Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Warn of duplicate account in verification email

    The current method of presenting a visual warning to the user when they click sign up is wrong and not best security practice.

    If user already has an account in the tenant with a certain email address, they are able to enter that email address again, click "verify" get an email with a verification code, fill out the sign up and click create before getting a warning.

    Ideally, in place of a verification email they should get an email saying they already have an account with this email address.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
    • Option to choose between enterprise app and regular app registration

      Today all app registrations in B2C is registered as Enterprise Applications and are available for any AzureAD tenants. The consequence of this is that users from any teneant can create themself a access token that is valid for a application registered in B2C (resource/scope can be set to a resource outside own tenant). In many scenarios this poses a security challange as we in most cases want full control of which identities that can be authentication and granted access to own applications. This must be addressed when B2C support client_credential flow and on-behalf of flow. Please add an option for…

      3 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
      • Add some more fields to the App Registration and capture the id of the creator

        When creating app registrations in B2C it should be possible to add custom tags or a comment field so that we can register som additional inform ation about the app registration (e.g purpose, what application it is used for, who is the owner or contact person). It should also automatically register who created the app registration and when it was done (CreatedBy and Date)

        3 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
        • bug - div id=email_ver_wait visible after the third attempt to enter wrong verification code

          I am working on ui customization. I have styled div id=email_ver_wait element. It appears when the user clicks verify code button and disappears when the verification process is done. But, when the user enters wrong verification code three times the element is permanently visible.

          Steps to reproduce:
          1. Run "sign-up or sing-in" policy
          2. Click "sign-up now" link
          3. Enter any valid e-mail address.
          4. Click "Send verification code"
          5. Enter invalid code and click "Verify code" button
          6. Repeat step 5 until "
          You've made too many incorrect attempts. Please try again later" message appears.
          7. bug: email_ver_wait element…

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
          • Should not turn on Japanese IME when focus to E-mail address field on B2C Sign-In page.

            Summary:
            When customer focus to E-mail address field on B2C Sign-In page, Japanese IME turns ON automatically. However, E-mail address is single byte character, it should not turn on automatically.
            This behavior caused lots of login user makes mistake typing during Sign-In and Sign-Up (also, password recovery).

            Preparation Step for repro environment:

            1. Go to the blade "https://portal.azure.com/#blade/Microsoft_AAD_B2CAdmin/TenantManagementMenuBlade/policiesB2CSignUpOrSignIn".
            2. Edit your SignUp/SingIn policy
            3. Go to Language Customization (Preview)
            4. Add Language "Japanese".
            5. Save.

            Repro Step:

            1. Access to B2C Sign-In page via Japanese Windows 10 Edge browser.
            2. Focus on E-mail address field.

            Result:
            Japanese IME…

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
            • Log user authentications in Azure Active Directory B2C

              The logs available in Azure Active Directory, "Audit Logs" and "Sign-in" don't show activity related to consumer authentications. Having a view of consumer logins via the Azure Active Directory or Azure AD B2C sections would be very useful.

              4 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
              • Work natively with ValidateAntiForgeryToken

                Plugging in ADB2C to an existing MVC website breaks all of the forms that should use ValidateAntiForgeryToken attributes.

                Whilst the work-around is relatively easy, it should support it out of the box by exposing the additional claim type.

                A claim of type 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier'; or 'http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider'; was not present on the provided ClaimsIdentity. To enable anti-forgery token support with claims-based authentication, please verify that the configured claims provider is providing both of these claims on the ClaimsIdentity instances it generates. If the configured claims provider instead uses a different claim type as a unique identifier, it can…

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                • Give us the new sign in experience in policies

                  Add the possibility to use the new sign in experience in si and susi policy

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                  • Parameterize UI Content

                    I am working for a client that has multiple applications pointing to the tenant, but require different UI screens. In order to do this, I have to make duplicate policies that point to different HTML pages for the content definitions. If I could pass a parameter that provided a directory on where to find the corresponding HTML then it would help manage policies in the portal and their files across applications and environments. Also, this will help provide a separation of concerns where the policy (functionality) is not directly linking to the UI pages on how the content is presented…

                    2 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                    • Add Cancel button to Azure AD B2C SignIn and combined SignIn/SignUp default UI

                      The default UI associated with the SignIn and combined SignIn/SignUp policies needs to include a Cancel button just like the SignUp screen of the SignI/SignUp policy UI does.

                      5 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                      • Show custom fields in User profile

                        Show custom fields in User profile.
                        It's not obvious/user friendly to view/edit custom properties only by Graph API.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                        • 1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                          • Support logout and single logout with SAML 2.0 claims provider

                            Support for logout and single logout with SAML 2.0 IdP configured as claims provider on B2C.

                            The logout and single logout os both requested in some customer cases and in relation to the Danish governments IdP called "NemLog-in". In relation to the Danish governments IdP it is a requirement to support logout and single logout to connect to the central federation.

                            48 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                            • Premium b2c

                              I have not able to able to assign groups to my Apps in my B2C. Help? I don’t have an option to add Azure prem license to my B2C tenant. Is this supported?

                              2 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                              • verify signature on jwt.ms

                                it would be helpful if https://jwt.ms verified the signatures of JWTs like the https://jwt.io/ does :)

                                especially b/c their signature validator doesn't validate b2c tokens: https://stackoverflow.com/questions/44330242/azure-ad-b2c-token-validation-does-not-work

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                • migrate azure b2c users from old tenant to new tenant

                                  be able to migrate user from 1 azure b2c tenant to another

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Return social IdP's original subject(sub) back to the app

                                    Return social IdP's original subject(sub) (for e.g., Google's unique id) back to the app.
                                    In order to specify the same user when migrating from B2C to another authentication server.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Support StringCollection type for User Custom Attributes

                                      Aside from String, also support StringCollection for custom-created user attributes on Azure AD B2C

                                      3 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Improve the tag filtering on the B2C Custom UI template import

                                        Currently the JavaScript that acquires the custom HTML filters the tags.

                                        This means some tags, such as 'label' get stripped out, and custom tags cannot be used which restricts a level of future proofing for technologies such as Web Components.

                                        Additionally, is there an intention to have the template imported from the server? Around 5% of calls to external files from clients fail, so it would be handy for a login page that still functions even if only the HTML gets loaded.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Reply url limited to 20

                                          At this time, Azure AD B2C applications can only have 20 or less reply URLs. Please remove this limit, so we can add more application to it.

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 9 10
                                          • Don't see your idea?

                                          Feedback and Knowledge Base