Managing TAP Access Codes with Microsoft PowerShell Graph Module

/ January 29, 2025

Temporary Access Pass (TAP) is a Microsoft Entra ID (Azure AD) feature that allows administrators to create time-limited passcodes for user authentication. These codes are particularly useful in scenarios like onboarding, recovering access, or transitioning to passwordless authentication.

Using the Microsoft Graph PowerShell module, you can efficiently manage TAP codes programmatically. Here’s how you can create and delete TAP codes with ease.

My assumption is that you have already registered the APP in Entra with API permissions (UserAuthenticationMethod.ReadWrite.All) and attached certificate to it for connection.

Refer: Create temporaryAccessPassMethod

Step first is to connect to Microsoft graph module

Connect-MgGraph -ClientId $ClientID -CertificateThumbprint $ThumbPrint -TenantId $TenantName

  • Replace $ClientID with your App Registration ID.
  • Replace $ThumbPrint with your certificate’s thumbprint.
  • Replace $TenantName with your Entra tenant ID.

Now let’s create a TAP code for one of the accounts

$userId = “TESTUSER1@labtest.com”

[string]$CurrentDateTime = (Get-Date).ToUniversalTime().ToString(“yyyy-MM-ddTHH:mm:ss.fffZ”)

$body = @{

    “startDateTime”= “$CurrentDateTime”

    “lifetimeInMinutes”= 14400

    “isUsableOnce” = “$false”

  }

$tapcode = New-MgUserAuthenticationTemporaryAccessPassMethod -UserId $userId -BodyParameter $body

$tapcode.TemporaryAccessPass # this will give you the generated passcode

Similarly, there can be situation where you want to delete the passcode as it has already been used, and you want to expire it before its expiry.

$checktapforuser = Get-MgUserAuthenticationTemporaryAccessPassMethod -UserId $userId  

Remove-MgUserAuthenticationTemporaryAccessPassMethod -UserId $userId -TemporaryAccessPassAuthenticationMethodId $checktapforuser.id

Managing TAP codes with the Microsoft Graph PowerShell module allows administrators to automate secure access management. By using certificate-based authentication, you ensure a secure and scalable way to handle TAPs programmatically.

 

 

Thanks for reading…

Tech Wizard

https://techwizard.cloud

PowerShell Fast Track

Related posts

Leave a comment