Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make Azure Ad Application 'permissions to other applications' optional not mandatory

    From what I understand, adding permissions in the 'permissions to other applications' section of an Azure AD Application means that any tenant administrator trying to grant access to that application using the Admin consent flow must have all the services requested. E.g. if requesting Office 365 'Read users email' permission and CRM Online 'Access CRM Online as organization users' permission the requesting tenant must have both of those Microsoft Services linked to their Azure AD.

    If you don't have access to all requested services you receive the following error:

    'AADSTS65005: The application needs access to a service that your organization…

    14 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
    • Add support for webhooks when users are invited, added, removed from Azure AD + Azure AD B2B Collaboration

      Currently it is not possible to receive a notification from Azure AD when a user has been invited (through B2B Collaboration) or added directly through Graph API or the portal.

      5 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
      • Not able to upload manifest

        While uploading manifest file for an application, throwing below error.

        You have selected application permissions or delegated permissions with global scope that you are not authorized to configure in this directory.

        5 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
        • ADAL google polymer element

          google polymer project is getting real momentum for developing webapps. It would be great if we have ADAL polymer element integration.
          https://www.polymer-project.org/1.0/

          3 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
          • Add ability to limit a multi-tenant application to a list of specific tenant's

            A parent company has multiple subsidiaries each having a separate tenant. A multi-tenant application written in house for the group can be used by each subsidiary but is not limited to only those tenants. I request that an element be added to the app manifest that would contain a list of tenants that could use/register the application.

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
            • Add CORS support for discovery and JSON Web Key Set endpoints

              Adding CORS support to the following endpoints would allow them to be downloaded via a JavaScript application:
              - https://login.microsoftonline.com/<tenantid>/v2.0/.well-known/openid-configuration
              - https://login.microsoftonline.com/<tenantid>/discovery/v2.0/keys

              The signatures for these endpoints could then be used to verify JWT's directly within the JavaScript.

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
              • Need email alert option when keys are about to expire

                Need email alert option when keys are about to expire

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                • 1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                  • contribute to adal-ts

                    Dear,

                    I like everything azure and angular 2...

                    I'm the developer of adal-ts. The goal of adal-ts is to enable typescript developers, to write apps that allow their end-user to authenticate against azure active directory.

                    It is a npm module that developer can install, and integrate into angular2 application.

                    It has currently a code-coverage of 80+ percent. But their is still a lot of work to do. If you know someone who is willing to help me out?
                    How can we make it feature rich? (internal logging, automatic token refresh, support poup, etc...) Who can aid in developer manpower?

                    thx…

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                    • Document now to configure Azure AD to be a SAML 2.0 identity provider for a SAML 2.0 service provider, for SSO against Office365 credentials

                      I found https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps but the Azure AD admin interface I get via my Office365 admin isn't consistent with the documentation and I can't find the documented interface. Elsewhere, I find documentation that says this can be done (e.g. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added) but no instructions for how to configure the integration.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                      • Restructure the Azure Active Directory product tiers to enable common App Dev Features

                        Currently Azure AD comes in three pricing Tiers with a heavy focus on Office 365 interoperability.

                        Azure Web Applications - particularly ones built using Cloud Services have no need of most of these features but do have need for
                        ==> Authentication and Identity management
                        ==> Brand Management
                        ==> LDAP /Oauth 2.0 Federation

                        Self-service password reset is also a Nice to have feature.

                        Yet for a startup developer or someone building their first app on AzureAD, it makes no sense whatsoever to upgrade to either Basic or Premium since that involves signing an Enterprise Agreement, which often is not viable at…

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                        • Common OpenID Connect discovery endpoint should not contain invalid URL

                          The OIDC discovery endpoint for the common tenant ( https://login.microsoftonline.com/common/.well-known/openid-configuration ) has an invalid URL as the issuer attribute. The issuer must a valid URL, but it contains curly brances: 'https://sts.windows.net/{tenantid}/'. This can cause problems in libraries such as Nimbus OAuth 2.0 SDK, which parse and validate this attribute. The braces should either be URL-encoded or a different placeholder should be chosen.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                          • AppModelV2: support additional 'scope' values when using OpenId connect

                            It looks like the current V2 implementation doesn't allow requesting OpenId scope values beyond "openid". At least with the ASP.Net MVC sample, if I modify the Owin Auth setup code to request additional values (e.g. "openid profile email"), an error is returned.

                            Please consider supporting other values such as 'profile', 'email', 'address', 'phone' etc. (https://openid.net/specs/openid-connect-basic-1_0.html#Scopes) to request additional claims from the user.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                            • Don't see your idea?

                            Feedback and Knowledge Base