Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Managed Whitelist of Enterprise Applications

    Please provide facility to whitelist which 3rd party applications are 'approved'.

    Ideally this would be more than just single 'bit' of information, and allow multiple lists - for example, a whitelist for 'regular company business' and another for TOPSECRET, to be integrated with other parts of the azure framework, such as being used in Conditional Access Policy and the EMS E5 features.

    Currently OAuth consent by any user will automatically register an application and this cannot be disabled. Blacklist is possible, but whitelist is not without completely removing ability for users to manage their own consent, which is undesirable from…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Better governance for SaaS apps (App Registration description)

    Azure App Registration needs some kind of better governance. The amount of applications is exploding within companies with all kind of apps all ranging from breakfast to compliance applications. Microsoft needs to add some some extra property fields that can be used for description of the application purpose, but also a field that can be used for service management. I do not think that a Azure Tag would be sufficient. It must be some kind of value that can be set on the application.

    Reference:
    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/13102086-azure-ad-applications-needs

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  3. Rename Azure AD Application "Office 365 Exchange Online" to "Outlook"

    Users with Office 365 license when accessing myapps.microsoft.com do not understand that in order to open "Outlook Web App" they should use "Office 365 Exchange Online" icon. Please rename Azure AD Application "Office 365 Exchange Online" to "Outlook" or "Outlook Web App".

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Be able to provide credentials when assigning an Enterprise Application through PowerShell

    We are on-boarding hundreds of SaaS applications in to Enterprise Apps across a number of customers.

    When we assign these Enterprise Apps to users/groups we populate the credentials so they don't need to ever know them.

    Currently this is having to be done manually in the portal (which is really really time consuming) but we need it to be available as an option/action through PowerShell.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support claims transformation on user.assignedroles

    I can't apply a claim transformation method to the source attribute user.assignedroles or any multi value.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support inbound provisioning from TalentSoft to Azure AD

    Similar to Workday, add support for inbound provisioning from https://www.talentsoft.com/ to Azure AD.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. SelectUniqueValue function should check AD Global Catalog for uniquenesss

    When configuring Workday to Active Directory User Provisioning integration with multiple child domains, it will be beneficial if the SelectUniqueValue function checks for uniqueness of samAccountName and userPrincipalName across the forest by querying the global catalog.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. Adding the managedBy attribute to the ServiceNow API for Group Provisioning

    Would it be possible to add a mapping for the Active Directory Group attribute managedBy and map it to the ServiceNow attribute Manager? I have been in contact with Premier Support under case # [REG:216032413880333001] SaaS group provisioning manager attribute missing regarding this request.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  2 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add more attributes for Workday writeback

    Provisioning from Workday to AD has almost every attribute of an AD user available to be used. But when doing writeback from AD to Workday, email address is the only value available that anyone would use. We would like to write back office phone and fax number because those are systems falling within IT jurisdiction and it makes more sense to have AD as the source of truth. Otherwise, IT has to email HR and have them make the change.

    Also, Workday provisioning doesn't set the "user must change password at next logon" even though it sets a random password…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Keep SSO user Signed in into JIRA

    When a user closes the web browser after signing in thru the Azure AD SSO plug-in for JIRA, the user is shown the JIRA login-screen again, however he is still logged in to Azure AD/Office 365. This requires the user click the Azure AD sign in button again. The user is then signed in into JIRA instantly.
    Is it possible to keep the user logged in into JIRA after closing the browser window, as he keeps logged in state in AzureAD

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. Conditional SAML Token Attributes

    We need the ability to optional pass SAML token attributes based on a predefined condition. In our scenario we'd like to pass a join attribute only if both strings aren't empty.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Application Roles UI

    Support the assignment of multiple application roles to users via the new portal. In the classic portal you can only assign a single application role to a user (and have to use the API to assign more).

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  13. Force Azure AD to verify the signature in the SAML request

    Enable optional SAML request signature when federating with a SAML 2.0 IDP

    SAML Authn request from AAD to a third party SAML 2.0 IDP are not signed. This leaves the third party IDP open to DoS attacks on their credential repository.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support different Workday datacenters in federation

    Hello everyone, right now the Workday federation only works if your Workday solution is hosted out of their west coast data center. As a European company our data will never be there, can we push to get federations to the other data centers, especially Dublin, please?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. We would like to have an advanced claim transformation process to simply the configuration of AWS app integrations

    For the integration of AWS with AzureSSO we need to send via the claim "https://aws.amazon.com/SAML/Attributes/Role" the aws account and role information, which will be used for authentication on AWS side. For our scenario, we create for each users an own role in AWS and want to generate the role claim based on the user mail address.

    The transformation of the claim should work like:
    1.) Extract the mail prefix from the user with ExtractMailPrefix()
    2.) Execute on the value from 1.) a tolowercase()
    3.) Use the value from 2.) in a Replace transformation

    The result should look like…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. Password based SSO - support multiple app profiles per user

    The Password based SSO solution does not allow for multiple app profiles.
    Eg use case:
    Digital Marketing team supports multiple brands, and requires access to multiple accounts within the same social platform, like facebook.com.

    A single user or group can be assigned multiple Password based SSO Apps.
    User installs PlugIn in Chrome or IE or FireFox.
    User navigates to facebook.com url and there is no auto sign in. - ok
    User goes to MyApps portal and clicks Brand A Facebook app. - User is signed in.
    User does what they need to do and then change accounts.
    They click to…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  17. Service Principals is so broken from a UI standpoint. Needs to be redone.

    Here is a link to the official documentation, notice how it is like 200 steps:

    https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal

    This is HORRIBLE guys. On Amazon, to grant API access to something it is one click - Generate API Key.

    I wasted 20 minutes trying to follow above steps. Guess what - at the end, it still doesn't work. Awesome! Now I get to debug your broken system for you instead of being productive.

    Can you please either:

    - Get rid of Service Principals (please shoot it), and just add a Generate API key command to replace it.
    - Add Generate API Key as…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provisioning connector to Dashlane

    Dashlane is a cloud based password management solution that supports SAML 2.0 https://support.dashlane.com/hc/en-us/articles/212111089. Would it possible to it to the App Gallery?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. AzureAD custom developed apps appRoles management UI

    Currently AzureAD appRole claims for custom developed apps are managed differently withing portal UI.

    For appRoles decalared as "user" on a custom developed app are manged through User/Group while appRoles declared as "Application" are managed through configuratin/Permissions.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. SCIM for zoom

    Without provisioning, I was able to map my new "JIT" provisioned Zoom users to type=pro in the SSO config.
    Now with SCIM, everyone is set to Basic by default and I don't see anywhere to change that. How can I set users to pro by default or based on the azure app assignment (where I can set it).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base