Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD SAML SSO to salesforce: Is it possible to use user.onpremisesamaccountname as unique ID?

    I've setup Azure AD SAML SSO to Salesforce using user.mail (unique ID) and it worked. this integration is widely available on youtube.

    However, In client environment, Azure AD is integrated with On-prem AD. and the requirement is to setup SAML SSO to Salesforce using user.onpremisesamaccountname (unique ID). Since there is no documentation for step to step process for this scenario. Please can you suggest if this is similar to this link --> https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/salesforce-tutorial#

    or Is there any extra step need to be done in Azure AD or Salesforce SSO settings?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Need an SSO claims transformation rule to remove leading zeros

    When customizing the claims issued in the SAML token by Azure AD for single sign on, there should be a claims transformation function that allows for removing the leading zeros from an attribute.

    Example: If employeeid is '00002204', then replace with '2204'. If employeeid is '00010346', then replace with '10346', etc.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enerprise Application Restriction

    Restrict third-party application to gain admin level consent and allow third-party app to gain user level consent for a specific set of users/groups without enabling option: 'Let people in your organization decide whether third-party apps can access their Office 365 information'

    For example: If a specific amount of users want to use a third-party application, instead of providing the third-party application admin consent to all users in our tenant, only provide user level consent to the set users/groups. While keeping the option 'Let people in your organization decide whether third-party apps can access their Office 365 information' disabled.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Scope does not show up when setting up Zscaler SCIM, we have to exit current screen and come back for "scope" to appear.

    Scope does not show up when setting up Zscaler SCIM in Enterprise applications, we have to exit current screen and come back for the "scope" setting to appear.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. need list of saas application configured for SAML sso along with their reply url,identifier and signon urls

    How to get list of saas application configured for SAML SSO on Azure AD along with their reply url,identifier and sign on urls.
    Powershell command or any place

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. Remove LinkedIn Integration

    This integration is problematic to say the least.

    a) consent mechanism by-passes the normal 3rd Party AAD user consent security control;
    b) consent UI does not provide full disclosure of what those permission grants mean;
    c) permissions granted to linkedin exposes wildly inappropriate sensitive data and takes consent from a person who does not own that data;
    d) linkedin branding inside the corporate boundary
    e) freely exchanges data between a service designed to protect your information and one that is designed to sell your information
    f) on by default (at least in some tenant types?)

    For those who haven't looked…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. ADD Documentation for Percipio ( skillsoft product )

    Percipio ( Skillsoft's SaaS Application ) SAML APP documentation is needed

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  9. BSD

    SE:

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow to define delegation authorization rules.

    [ADFS to Azure AD App migration]

    The application has custom delegation authorization rules defined. Azure AD doesn’t support this today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow to source user attributes from external directories (different than Active Directory) to be emitted in the SAML token

    The relying party is configured to source claims from another claim provider different than Active Directory. We need to be able to do this in Azure AD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow in Azure AD to specify certain authentication types

    [ADFS to Azure AD App migration]

    This is a setting in AD FS that let you specify whether the application is configured to only allow certain authentication types. Azure AD doesn’t support this today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow multiple WS-Fed assertion endpoints

    [ADFS to Azure AD App migration]

    Azure AD only supports (1) one of these today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  14. How to export NSF file from Lotus Notes?

    Choose a smart tool which can perform the entire process of NSF data exportation from Lotus Notes. eSoftTools NSF to PST converter software is one such organization. The user can see entire database on the screen in a layout which is easily readable. It does not require MS Outlook installation to provide best results. A free demo edition is also offered to all users. This tool works well with all editions of IBM Lotus Notes and MS Windows OS. Each element of the mailbox can be restored without structural changed
    • Simply select .nsf file and then elements which are…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add Support for Replacing the text in attribute

    lets assume that user email is "xyz@abc.com".
    condition:
    if the user email is having @abc.com then replace @abc.com with @pqr.com

    Thanks,
    Sharan

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add support for more Regular Expressions as part of the SAML

    With the claims that are being issued currently it is immposible to accomplish things like stripping leading 0 values from an attribute. As an example if the EmployeeID field holds 001234 then I could use Extract After Matching set to 0 and it would return 1234 as expected, but if that come across the employeeID of 120345 then the result is 345 rather than 120345.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  17. Dynamics System Admin managed by PIM

    Add the System Admin role from Dynamics to be a role that can be managed by PIM.
    Currently the Dynamics 365 Service Admin isn't fit for purpose as you still have to be granted System Admin rights by a GA to properly use the role. Either expand this role so it is automatically a System admin in the Dynamics instances or make the System admin role manageable by PIM

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow encryption of ADFS SAML claims to AAD, using self-owned certificate.

    I would like the SAML claims sent from O365 RP encrypted by a self-owned certificate. The problem I see is that there is no way for AAD to decrypt the claim. Please when can this feature be supported?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. Descriptive error message when reached redirect limit URLs

    The current error message when I exceed more than 20 redirect URLs is misleading and doesn't tell the real problem.

    A message saying "You reached the limit of allowed redirect URLs of 20." would be more informative.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    need-feedback  ·  0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. Multiple accounts on AWS integration with Azure AD

    The article for AWS integration with Azure AD doesn't talk about adding a couple of attribute manually to map the role and provider roles in AWS.

    https://blog.flux7.com/aws-best-practice-azure-ad-saml-authentication-configuration-for-aws-console

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base