| title | Authentication Extensibility Administrator |
|---|---|
| description | Authentication Extensibility Administrator |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
This is a privileged role. Assign the Authentication Extensibility Administrator role to users who need to do the following tasks:
- Create and manage all aspects of custom authentication extensions.
Users with this role can't do the following:
- Can't assign custom authentication extensions to applications to modify the authentication experiences, and can't consent to application permissions or create app registrations associated with the custom authentication extension. Instead, you must use the Application Administrator, Application Developer, or Cloud Application Administrator roles.
A custom authentication extension is an API endpoint created by a developer for authentication events and is registered in Microsoft Entra ID. Application administrators and application owners can use custom authentication extensions to customize their application's authentication experiences, such as sign in and sign up, or password reset.
[!div class="mx-tableFixed"]
Actions Description microsoft.directory/customAuthenticationExtensions/allProperties/allTasks Create and manage custom authentication extensions