Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Fully customizable verification emails
Currently, Azure AD B2C sends verification codes via emails to end users during sign-up and password reset flows. These emails have limited customization. Add support for full customization of the email body & content.
1,190 votesWe continue evaluating several alternatives to provide full email customization. We are actively working on an alternative.
Unfortunately we do no yet have an ETA.
-
Customer-owned domains
Run Azure AD B2C's sign-up & sign-in pages under a custom domain, for e.g., login.contoso.com, instead of login.microsoftonline.com.
1,062 votesThank you for your patience. We have released custom domains for Azure AD B2C to public preview.
Documentation can be found here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-custom-policy
-
AADB2C: Send email invitation for new user to sign up
I would like the ability to trigger an email invitation be sent to new users for our web application that I want to authenticate with AADB2C. In our multi-tenant design, each tenant will be responsible for adding their own users to their tenant. I would like the admin of the tenant to be able to send an email invitation to the new user and then that user can complete the sign-up process.
414 votesWe have a sample for this use case here: https://github.com/azure-ad-b2c/samples/tree/master/policies/invite
Let us know what you think and if this fits your use case.
-
AADB2C: Support OAuth 2.0 client credential flow
As mentioned in the B2C limitations:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-limitations/
Our daemons / server-side applications need this feature as part of our security implementation in order to grant access to our web apis.
388 votesCurrently, you can use “App Registration” blade in the Azure Portal (outside of the Azure AD B2C blades) to register an apps that define application permission and the register apps that use client credentials to request these. The caveat is that this is done using the same mechanism that you’d use in regular Azure AD.
Ideally we’d have a first class experience for this in the Azure AD B2C blades or at least have an Azure doc that walks you through the experience I just summarized, so I’m leaving this feature ask open.
It would be great if you guys can add comments with your feedback. What scenarios areyou trying to achieve? Does the approach above help you achieve what you want to achieve? Does the experience to do so work for you guys and if not, what would you like to see?
-
Add support for the Microsoft Authenticator app in B2C
Enable the Microsoft Authenticator app to be used for 2FA in Azure B2C.
359 votesWe are looking to add additional MFA options for Azure AD B2C in the next few months. As part of the investigation, we want to learn more about your requirements. Email your feedback to aadb2cpreview@microsoft.com.
When you say “support for Microsoft Authenticator”, which feature are you referring to?
1. The ability to see the codes in the authenticator app
2. The ability to receive push notifications for MFAIf both, which do you prefer more?
Again, please email your feedback to aadb2cpreview@microsoft.com. Feel free to include more details about your scenarios/requirements!
-
AADB2C: Force password reset
Add the ability to force user's to reset password at next login. It would be ideal if this was available for both individual users as well as in bulk. This is necessary for situations such as credential leaks, etc.
354 votesWe have started the planning for this feature and hope to have a preview by the end of the calendar year. In the meantime, could you respond to aadb2cpreview@microsoft.com with the answers to the following questions:
- In which scenarios do you plan to force the user to change his/her password?
- What kind of information (if any) would you like to get back if the user goes through the reset flow?
- Do you currently or plan to track which users have reset their password? -
Azure AD B2C Data Residency in Australia
Although Azure AD B2C is available for use in Australia, there is not option to create a directiry for which the user data resides in Australia. We would like to be able to ensure that our Azure AD B2C user data remains in Australia.
313 votesWe plan to start work on this in the next 6 months. Please note we don’t have timing on when it would be available for customers.
-
Deploy and manage Active Directory B2C using ARM templates and RM PowerShell cmdlets.
When building Azure-based applications intended for generalization and multiple deployment, it would simplify both the development and deployment experience if B2C directories could be configured using the standard Azure RM template and PowerShell cmdlet functionality.
282 votesGiven that a Azure AD B2C tenant should only be used for configuring Azure AD B2C, would having programmatic API’s to configure all of the Azure AD B2C settings be useful or is there more that you are looking to achieve using ARM templates?
/Parakh
-
Azure AD B2C, How to Avoid / Validate, duplicate Sign up with Social Identity Providers
Hi, Assume, I sign up with Google 'siva@gmail.com', it creates a user in the tenant. I sign up with Facebook 'siva@gmail.com', it creates another user in the tenant. Also I went and Sign up using email account, for 'siva@gmail.com', now am finding 3 users with same email id. I see this is a duplicate accounts are getting created. Is there any way this can be validated & inform user in Azure AD B2C ?
279 votesThank you. We will examine the experience of duplicate sign ups across Identity providers. Would performing this check by using the email address be sufficient?
BTW, Linking multiple provider accounts to one user is in our roadmap and we’ve already achieved it in preview…
We look forward to your feedback
/Jose Rojas
-
Programmatically register B2C applications
I want to be able to call a Graph API to register new B2C applications
245 votesWe have restarted work on this feature. However, we don’t have a date for public preview yet.
-
B2C Support for client credential flow.
To enable APIs to use authentication from another application with separate security credentials (clientId+secret). Needed for APIs to make graph calls.
(This is not the same as on-behalf-of flow, which represents the ability to exchange an access token intended for one audience for an access token intended for a different audience)
237 votesThis is not planned for the next 6 months, but is on the roadmap.
/Parakh
-
Add Japan region to data residency location of Azure AD B2C
Lots of Japanese customers would like to use Azure AD B2C. But they can not decide to adopt B2C because we do not have Japan region as data residency location.
226 votesWe are hoping to support more datacenters in the future, especially in the Asia/Pacific region, but it is not currently planned for the short term.
/Parakh
-
Go Direct to Password Reset from Sign-In/Sign-Up
The Sign-in only policy allows the user to go directly to the password reset.
The Sign-in/Sign-Up does not allow this. The user gets redirected back and you have to handle AADB2C90118.
While this flow is useful for some people the opposite is also true. Please allow me to specify the password reset policy in my sign-in/sign-up policy so the round trip is not required if I don't want it.
188 votesWe have started working on this feature and hope to have another update by Oct 2018.
/Parakh
-
AADB2C: include username in JWT claims
AADB2C supports either email addresses or usernames for accounts. If a directory uses usernames, you don't get that username as a claim in the JWT. This means an extra trip to Azure must be made to retrieve the username. Please consider including the username in the JWT.
182 votesThis is currently not on our roadmap. You can retrieve this value by making a call through the Graph API. If this is needed for your scenarios, please continue voting and we will review at a later date.
-
"Change password" policy
Add a new Azure AD B2C policy that allows a signed-in user to change his or her password. Not the same as password reset.
166 votesWe are in the process of planning this feature and hope to have a preview available by the end of november. In the meantime, could you please respond to aadb2cpreview@microsoft.com with your responses to the following questions:
- If you had a “password change” policy, what kind of information would you like to get back once the policy has been executed?
- Would you prefer to have a policy that forces you to sign in first, and then asks you to change the password, or one that let’s you do it all on the same page?
- Would you want an email to get sent out to the user whenever the password is changed? -
Add support to Azure AD B2C for the on-behalf-of flow.
In order for a web API to call another downstream web API as the user, Azure AD B2C needs to support the OAuth on-behalf-of flow.
According to the following reference, this isn't supported in B2C: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-apps#web-api-chains-on-behalf-of-flow
I also cannot find this feature on the Azure Roadmap.
160 votes -
AADB2C Password history policy
Allow us to set passwords must not be the same as the previous passwords used by a user. The number should be configurable, so not the same as the last 10 passwords used by the individual for example.
142 votes -
AADB2C: How-to on multi-tenant applications based on B2C
As service provider using Azure as the underlying platform, I want to create an application that allows companies to create and manage their tenants and users within my service in order to provide a public service area as well as a privately owned area for the company.
I've read about B2C supporting multi-tenant, but I couldn't find hints within the documentation...
141 votesWe are currently prioritizing Azure AD as and identity provider into B2C. We will review this request after that work is done. Keep the requests coming! /Jose Rojas
-
AADB2C: Add CORS headers to AD B2C token endpoint to allow for implicit flow (XHR POSTS)
We are trying to implement Azure AD B2C authentication with a web app using implict flow. We can login and successfully get redirected to the correct url which includes the correct items on the redirect url (idtoken&code). However, as this article suggests (https://github.com/Azure/azure-content/blob/master/articles/active-directory-b2c/active-directory-b2c-reference-oidc.md#get-a-token) the app then needs to perform a xhr POST request to the token endpoint to retrieve a token for a resource (web api) the app needs to interact with. However, when I try and do an XHR POST to that token endpoint (https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token?p=b2c1_signinpolicy) the browser (quite rightly) performs a preflight check (an…
140 votesCould you elaborate more on the use case for this?
Parakh
-
Flutter / Dart Support
We need a native Flutter / Dart plugin. Flutter is the top trending respository on GitHub! https://github.com/trending
It's a very bad decision not to write any plugin's for Flutter / Dart. Once again Microsoft will be left out and will be forced to play catch up at a later date. There are many plugins for AWS, but NONE for Azure!
As of today:
Xamarin Forms has 2k likes
Flutter has over 28k likes!131 votes
- Don't see your idea?