Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Get user membership groups in the claims with AD B2C

    As it's possible in the standard AD by changing the API application manifest option "groupMembershipClaims" to "SecurityGroup", is it possible to return user membership group in the claims with AD B2C?

    Now, we can have only the default and custom attributes by adding a signin policy, but it's impossible to get user membership groups.

    155 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      14 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
    • Add an Azure AD Identity Provider

      AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

      137 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        22 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

        We are making this feature available through custom policies. Custom policies are targeted at users who are familiar with OpenIDConnect flows, understand identity providers, and claims-based authentication. The tradeoff is that custom policies will require additional setup and maintenance work. This new configuration method complements the built-in policies and thus will not be compatible with existing policies. There will be more details to come.

        If you are interested in a private preview of this feature, please provide your tenant name and describe your scenario in a mail to: AADB2CPreview@microsoft.com.

        /Sam

      • AADB2C: Send email invitation for new user to sign up

        I would like the ability to trigger an email invitation be sent to new users for our web application that I want to authenticate with AADB2C. In our multi-tenant design, each tenant will be responsible for adding their own users to their tenant. I would like the admin of the tenant to be able to send an email invitation to the new user and then that user can complete the sign-up process.

        113 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          5 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

          Thank you for the feedback. We are strongly considering this for the future. Today we are focusing on customer facing apps with open self-service signup. /Jose Rojas

        • Fully customizable verification emails

          Currently, Azure AD B2C sends verification codes via emails to end users during sign-up and password reset flows. These emails have limited customization. Add support for full customization of the email body & content.

          111 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            12 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
          • Customer-owned domains

            Run Azure AD B2C's sign-up & sign-in pages under a custom domain, for e.g., login.contoso.com, instead of login.microsoftonline.com.

            88 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              9 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

              Development is underway for a new “Custom Domains” blade in Azure AD B2C which will allow you to add a domain, verify it and upload an SSL certificate that will be used to serve up the login page from the custom domain.

              We’re currently hoping to have this available by summer 2017.

              If there are specific requirements or scenarios that you’re interested in, please make sure to call them out in the comments section so that we can keep those in mind.

              /Saca

            • B2C Fully Customizable Sign-In Page

              Create a Sign In Policy by which we can provide our own template for the sign in page. It could work the same way as the Sign Up policy does.

              87 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                18 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                We’ve shipped the sign-up/signin policy which allows complete customization. Does this satisfy your needs, or do you need a separate fully customizable sign-in (only) experience?
                thank you. /Jose Rojas

              • Azure AD B2C, How to Avoid / Validate, duplicate Sign up with Social Identity Providers

                Hi, Assume, I sign up with Google 'siva@gmail.com', it creates a user in the tenant. I sign up with Facebook 'siva@gmail.com', it creates another user in the tenant. Also I went and Sign up using email account, for 'siva@gmail.com', now am finding 3 users with same email id. I see this is a duplicate accounts are getting created. Is there any way this can be validated & inform user in Azure AD B2C ?

                64 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  12 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                  Thank you. We will examine the experience of duplicate sign ups across Identity providers. Would performing this check by using the email address be sufficient?

                  BTW, Linking multiple provider accounts to one user is in our roadmap and we’ve already achieved it in preview…

                  We look forward to your feedback

                  /Jose Rojas

                • Spring Security Support

                  Storm Path is an example of an API/Service that provides all the same functionality as Azure AD B2C, and actually integrates with Spring Security very easily.

                  https://stormpath.com/

                  They provide code samples too:

                  https://docs.stormpath.com/java/

                  It would be fantastic, and ensure a much wider adoption market, if you were to create an open source project that provided the same easy integration and adoption.

                  47 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                  • 47 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                    • AADB2C: How-to on multi-tenant applications based on B2C

                      As service provider using Azure as the underlying platform, I want to create an application that allows companies to create and manage their tenants and users within my service in order to provide a public service area as well as a privately owned area for the company.

                      I've read about B2C supporting multi-tenant, but I couldn't find hints within the documentation...

                      46 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        7 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                        We are currently prioritizing Azure AD as and identity provider into B2C. We will review this request after that work is done. Keep the requests coming! /Jose Rojas

                      • Reduce pricing for Azure AD B2C

                        Azure AD B2C seems to be an interesting and very important service, however in my opinion it is >dramatically< overpriced. Having to pay thousands of dollars >per month< just for a few million users is in no relation to other Azure Services.

                        E.g. Storing 10 million users would cost 950k * €0.00093 + 9mil * €0.00076 = 7723,5€ per month. And this doesn't even include authentications.
                        This makes me wondering if your case study Real Madrid really would like all of their 450 million fans use this service. I think they would have to sell a player in that case!…

                        45 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          2 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library

                          Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library, just like Azure AD and Active Directory Authentication Library has.

                          The Azure AD B2C page has been saying 'Get tokens using a username & password with the OAuth 2.0 Resource Owner Password Credentials Flow (coming soon)' since September 2015.
                          https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-reference-protocols/

                          45 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            11 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                            We’re currently scoping out this feature and the possibility of getting this in the backlog.
                            We hope to have an update on this by summer 2017.

                            UPDATE: Just wanted to clarify, this would only work for local accounts as social identity providers (Facebook, Google, etc) don’t support this. We’d appreciate to comments from you guys on whether you are aware and ok with this limitation or get feedback on what you’d expect to see otherwise.

                            /Saca

                          • Multi-language support

                            Allow support for multiple languages on Azure AD B2C end user pages.

                            43 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                              We’re currently working through a private preview of the feature and expect to be in public preview by early summer. For this release we will provide translations for many languages and the ability to customize some the translations with your own preference.

                              /Sam

                            • "Change password" policy

                              Add a new Azure AD B2C policy that allows a signed-in user to change his or her password. Not the same as password reset.

                              43 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                We’d like to understand a bit more this ask, particularly how this differs from the “Reset Password” policy.
                                Ultimately, “Reset Password” allows the user to change his/her password by doing a second factor (email) verification.

                                Is the primary driver behind this ask offering a simpler experience that doesn’t require a second factor?
                                Basically something like having a “Password” field in the “Edit Profile” policy which the user can change?
                                Would you expect them to type their old password as well?

                                Please do share as much details with regards to what you’d like to see for this ask.

                                /Saca

                              • Azure B2C custom user attribute validation like using regex, range etc. e.g. postcode, date of birth

                                Ability to validate custom attributes like postcode, date of birth etc. On the user sign-up page / edit profile pages, either by providing a validation choice like "RegEx/Range" or by allowing JS.

                                31 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  5 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                • SAML protocol support

                                  Azure AD B2C currently supports OpenID Connect and OAuth 2.0. Add SAML protocol support as well.

                                  28 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    2 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Custom password complexity

                                    Allow the ability to set different password complexities for local accounts in a B2C tenant.

                                    28 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      5 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                    • AADB2C: Add CORS headers to AD B2C token endpoint to allow for implicit flow (XHR POSTS)

                                      We are trying to implement Azure AD B2C authentication with a web app using implict flow. We can login and successfully get redirected to the correct url which includes the correct items on the redirect url (id_token&code). However, as this article suggests (https://github.com/Azure/azure-content/blob/master/articles/active-directory-b2c/active-directory-b2c-reference-oidc.md#get-a-token) the app then needs to perform a xhr POST request to the token endpoint to retrieve a token for a resource (web api) the app needs to interact with. However, when I try and do an XHR POST to that token endpoint (https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token?p=b2c_1_signinpolicy) the browser (quite rightly) performs a preflight check (an OPTIONS…

                                      27 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Add hashed password migration to Azure AD B2C

                                        Currently, I can migrate user accounts from an existing database to Azure AD B2C. However, it only accepts unhashed passwords, which is completely useless for any modern system, which should ONLY be using hashed and salted passwords. What would actually make this feature useful is to include fields for hashed password, hash algorithm (any of several standard ones), salt and salt method (i.e., appended, prepended, etc).

                                        27 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                        • allow plus sign in email addresses

                                          Using AD B2C, when signing up with an email address, it does not seem to approve of ***+test@gmail.com where *** is my valid gmail address. But this is a valid email address. It is invaluable for testing. Please make the validation conform to the proper RFC and do not make it overly restrictive. Or make it configurable by a regex or something.

                                          25 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 6 7
                                          • Don't see your idea?

                                          Feedback and Knowledge Base