

• Microsoft
• Google
• Facebook
• Amazon
• LinkedIn

The work or school account needs to belong to at least the External Identity Provider Administrator Microsoft Entra role.

Examples

Example 1: Add LinkedIn identity provider

Connect-Entra -Scopes 'IdentityProvider.ReadWrite.All'
New-EntraIdentityProvider -Type 'LinkedIn' -Name 'LinkedInName' -ClientId 'LinkedInAppClientId' -ClientSecret 'LinkedInAppClientSecret'

Id             DisplayName
--             -----------
LinkedIn-OAUTH LinkedInName

This example adds a LinkedIn identity provider.

• -Type parameter specifies the identity provider type. It must be one of the following values: Microsoft, Google, Facebook, Amazon, or LinkedIn.
• -Name parameter specifies the display name of the identity provider.
• -ClientId parameter specifies the client identifier for the application, obtained during the application's registration with the identity provider.
• -ClientSecret parameter specifies the client secret for the application, obtained during registration with the identity provider.

Parameters

-ClientId

The client identifier for the application, obtained during the application's registration with the identity provider.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-ClientSecret

The client secret for the application, obtained during registration with the identity provider, is write-only. A read operation returns ****.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-Name

The display name of the identity provider.

Type:	System.String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Type

The identity provider type. It must be one of the following values: Microsoft, Google, Facebook, Amazon, or LinkedIn.

For a B2B scenario, possible values: Google, Facebook. For a B2C scenario, possible values: Microsoft, Google, Amazon, LinkedIn, Facebook, GitHub, Twitter, Weibo, QQ, WeChat.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

None

Outputs

System.Object

Related Links

• Remove-EntraIdentityProvider