Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Get user membership groups in the claims with AD B2C

    As it's possible in the standard AD by changing the API application manifest option "groupMembershipClaims" to "SecurityGroup", is it possible to return user membership group in the claims with AD B2C?

    Now, we can have only the default and custom attributes by adding a signin policy, but it's impossible to get user membership groups.

    226 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      21 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
    • Fully customizable verification emails

      Currently, Azure AD B2C sends verification codes via emails to end users during sign-up and password reset flows. These emails have limited customization. Add support for full customization of the email body & content.

      207 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        22 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
      • Add Japan region to data residency location of Azure AD B2C

        Lots of Japanese customers would like to use Azure AD B2C. But they can not decide to adopt B2C because we do not have Japan region as data residency location.

        202 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
        • Add an Azure AD Identity Provider

          AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

          166 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            25 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

            Authenticating using an Azure AD identity provider is now in public preview via custom policies. You can check out the instructions here – https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom.

            Please note that we expect to have Azure AD and custom OIDC identity providers via built-in policies in the coming weeks.

            In the meantime, we would love your feedback if you get a chance to try it out!

            /Parakh

          • Customer-owned domains

            Run Azure AD B2C's sign-up & sign-in pages under a custom domain, for e.g., login.contoso.com, instead of login.microsoftonline.com.

            144 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              15 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

              Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.

              If you are looking to use custom domains to use javascript, we are now looking to enable that experience by providing a new (non-customizable) domain. Please look for updates here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15493536-add-support-for-javascript-inside-the-custom-ui-br

              /Parakh

            • AADB2C: Send email invitation for new user to sign up

              I would like the ability to trigger an email invitation be sent to new users for our web application that I want to authenticate with AADB2C. In our multi-tenant design, each tenant will be responsible for adding their own users to their tenant. I would like the admin of the tenant to be able to send an email invitation to the new user and then that user can complete the sign-up process.

              140 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                5 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                Thank you for the feedback. We are strongly considering this for the future. Today we are focusing on customer facing apps with open self-service signup. /Jose Rojas

              • B2C Fully Customizable Sign-In Page

                Create a Sign In Policy by which we can provide our own template for the sign in page. It could work the same way as the Sign Up policy does.

                125 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  24 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                  We’ve shipped the sign-up/signin policy which allows complete customization. Does this satisfy your needs, or do you need a separate fully customizable sign-in (only) experience?
                  thank you. /Jose Rojas

                • Azure AD B2C, How to Avoid / Validate, duplicate Sign up with Social Identity Providers

                  Hi, Assume, I sign up with Google 'siva@gmail.com', it creates a user in the tenant. I sign up with Facebook 'siva@gmail.com', it creates another user in the tenant. Also I went and Sign up using email account, for 'siva@gmail.com', now am finding 3 users with same email id. I see this is a duplicate accounts are getting created. Is there any way this can be validated & inform user in Azure AD B2C ?

                  97 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    19 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                    Thank you. We will examine the experience of duplicate sign ups across Identity providers. Would performing this check by using the email address be sufficient?

                    BTW, Linking multiple provider accounts to one user is in our roadmap and we’ve already achieved it in preview…

                    We look forward to your feedback

                    /Jose Rojas

                  • Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library

                    Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library, just like Azure AD and Active Directory Authentication Library has.

                    The Azure AD B2C page has been saying 'Get tokens using a username & password with the OAuth 2.0 Resource Owner Password Credentials Flow (coming soon)' since September 2015.
                    https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-reference-protocols/

                    97 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      16 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                      We are working to finish a prototype of this feature, and then will go through a security review. A private preview of this feature will likely be available within a few months.

                      /Parakh

                    • 79 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        9 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                        We are changing our plans slightly here. This will be enabled as a result of ‘shared domains’ this means that you will be able to start using your tenant as a subdomain of a ‘shared domain’, in the form of {tenant name}.b2clogin.com where b2clogin.com is the ‘shared domain’. You will be able to run Javascript when you are running on this shared domain. We are looking at having this in private preview in the fall and will message out again when we can start taking in users.

                        /Sam

                      • Reduce pricing for Azure AD B2C

                        Azure AD B2C seems to be an interesting and very important service, however in my opinion it is >dramatically< overpriced. Having to pay thousands of dollars >per month< just for a few million users is in no relation to other Azure Services.

                        E.g. Storing 10 million users would cost 950k * €0.00093 + 9mil * €0.00076 = 7723,5€ per month. And this doesn't even include authentications.
                        This makes me wondering if your case study Real Madrid really would like all of their 450 million fans use this service. I think they would have to sell a player in that case!…

                        68 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          6 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                        • AADB2C: How-to on multi-tenant applications based on B2C

                          As service provider using Azure as the underlying platform, I want to create an application that allows companies to create and manage their tenants and users within my service in order to provide a public service area as well as a privately owned area for the company.

                          I've read about B2C supporting multi-tenant, but I couldn't find hints within the documentation...

                          60 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                            We are currently prioritizing Azure AD as and identity provider into B2C. We will review this request after that work is done. Keep the requests coming! /Jose Rojas

                          • SAML protocol support

                            Azure AD B2C currently supports OpenID Connect and OAuth 2.0. Add SAML protocol support as well.

                            56 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                            • "Change password" policy

                              Add a new Azure AD B2C policy that allows a signed-in user to change his or her password. Not the same as password reset.

                              56 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                10 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                We’d like to understand a bit more this ask, particularly how this differs from the “Reset Password” policy.
                                Ultimately, “Reset Password” allows the user to change his/her password by doing a second factor (email) verification.

                                Is the primary driver behind this ask offering a simpler experience that doesn’t require a second factor?
                                Basically something like having a “Password” field in the “Edit Profile” policy which the user can change?
                                Would you expect them to type their old password as well?

                                Please do share as much details with regards to what you’d like to see for this ask.

                              • Multi-language support

                                Allow support for multiple languages on Azure AD B2C end user pages.

                                52 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  10 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                • Spring Security Support

                                  Storm Path is an example of an API/Service that provides all the same functionality as Azure AD B2C, and actually integrates with Spring Security very easily.

                                  https://stormpath.com/

                                  They provide code samples too:

                                  https://docs.stormpath.com/java/

                                  It would be fantastic, and ensure a much wider adoption market, if you were to create an open source project that provided the same easy integration and adoption.

                                  49 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                  • B2C Support for on-behalf-of flow

                                    To enable APIs to use authentication from another application with separate security credentials (clientId+secret). Needed for APIs to make graph calls.

                                    47 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Custom password complexity

                                      Allow the ability to set different password complexities for local accounts in a B2C tenant.

                                      43 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        6 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                        We are happy to announce that work on this feature has started. In it’s first iteration, we will allow you to set the password requirements to be simple, complex, and custom where custom allows you to turn off checks for common passwords.

                                        /Sam

                                      • Add hashed password migration to Azure AD B2C

                                        Currently, I can migrate user accounts from an existing database to Azure AD B2C. However, it only accepts unhashed passwords, which is completely useless for any modern system, which should ONLY be using hashed and salted passwords. What would actually make this feature useful is to include fields for hashed password, hash algorithm (any of several standard ones), salt and salt method (i.e., appended, prepended, etc).

                                        41 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          2 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                        • 39 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                            Authenticating using a custom OIDC identity provider is now in public preview via custom policies. You can check out the instructions on how to set up a sample OIDC identity provider like Azure AD here – https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom.

                                            Please note that we expect to have custom OIDC identity providers via built-in policies in the coming weeks.

                                            In the meantime, we would love your feedback if you get a chance to try it out!

                                            /Parakh

                                          ← Previous 1 3 4 5 8 9
                                          • Don't see your idea?

                                          Feedback and Knowledge Base