Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make Azure Ad Application 'permissions to other applications' optional not mandatory

    From what I understand, adding permissions in the 'permissions to other applications' section of an Azure AD Application means that any tenant administrator trying to grant access to that application using the Admin consent flow must have all the services requested. E.g. if requesting Office 365 'Read users email' permission and CRM Online 'Access CRM Online as organization users' permission the requesting tenant must have both of those Microsoft Services linked to their Azure AD.

    If you don't have access to all requested services you receive the following error:

    'AADSTS65005: The application needs access to a service that your organization…

    18 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
    • Add support for webhooks when users are invited, added, removed from Azure AD + Azure AD B2B Collaboration

      Currently it is not possible to receive a notification from Azure AD when a user has been invited (through B2B Collaboration) or added directly through Graph API or the portal.

      9 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
      • Need email alert option when keys are about to expire

        Need email alert option when keys are about to expire

        7 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
        • ADAL google polymer element

          google polymer project is getting real momentum for developing webapps. It would be great if we have ADAL polymer element integration.
          https://www.polymer-project.org/1.0/

          4 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
          • Add CORS support for discovery and JSON Web Key Set endpoints

            Adding CORS support to the following endpoints would allow them to be downloaded via a JavaScript application:
            - https://login.microsoftonline.com/<tenantid>/v2.0/.well-known/openid-configuration
            - https://login.microsoftonline.com/<tenantid>/discovery/v2.0/keys

            The signatures for these endpoints could then be used to verify JWT's directly within the JavaScript.

            4 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
            • Add ability to limit a multi-tenant application to a list of specific tenant's

              A parent company has multiple subsidiaries each having a separate tenant. A multi-tenant application written in house for the group can be used by each subsidiary but is not limited to only those tenants. I request that an element be added to the app manifest that would contain a list of tenants that could use/register the application.

              3 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
              • navigating azure AD V1 and V2 is a nightmare

                just spent a couple of days getting an app to authenticate against multiple-tenants.

                And now the graph api can't use my app registrations from Azure AD, and there gotcha's EVERYWHERE on V2.
                WOW

                3 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                • Where is application registered in Azure Active Directory?

                  I registered a new application in https://apps.dev.microsoft.com and afterwards it says "This application will be registered in the Azure Active Directory instance used to manage your xxxx@yyyy.zzz account." I can't see it anywhere.

                  How about providing a link to it instead of hiding it away where I can't find it, that is if it is even actually visible.

                  3 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →

                    Hi Alan,

                    Thanks for the feedback! You should be able to see all the applications you’ve registered at: apps.dev.microsoft.com/#/appList (sign in with the account that was used to create the apps). If that’s not the case, please let us know.

                    Thank you.
                    /Lesia

                  • 2 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                    • Common OpenID Connect discovery endpoint should not contain invalid URL

                      The OIDC discovery endpoint for the common tenant ( https://login.microsoftonline.com/common/.well-known/openid-configuration ) has an invalid URL as the issuer attribute. The issuer must a valid URL, but it contains curly brances: 'https://sts.windows.net/{tenantid}/'. This can cause problems in libraries such as Nimbus OAuth 2.0 SDK, which parse and validate this attribute. The braces should either be URL-encoded or a different placeholder should be chosen.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                      • Cannot save web platform added to app in Application Registration Portal

                        Whether I create an app on
                        https://identity.microsoft.com/portal/register-app
                        or edit an existing app on
                        https://identity.microsoft.com/#/appList
                        I cannot add a web platform. The Save button on the registration page is always disabled. Only the Discard Changes button works.

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          4 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                        • 2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                          • contribute to adal-ts

                            Dear,

                            I like everything azure and angular 2...

                            I'm the developer of adal-ts. The goal of adal-ts is to enable typescript developers, to write apps that allow their end-user to authenticate against azure active directory.

                            It is a npm module that developer can install, and integrate into angular2 application.

                            It has currently a code-coverage of 80+ percent. But their is still a lot of work to do. If you know someone who is willing to help me out?
                            How can we make it feature rich? (internal logging, automatic token refresh, support poup, etc...) Who can aid in developer manpower?

                            thx…

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                            • IOS using safari/chrome/Firefox not able to get ADAL callback function after login

                              I followed the document at https://identity.microsoft.com/Docs/Web for oauth and integrated in my web app. The login works fine from android devices as when clicked on the login button it opens a new page for taking office365 login details. Once done this page closes on it's own and the first page office365 callback function is called which we use to send id_token and other details of the user from this page to our web server. On IOS devices (MAC Book pro/IPAD) the second page gets the comes back to given redirect URI with the id token but the registered callback function…

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                              • Document now to configure Azure AD to be a SAML 2.0 identity provider for a SAML 2.0 service provider, for SSO against Office365 credentials

                                I found https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps but the Azure AD admin interface I get via my Office365 admin isn't consistent with the documentation and I can't find the documented interface. Elsewhere, I find documentation that says this can be done (e.g. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added) but no instructions for how to configure the integration.

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                • Restructure the Azure Active Directory product tiers to enable common App Dev Features

                                  Currently Azure AD comes in three pricing Tiers with a heavy focus on Office 365 interoperability.

                                  Azure Web Applications - particularly ones built using Cloud Services have no need of most of these features but do have need for
                                  ==> Authentication and Identity management
                                  ==> Brand Management
                                  ==> LDAP /Oauth 2.0 Federation

                                  Self-service password reset is also a Nice to have feature.

                                  Yet for a startup developer or someone building their first app on AzureAD, it makes no sense whatsoever to upgrade to either Basic or Premium since that involves signing an Enterprise Agreement, which often is not viable at…

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                  • I cannot see my app after registering in apps.dev.microsoft.com, but I see it in the Azure AD Portal

                                    Unable to get app to show up on apps.dev.microsoft.com/#appList after trying to 'Add' Azure AD Only application. My registrations show up in the Azure AD portal.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Hey suckers, the create app form on Application Registration Portal cannot be saved! It is embarrassing!

                                      Hey suckers, the create app form on Application Registration Portal cannot be saved! It is embarrassing!

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                      • AppModelV2: support additional 'scope' values when using OpenId connect

                                        It looks like the current V2 implementation doesn't allow requesting OpenId scope values beyond "openid". At least with the ASP.Net MVC sample, if I modify the Owin Auth setup code to request additional values (e.g. "openid profile email"), an error is returned.

                                        Please consider supporting other values such as 'profile', 'email', 'address', 'phone' etc. (https://openid.net/specs/openid-connect-basic-1_0.html#Scopes) to request additional claims from the user.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                        • I CANNOT FIGURE OUT HOW TO USE YOUR AUTHENTICATOR FOR ONENOTE!!!

                                          Your Authenticator for OneNote has me totally confused! I'm trying to login via my iPhone and I can't tell WTF you want me to do... Please stop being the obtuse Microsoft of the 1990s and early 2000s and be the better Microsoft of recent years. Make this EASY. Please let me use the Authy APP, or another SIMPLE iPhone App.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base