MSIdentityTools
MSIdentityTools copied to clipboard
AzureAD
CertificateUserIDs module
Changes proposed in this pull request
We are introducing a new submodule to generate certificateUserIDs. The primary goal is to help customers automate the process of creating the necessary values for mapping certificates to user accounts. This function simplifies the creation of values from a given certificate that can be mapped to certificateUserIDs.
Microsoft Entra ID has strict formatting requirements for certificateUserIDs, which can often lead to errors when administrators attempt to do this manually. By following Entra ID's logic, this module ensures that the generated certificateUserIDs are accurate, giving customers greater confidence in validating their correctness.
Examples of the usage of the module
> $output = Get-MsIdCBACertificateUserIdFromCertificate C:\path\to\certificate.cer
> $output
Name Value
---- -----
Subject X509:<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest
IssuerAndSerialNumber X509:<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA<SR>eF3gH4iJ5kL6mN7oP8qR9sT0uV
RFC822Name X509:<RFC822>[email protected]
SHA1PublicKey X509:<SHA1-PUKEY>cD2eF3gH4iJ5kL6mN7oP8qR9sT
IssuerAndSubject X509:<I>DC=com,DC=contoso,CN=CONTOSO-DC-CA<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest
SKI X509:<SKI>aB1cD2eF3gH4iJ5kL6mN7oP8qR
PrincipalName X509:<PN>[email protected]
> $output = Get-MsIdCBACertificateUserIdFromCertificate C:\path\to\certificate.cer -CertificateMapping Subject
> $output
X509:<S>DC=com,DC=contoso,OU=UserAccounts,CN=mfatest
Documentation
- [x] All exported commands have Synopsis, Parameter Descriptions, and at least one Example.
Other links
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-certificate-based-authentication-certificateuserids
@vimrang is CBA's PM aware of this change
This is a wonderful enhancement and will help customers. We already had 4-5 support cases/ IcM on this so this will help a lot. Thanks Theo.
