Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Get user membership groups in the claims with AD B2C

    As it's possible in the standard AD by changing the API application manifest option "groupMembershipClaims" to "SecurityGroup", is it possible to return user membership group in the claims with AD B2C?

    Now, we can have only the default and custom attributes by adding a signin policy, but it's impossible to get user membership groups.

    584 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      42 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

      We definitely recognize the popularity of this feature, and we discuss it constantly during the planning phases. However there are certain technical limitations in the system that add a large amount of development cost. Because of the cost and the fact that there is a workaround available, other features get prioritized over this one.

      That being said, please keep voting for it. The popularity of the feature does help bring it up and makes us reconsider every time.

      Apologies for the delay.

      /Parakh


      Old message:
      We’re doing some research both on the specifics of this ask as well as what it would take to support this.
      Is the ask here to do the same thing that regular Azure AD does (see: https://blogs.technet.microsoft.com/enterprisemobility/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles/) or is are there different requirements around this for Azure AD B2C?

    • Fully customizable verification emails

      Currently, Azure AD B2C sends verification codes via emails to end users during sign-up and password reset flows. These emails have limited customization. Add support for full customization of the email body & content.

      497 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        58 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

        Hi all, a quick update here. We are looking at different options in allowing this customization. We understand that this is very important when you want to keep the look of the emails consistent with your brand to avoid confusing your users. We should have another update in the coming months as we figure out how to accomplish this.

        /Sam

      • Customer-owned domains

        Run Azure AD B2C's sign-up & sign-in pages under a custom domain, for e.g., login.contoso.com, instead of login.microsoftonline.com.

        325 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          36 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

          Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.

          If you are looking to use custom domains to use javascript, we are now looking to enable that experience by providing a new (non-customizable) domain. Please look for updates here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15493536-add-support-for-javascript-inside-the-custom-ui-br

          /Parakh

        • B2C Fully Customizable Sign-In Page

          Create a Sign In Policy by which we can provide our own template for the sign in page. It could work the same way as the Sign Up policy does.

          250 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            41 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

            Hi all, I just wanted to let you know we have started work on this and will have something available in preview within the next few weeks. I’ll post again when we have something ready to be previewed.

            /Sam

          • Add an Azure AD Identity Provider

            AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

            240 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              34 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

              We are looking for private preview customers who are interested in using Azure AD (single tenant only) or any other custom OIDC compliant identity providers in your built-in policies. If you are interested, please send an email specifying this specific request to aadb2cpreview@microsoft.com with your Azure AD B2C tenant name.

            • Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library

              Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library, just like Azure AD and Active Directory Authentication Library has.

              The Azure AD B2C page has been saying 'Get tokens using a username & password with the OAuth 2.0 Resource Owner Password Credentials Flow (coming soon)' since September 2015.
              https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-reference-protocols/

              230 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                49 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                Just to provide an update, we are close to launching a private preview. We are in the final testing stages for this feature. We will have another update in the next few weeks with instructions on how to join the private preview.

              • AADB2C: Send email invitation for new user to sign up

                I would like the ability to trigger an email invitation be sent to new users for our web application that I want to authenticate with AADB2C. In our multi-tenant design, each tenant will be responsible for adding their own users to their tenant. I would like the admin of the tenant to be able to send an email invitation to the new user and then that user can complete the sign-up process.

                221 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  16 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                  Thank you for the feedback. We are strongly considering this for the future. Today we are focusing on customer facing apps with open self-service signup. /Jose Rojas

                • Add Japan region to data residency location of Azure AD B2C

                  Lots of Japanese customers would like to use Azure AD B2C. But they can not decide to adopt B2C because we do not have Japan region as data residency location.

                  206 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    8 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                  • 206 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      29 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                      Hi all, an update on how we plan to be rolling this out. Originally we said that this would be allowed on a subdomain provided for each tenant, but we are adding an additional requirement here. In addition to only running JS on .B2Clogin.com, we are creating versioned packages of html, css and JS content for each page. You will be able to lock your pages to a specific version so as we update anything on our side, you won’t run the risk of unexpected behaviour on your page. We are planning to roll out .b2clogin.com without JS support sooner and the page contracts will be coming to private preview in the coming weeks.

                      /Sam

                    • SAML protocol support

                      Azure AD B2C currently supports OpenID Connect and OAuth 2.0. Add SAML protocol support as well.

                      174 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        13 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                      • Azure AD B2C, How to Avoid / Validate, duplicate Sign up with Social Identity Providers

                        Hi, Assume, I sign up with Google 'siva@gmail.com', it creates a user in the tenant. I sign up with Facebook 'siva@gmail.com', it creates another user in the tenant. Also I went and Sign up using email account, for 'siva@gmail.com', now am finding 3 users with same email id. I see this is a duplicate accounts are getting created. Is there any way this can be validated & inform user in Azure AD B2C ?

                        139 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          29 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                          Thank you. We will examine the experience of duplicate sign ups across Identity providers. Would performing this check by using the email address be sufficient?

                          BTW, Linking multiple provider accounts to one user is in our roadmap and we’ve already achieved it in preview…

                          We look forward to your feedback

                          /Jose Rojas

                        • B2C Support for on-behalf-of flow

                          To enable APIs to use authentication from another application with separate security credentials (clientId+secret). Needed for APIs to make graph calls.

                          112 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                          • Reduce pricing for Azure AD B2C

                            Azure AD B2C seems to be an interesting and very important service, however in my opinion it is >dramatically< overpriced. Having to pay thousands of dollars >per month< just for a few million users is in no relation to other Azure Services.

                            E.g. Storing 10 million users would cost 950k * €0.00093 + 9mil * €0.00076 = 7723,5€ per month. And this doesn't even include authentications.
                            This makes me wondering if your case study Real Madrid really would like all of their 450 million fans use this service. I think they would have to sell a player in that case!…

                            104 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              11 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                              Restating what Alex Simons said in the comments below:

                              The vast majority of our B2C customers see monthly active user rates in the 10 – 15% at the very high end. In addition, most set their token lifetimes to be relatively long (you don’t want users on a mobile device to have to authenticate more than is absolutely necessary) so even though a user might be actively using your app each month, they might only be requesting a token every other month – or maybe even less.

                              So if you compare this to either AWS or running your own authentication server (make sure you included the full cost to maintain/run/upgrade/etc.) I think you will find it’s very price competitive.

                              That said, we are looking at some additional pricing options that would give apps that have a very high usage rate (50% or more of users active each month) some options…

                            • AADB2C: Force password reset

                              Add the ability to force user's to reset password at next login. It would be ideal if this was available for both individual users as well as in bulk. This is necessary for situations such as credential leaks, etc.

                              99 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                9 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                              • AADB2C: How-to on multi-tenant applications based on B2C

                                As service provider using Azure as the underlying platform, I want to create an application that allows companies to create and manage their tenants and users within my service in order to provide a public service area as well as a privately owned area for the company.

                                I've read about B2C supporting multi-tenant, but I couldn't find hints within the documentation...

                                89 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  12 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                  We are currently prioritizing Azure AD as and identity provider into B2C. We will review this request after that work is done. Keep the requests coming! /Jose Rojas

                                • AADB2C: Support OAuth 2.0 client credential flow

                                  As mentioned in the B2C limitations:

                                  https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-limitations/

                                  Our daemons / server-side applications need this feature as part of our security implementation in order to grant access to our web apis.

                                  84 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    14 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                    Currently, you can use “App Registration” blade in the Azure Portal (outside of the Azure AD B2C blades) to register an apps that define application permission and the register apps that use client credentials to request these. The caveat is that this is done using the same mechanism that you’d use in regular Azure AD.

                                    Ideally we’d have a first class experience for this in the Azure AD B2C blades or at least have an Azure doc that walks you through the experience I just summarized, so I’m leaving this feature ask open.

                                    It would be great if you guys can add comments with your feedback. What scenarios areyou trying to achieve? Does the approach above help you achieve what you want to achieve? Does the experience to do so work for you guys and if not, what would you like to see?

                                  • B2C Roadmap

                                    Deliver a roadmap which shows what functionality is planned and under review.

                                    79 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      2 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Custom password complexity

                                      Allow the ability to set different password complexities for local accounts in a B2C tenant.

                                      75 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        12 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                      • "Change password" policy

                                        Add a new Azure AD B2C policy that allows a signed-in user to change his or her password. Not the same as password reset.

                                        72 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          11 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

                                          We’d like to understand a bit more this ask, particularly how this differs from the “Reset Password” policy.
                                          Ultimately, “Reset Password” allows the user to change his/her password by doing a second factor (email) verification.

                                          Is the primary driver behind this ask offering a simpler experience that doesn’t require a second factor?
                                          Basically something like having a “Password” field in the “Edit Profile” policy which the user can change?
                                          Would you expect them to type their old password as well?

                                          Please do share as much details with regards to what you’d like to see for this ask.

                                        • Programmatically register B2C applications

                                          I want to be able to call a Graph API to register new B2C applications

                                          69 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 12 13
                                          • Don't see your idea?

                                          Feedback and Knowledge Base