Azure Active Directory

Welcome to the Azure Active Directory Forum.

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make Azure Ad Application 'permissions to other applications' optional not mandatory

    From what I understand, adding permissions in the 'permissions to other applications' section of an Azure AD Application means that any tenant administrator trying to grant access to that application using the Admin consent flow must have all the services requested. E.g. if requesting Office 365 'Read users email' permission and CRM Online 'Access CRM Online as organization users' permission the requesting tenant must have both of those Microsoft Services linked to their Azure AD.

    If you don't have access to all requested services you receive the following error:

    'AADSTS65005: The application needs access to a service that your organization…

    19 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)

      We’ll send you updates on this idea

      1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →

      The v2 endpoint for Azure AD supports incremental/dynamic consent, by which an app requests the permissions it needs at run time, dynamically. This will allow your app to get tokens for basic scenarios first (e.g. sign in and get profile) and only get tokens for other, optional, scenarios (e.g. read and send mail as the user) later.

      Be sure to review the current limitations on which services the v2 endpoint will grant tokens for, as this does work for all scenarios or all Microsoft services yet: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations#restrictions-on-services-and-apis

    • Add support for webhooks when users are invited, added, removed from Azure AD + Azure AD B2B Collaboration

      Currently it is not possible to receive a notification from Azure AD when a user has been invited (through B2B Collaboration) or added directly through Graph API or the portal.

      14 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)

        We’ll send you updates on this idea

        1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
      • Need email alert option when keys are about to expire

        Need email alert option when keys are about to expire

        10 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)

          We’ll send you updates on this idea

          2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
        • Add CORS support for discovery and JSON Web Key Set endpoints

          Adding CORS support to the following endpoints would allow them to be downloaded via a JavaScript application:
          - https://login.microsoftonline.com/<tenantid>/v2.0/.well-known/openid-configuration
          - https://login.microsoftonline.com/<tenantid>/discovery/v2.0/keys

          The signatures for these endpoints could then be used to verify JWT's directly within the JavaScript.

          6 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
          • Where is application registered in Azure Active Directory?

            I registered a new application in https://apps.dev.microsoft.com and afterwards it says "This application will be registered in the Azure Active Directory instance used to manage your xxxx@yyyy.zzz account." I can't see it anywhere.

            How about providing a link to it instead of hiding it away where I can't find it, that is if it is even actually visible.

            5 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)

              We’ll send you updates on this idea

              3 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →

              Alan, if I understand correctly, you are saying you cannot see the converged apps you registered on apps.dev.microsoft.com in the Azure Portal. Converged apps cannot currently be managed in the Azure Portal, even though they are registered in the Azure AD tenant listed in the message. If you would like to manage converged apps in the Azure Portal, please post that as an idea/suggestion or vote for it once the post exists.

            • ADAL google polymer element

              google polymer project is getting real momentum for developing webapps. It would be great if we have ADAL polymer element integration.
              https://www.polymer-project.org/1.0/

              4 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
              • Add ability to limit a multi-tenant application to a list of specific tenant's

                A parent company has multiple subsidiaries each having a separate tenant. A multi-tenant application written in house for the group can be used by each subsidiary but is not limited to only those tenants. I request that an element be added to the app manifest that would contain a list of tenants that could use/register the application.

                4 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                • navigating azure AD V1 and V2 is a nightmare

                  just spent a couple of days getting an app to authenticate against multiple-tenants.

                  And now the graph api can't use my app registrations from Azure AD, and there gotcha's EVERYWHERE on V2.
                  WOW

                  3 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                  • 2 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                    • Document now to configure Azure AD to be a SAML 2.0 identity provider for a SAML 2.0 service provider, for SSO against Office365 credentials

                      I found https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps but the Azure AD admin interface I get via my Office365 admin isn't consistent with the documentation and I can't find the documented interface. Elsewhere, I find documentation that says this can be done (e.g. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added) but no instructions for how to configure the integration.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                      • Common OpenID Connect discovery endpoint should not contain invalid URL

                        The OIDC discovery endpoint for the common tenant ( https://login.microsoftonline.com/common/.well-known/openid-configuration ) has an invalid URL as the issuer attribute. The issuer must a valid URL, but it contains curly brances: 'https://sts.windows.net/{tenantid}/'. This can cause problems in libraries such as Nimbus OAuth 2.0 SDK, which parse and validate this attribute. The braces should either be URL-encoded or a different placeholder should be chosen.

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add support to list directories that the user is member of

                          As per this thread on Stack Overflow (https://stackoverflow.com/questions/45235572/getting-all-b2b-directories-user-is-member-of/) it would be great to be able to list all directories the account is member of along with the directory name and possibly the primary domain. It would greatly make the B2B support in multitenant apps easier than it is right now.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                          • Cannot save web platform added to app in Application Registration Portal

                            Whether I create an app on
                            https://identity.microsoft.com/portal/register-app
                            or edit an existing app on
                            https://identity.microsoft.com/#/appList
                            I cannot add a web platform. The Save button on the registration page is always disabled. Only the Discard Changes button works.

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              4 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                            • AppModelV2: support additional 'scope' values when using OpenId connect

                              It looks like the current V2 implementation doesn't allow requesting OpenId scope values beyond "openid". At least with the ASP.Net MVC sample, if I modify the Owin Auth setup code to request additional values (e.g. "openid profile email"), an error is returned.

                              Please consider supporting other values such as 'profile', 'email', 'address', 'phone' etc. (https://openid.net/specs/openid-connect-basic-1_0.html#Scopes) to request additional claims from the user.

                              2 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                              • 2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                • contribute to adal-ts

                                  Dear,

                                  I like everything azure and angular 2...

                                  I'm the developer of adal-ts. The goal of adal-ts is to enable typescript developers, to write apps that allow their end-user to authenticate against azure active directory.

                                  It is a npm module that developer can install, and integrate into angular2 application.

                                  It has currently a code-coverage of 80+ percent. But their is still a lot of work to do. If you know someone who is willing to help me out?
                                  How can we make it feature rich? (internal logging, automatic token refresh, support poup, etc...) Who can aid in developer manpower?

                                  thx…

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                  • IOS using safari/chrome/Firefox not able to get ADAL callback function after login

                                    I followed the document at https://identity.microsoft.com/Docs/Web for oauth and integrated in my web app. The login works fine from android devices as when clicked on the login button it opens a new page for taking office365 login details. Once done this page closes on it's own and the first page office365 callback function is called which we use to send id_token and other details of the user from this page to our web server. On IOS devices (MAC Book pro/IPAD) the second page gets the comes back to given redirect URI with the id token but the registered callback function…

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Restructure the Azure Active Directory product tiers to enable common App Dev Features

                                      Currently Azure AD comes in three pricing Tiers with a heavy focus on Office 365 interoperability.

                                      Azure Web Applications - particularly ones built using Cloud Services have no need of most of these features but do have need for
                                      ==> Authentication and Identity management
                                      ==> Brand Management
                                      ==> LDAP /Oauth 2.0 Federation

                                      Self-service password reset is also a Nice to have feature.

                                      Yet for a startup developer or someone building their first app on AzureAD, it makes no sense whatsoever to upgrade to either Basic or Premium since that involves signing an Enterprise Agreement, which often is not viable at…

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                      • I cannot see my app after registering in apps.dev.microsoft.com, but I see it in the Azure AD Portal

                                        Unable to get app to show up on apps.dev.microsoft.com/#appList after trying to 'Add' Azure AD Only application. My registrations show up in the Azure AD portal.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Add Windows Store as a platform to an existing app in Application Registration Portal

                                          Hi,

                                          I had a UWP app working with OneDrive, allowing users to read and write to a file.

                                          Then I accidentally deleted my app from the Application Registration Portal and now any OneDrive related code throws an authentication error.

                                          How can I re-register my app with the Registration Portal to get it working with OneDrive again?

                                          I can add anew app but cant see a way of getting the Windows Store platform back. All my other apps have this platform by default.

                                          I've attached an image illustrating the platform that I want to add.

                                          Thanks for any help anyone can…

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base