Azure AD Verifiable Credentials (PowerShell version)

In this blog post I will cover the setup Verifiable Credentials but first.

What are Verifiable credentials?

We use IDs in our daily lives. We have drivers licenses that we use as evidence of our ability to operate a car. Universities issue diplomas that prove we attained a level of education. We use passports to prove who we are to authorities as we arrive to other countries. The data model describes how we could handle these types of scenarios when working over the internet but in a secure manner that respects users’ privacy. You can get additional information in The Verifiable Credentials Data Model 1.0.

In short, verifiable credentials are data objects consisting of claims made by the issuer attesting information about a subject. These claims are identified by schema and include the DID issuer and subject. The issuer’s DID creates a digital signature as proof that they attest to this information.


How to setup underlying resources?


Create a Service Principal

Connect to to Azure AD with Connect-AzAccount -TenantId switch

If You will use Connect-AzAccount with out any switches, You will get an warning.

Or You can check the Application from Enterprise applications.

Create a key Vault

You can create the Key vault with the following command

And then You can see it inside Your portal.


You can add the permissions with the following.

Then You can see the permissions inside the Key vault.

App registration

App registration permissions

Add permissions to the App for the API created in the earlier steps.

And grant admin consent.

And done.

Set up Verifiable Credentials


Create a storage account

You can create a storage account with PowerShell.

Create container under Storage account

Remove public access from Storage Account

Create configuration files

Azure AD Verifiable Credentials uses two JSON configuration files, the rules file and the display file.

  • The rules file describes important properties of verifiable credentials. In particular, it describes the claims that subjects (users) need to provide before a verifiable credential is issued for them.
  • The display file controls the branding of the credential and styling of the claims.

Create two files, first one VerifiedCredentialExpertDisplay.json

And the second one VerifiedCredentialExpertRules.json

Upload the configuration files

Open the container You created earlier and upload the json files

And done.

Creating Verifiable credentials

Search for Verifiable and open Credentials, then Create.

Select the files that we just uploaded.

And done.

Final thoughts

With Verifiable credentials you will be able to provide other proof of Your identity like passport, driving license, work agreement or even a school diploma.

Really nice feature but the setup in Preview mode is a little bit difficult, hopefully I made it a little bit easier for all.

In the upcoming parts I will be connecting this setup to Azure B2C with Custom policies!

Silverlinks volunteers learn to Keep Calm and Pass it On | Silverlinks
Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *