Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Rename Azure AD Application "Office 365 Exchange Online" to "Outlook"

    Users with Office 365 license when accessing myapps.microsoft.com do not understand that in order to open "Outlook Web App" they should use "Office 365 Exchange Online" icon. Please rename Azure AD Application "Office 365 Exchange Online" to "Outlook" or "Outlook Web App".

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Self service registration of Applications to be extended to SP initiated flows

    Currently AAD admin can configure self service access for pre-provisioned apps wherein they can configure users to request access to applications from the Myapps portal experience. (https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access). This is similar to the IDP initiated experience. However we have some apps which require users to start with Service Provider but they are not granted access to the users and groups. Extending this feature to Service provider initiated flows will allow the user to request access to those applications ( SAML, Password SSO, OIDC) if the user is not already granted access. An Administrator can choose to be notified and…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  3. Be able to provide credentials when assigning an Enterprise Application through PowerShell

    We are on-boarding hundreds of SaaS applications in to Enterprise Apps across a number of customers.

    When we assign these Enterprise Apps to users/groups we populate the credentials so they don't need to ever know them.

    Currently this is having to be done manually in the portal (which is really really time consuming) but we need it to be available as an option/action through PowerShell.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add an APPEND transformation method to SAML claims

    I would like to append static text to the end of an attribute. The Join method has two attributes required, with a static separator. Join would work if attribute #2 was not required.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. Keep SSO user Signed in into JIRA

    When a user closes the web browser after signing in thru the Azure AD SSO plug-in for JIRA, the user is shown the JIRA login-screen again, however he is still logged in to Azure AD/Office 365. This requires the user click the Azure AD sign in button again. The user is then signed in into JIRA instantly.
    Is it possible to keep the user logged in into JIRA after closing the browser window, as he keeps logged in state in AzureAD

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure AD->EnterpriseApp->All App->New App button is disabled

    Azure AD->EnterpriseApp->All App->New App button is disabled for normal user, it should give a warning that this feature is not available for a normal user or "You need to have Admin " permissions to enable this feature.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. Application Roles UI

    Support the assignment of multiple application roles to users via the new portal. In the classic portal you can only assign a single application role to a user (and have to use the API to assign more).

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support different Workday datacenters in federation

    Hello everyone, right now the Workday federation only works if your Workday solution is hosted out of their west coast data center. As a European company our data will never be there, can we push to get federations to the other data centers, especially Dublin, please?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow adding a suffix to the end of the email in the name identifier(nameID)

    Allow to add a suffix to the end of the email and send it as the name ID. For example:
     

    user@domain.com is the email, that is being sent as the nameID, but we need to add a suffix at the end, example "test", so Azure will send user@domain.com.test as the name identifier(nameID)

    We know that this possible with AD FS using replace email suffix with new email suffix and we need to have the same behavior in Azure AD. This is needed because we have multiple ORG at Salesforce and each ORG needs to use a unique email address…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add SCIM to support UserType field in Scoping Filter

    If AAD UserType field was available in SCIM Scoping Filter, it would be easy to filter out all guest users from the scope of synchronization.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    Hi we will review.

    One option to consider is to set the filter to filter out specific domains that guest users are coming from. You could also control who is provisioned based on groups that users are assigned to.

    That being said, the need to scope on user type makes sense.

  11. We would like to have an advanced claim transformation process to simply the configuration of AWS app integrations

    For the integration of AWS with AzureSSO we need to send via the claim "https://aws.amazon.com/SAML/Attributes/Role" the aws account and role information, which will be used for authentication on AWS side. For our scenario, we create for each users an own role in AWS and want to generate the role claim based on the user mail address.

    The transformation of the claim should work like:
    1.) Extract the mail prefix from the user with ExtractMailPrefix()
    2.) Execute on the value from 1.) a tolowercase()
    3.) Use the value from 2.) in a Replace transformation

    The result should look like…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Workday to AD multiple domain support: Resolve manager references across domains

    As an AD Admin, when configuring Workday to Active Directory User Provisioning integration we would like the user provisioning service to resolve manager references across domains so that it supports the scenario where a user in one child domain and the user's manager is in another domain.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support Chrome Credentials Passing API for SAML SSO

    Using Azure AD SAML SSO with G Suite, when logging into a Chrome OS device after completing the Azure AD sign in you need to enter your password in to a Chrome dialog. Google has an API available to SAML vendors to bypass this extra step: https://www.chromium.org/administrators/advanced-integration-for-saml-sso-on-chrome-devices

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  14. Password based SSO - support multiple app profiles per user

    The Password based SSO solution does not allow for multiple app profiles.
    Eg use case:
    Digital Marketing team supports multiple brands, and requires access to multiple accounts within the same social platform, like facebook.com.

    A single user or group can be assigned multiple Password based SSO Apps.
    User installs PlugIn in Chrome or IE or FireFox.
    User navigates to facebook.com url and there is no auto sign in. - ok
    User goes to MyApps portal and clicks Brand A Facebook app. - User is signed in.
    User does what they need to do and then change accounts.
    They click to…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. Service Principals is so broken from a UI standpoint. Needs to be redone.

    Here is a link to the official documentation, notice how it is like 200 steps:

    https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal

    This is HORRIBLE guys. On Amazon, to grant API access to something it is one click - Generate API Key.

    I wasted 20 minutes trying to follow above steps. Guess what - at the end, it still doesn't work. Awesome! Now I get to debug your broken system for you instead of being productive.

    Can you please either:


    • Get rid of Service Principals (please shoot it), and just add a Generate API key command to replace it.

    • Add Generate API Key as an alternative…
    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. Provisioning connector to Dashlane

    Dashlane is a cloud based password management solution that supports SAML 2.0 https://support.dashlane.com/hc/en-us/articles/212111089. Would it possible to it to the App Gallery?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  17. AzureAD custom developed apps appRoles management UI

    Currently AzureAD appRole claims for custom developed apps are managed differently withing portal UI.

    For appRoles decalared as "user" on a custom developed app are manged through User/Group while appRoles declared as "Application" are managed through configuratin/Permissions.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add Concatenate/Prepend/Append function to Claim Transformations

    Provide a function to concatenate two values as part of claim transformation. Should allow existing attributes OR the ability to concatenate/Prepend/Append an attribute value with static text - even for NameID. In our case, we have third party applications that can be SSO enabled, but that do not use one of our registered domain names. Solving this through AD extension is feasible, but using expressions would be much simpler.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. Optional claims from https endpoint

    It would be great it we could have an optional claim fetched from an external https endpoint (secured with an Azure AD application token).

    We have some requirement where some privacy rule requires us to decrypt an encrypted user attribute, before sending it to the external application.

    By allowing us to specify an url endpoint for that claim we could manage the encryption ourself. Azure should send the user id (or allow us to include some user attribute in the request)

    It should also pass an azure ad jwt token with the application id that is used in the current…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. Require IsMemberOf filter for users sync

    Azure Databricks SCIM Provisioning Connector needs IsMemberOf filter for users sync.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base