Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow adding a suffix to the end of the email in the name identifier(nameID)

    Allow to add a suffix to the end of the email and send it as the name ID. For example:
     

    user@domain.com is the email, that is being sent as the nameID, but we need to add a suffix at the end, example "test", so Azure will send user@domain.com.test as the name identifier(nameID)

    We know that this possible with AD FS using replace email suffix with new email suffix and we need to have the same behavior in Azure AD. This is needed because we have multiple ORG at Salesforce and each ORG needs to use a unique email address…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add SCIM to support UserType field in Scoping Filter

    If AAD UserType field was available in SCIM Scoping Filter, it would be easy to filter out all guest users from the scope of synchronization.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    Hi we will review.

    One option to consider is to set the filter to filter out specific domains that guest users are coming from. You could also control who is provisioned based on groups that users are assigned to.

    That being said, the need to scope on user type makes sense.

  3. workday-AAD please add support for sending email notifications after provisioning operations complete

    From the FAQ: "Does the solution support sending email notifications after provisioning operations complete?
    No, sending email notifications after completing provisioning operations is not supported in the current release."
    This would be useful as all of our current processes include emailing a few people per region a user is created in.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Workday to AD multiple domain support: Resolve manager references across domains

    As an AD Admin, when configuring Workday to Active Directory User Provisioning integration we would like the user provisioning service to resolve manager references across domains so that it supports the scenario where a user in one child domain and the user's manager is in another domain.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support Chrome Credentials Passing API for SAML SSO

    Using Azure AD SAML SSO with G Suite, when logging into a Chrome OS device after completing the Azure AD sign in you need to enter your password in to a Chrome dialog. Google has an API available to SAML vendors to bypass this extra step: https://www.chromium.org/administrators/advanced-integration-for-saml-sso-on-chrome-devices

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. Application Registration Portal - error when saving edited manifest with optionalClaims

    On apps.dev.microsoft.com I'm trying to edit a manifest to enable the optional "email" claim. I'm adding a block near the bottom of the manifest, and it looks valid:

    "optionalClaims": {
    "idToken": [
    {
    "name": "verified_primary_email",
    "essential": false
    }
    ]
    }

    Based on this reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims

    but when saving I get:

    The request body contains unexpected characters/content for the specified content type and encoding.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. We have a few non-gallery applications we would like to be added.

    We are a K-12 School District and cannot afford the Premium upgrade. The apps are:
    ez-proxy - https://www.oclc.org/en/ezproxy.html
    Frontlineeducation.com (Absense Management and Professional Growth)
    GoGuardian
    Schoolwires (part of Blackboard.com)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure AD->EnterpriseApp->All App->New App button is disabled

    Azure AD->EnterpriseApp->All App->New App button is disabled for normal user, it should give a warning that this feature is not available for a normal user or "You need to have Admin " permissions to enable this feature.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  9. Filter Source Object Scope when Provisioning Enterprise Application

    Is there the ability to reduce the scope of user objects provisioned to an enterprise application? We only want to provision a few accounts to test connectivity and in future do not want to synchronise our entire Azure AD to the application (See attached greyed out 'Source Object Scope')

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Amend the userprincipalname within a SAML Token Attribute

    A really useful feature would be to allow us to amend the userprincipalname (email address) before passing it (to an SaaS Application such as salesforce) as part of a SAML Token Attribute using the Single sign on connector with Azure AD.

    We currently have two instances of SalesForce/RemedyForce and we need our users to have logins into both but the logins need to be unique so I want to add .ds to the end of the userprincipalname in one of the instances but still allow them to use single sign on.

    I have been informed that it is not possible…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. Possibility to map custom fields from ServiceNow

    We had some custom field on serviceNow user table, and we don't be able to map these fields in Add attribute mapping in AAD (see attached file)

    It is the normal behavior (FYI we use ServiceNow Helinski release)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow variable attributes for password SSO

    We currently use Onelogin which allows us to use variables from user profiles. We want to use Azure AD password SSO to push custom variables to the form such as the user's first name, last name, email, etc...

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  14. Auto configure single sign-on to Google Apps set wrong signout URL

    Currently, auto configure set same URL to sign in and sign out in Google Apps config.
    but, correct sign out URL is https://login.windows.net/common/wsfederation?wa=wsignout1.0

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. Cannot Change back SCIM from Automatic to Manual.

    I am implementing SCIM and I setup Provisioning to Auto. I want now to move back to Manual, but the item is grey-out, so it's stuck in Automatic.
    How I can change it? Delete the whole application?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. ADD Documentation for Percipio ( skillsoft product )

    Percipio ( Skillsoft's SaaS Application ) SAML APP documentation is needed

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  17. BSD

    SE:

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow to define delegation authorization rules.

    [ADFS to Azure AD App migration]

    The application has custom delegation authorization rules defined. Azure AD doesn’t support this today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow to source user attributes from external directories (different than Active Directory) to be emitted in the SAML token

    The relying party is configured to source claims from another claim provider different than Active Directory. We need to be able to do this in Azure AD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow in Azure AD to specify certain authentication types

    [ADFS to Azure AD App migration]

    This is a setting in AD FS that let you specify whether the application is configured to only allow certain authentication types. Azure AD doesn’t support this today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base