Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Where is application registered in Azure Active Directory?

    I registered a new application in https://apps.dev.microsoft.com and afterwards it says "This application will be registered in the Azure Active Directory instance used to manage your xxxx@yyyy.zzz account." I can't see it anywhere.

    How about providing a link to it instead of hiding it away where I can't find it, that is if it is even actually visible.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Alan, if I understand correctly, you are saying you cannot see the converged apps you registered on apps.dev.microsoft.com in the Azure Portal. Converged apps cannot currently be managed in the Azure Portal, even though they are registered in the Azure AD tenant listed in the message. If you would like to manage converged apps in the Azure Portal, please post that as an idea/suggestion or vote for it once the post exists.

  2. Login with live not working showing error

    This item might not exist or is no longer available. After clicking login with live . what needs to be done using hybridauth.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. I CANNOT FIGURE OUT HOW TO USE YOUR AUTHENTICATOR FOR ONENOTE!!!

    Your Authenticator for OneNote has me totally confused! I'm trying to login via my iPhone and I can't tell WTF you want me to do... Please stop being the obtuse Microsoft of the 1990s and early 2000s and be the better Microsoft of recent years. Make this EASY. Please let me use the Authy APP, or another SIMPLE iPhone App.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  4. IOS using safari/chrome/Firefox not able to get ADAL callback function after login

    I followed the document at https://identity.microsoft.com/Docs/Web for oauth and integrated in my web app. The login works fine from android devices as when clicked on the login button it opens a new page for taking office365 login details. Once done this page closes on it's own and the first page office365 callback function is called which we use to send id_token and other details of the user from this page to our web server. On IOS devices (MAC Book pro/IPAD) the second page gets the comes back to given redirect URI with the id token but the registered callback function…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. navigating azure AD V1 and V2 is a nightmare

    just spent a couple of days getting an app to authenticate against multiple-tenants.

    And now the graph api can't use my app registrations from Azure AD, and there gotcha's EVERYWHERE on V2.
    WOW

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. Document now to configure Azure AD to be a SAML 2.0 identity provider for a SAML 2.0 service provider, for SSO against Office365 credentials

    I found https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps but the Azure AD admin interface I get via my Office365 admin isn't consistent with the documentation and I can't find the documented interface. Elsewhere, I find documentation that says this can be done (e.g. https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-how-applications-are-added) but no instructions for how to configure the integration.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. 7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. contribute to adal-ts

    Dear,

    I like everything azure and angular 2...

    I'm the developer of adal-ts. The goal of adal-ts is to enable typescript developers, to write apps that allow their end-user to authenticate against azure active directory.

    It is a npm module that developer can install, and integrate into angular2 application.

    It has currently a code-coverage of 80+ percent. But their is still a lot of work to do. If you know someone who is willing to help me out?
    How can we make it feature rich? (internal logging, automatic token refresh, support poup, etc...) Who can aid in developer manpower?

    thx…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add support for webhooks when users are invited, added, removed from Azure AD + Azure AD B2B Collaboration

    Currently it is not possible to receive a notification from Azure AD when a user has been invited (through B2B Collaboration) or added directly through Graph API or the portal.

    65 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  10. EndPointv2: List of Native Apps in the new apps.dev.microsoft.com portal

    At the moment when creating a new V2 app in https://apps.dev.microsoft.com/ the list of previous apps is restricted to the current user account only.

    There is currently no way in the new portal to see all Native apps if someone else (other developers) in the company created such an app as well.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  11. ADAL google polymer element

    google polymer project is getting real momentum for developing webapps. It would be great if we have ADAL polymer element integration.
    https://www.polymer-project.org/1.0/

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add CORS support for discovery and JSON Web Key Set endpoints

    Adding CORS support to the following endpoints would allow them to be downloaded via a JavaScript application:
    - https://login.microsoftonline.com/<tenantid>/v2.0/.well-known/openid-configuration
    - https://login.microsoftonline.com/<tenantid>/discovery/v2.0/keys

    The signatures for these endpoints could then be used to verify JWT's directly within the JavaScript.

    49 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add ability to limit a multi-tenant application to a list of specific tenant's

    A parent company has multiple subsidiaries each having a separate tenant. A multi-tenant application written in house for the group can be used by each subsidiary but is not limited to only those tenants. I request that an element be added to the app manifest that would contain a list of tenants that could use/register the application.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  14. Restructure the Azure Active Directory product tiers to enable common App Dev Features

    Currently Azure AD comes in three pricing Tiers with a heavy focus on Office 365 interoperability.

    Azure Web Applications - particularly ones built using Cloud Services have no need of most of these features but do have need for
    ==> Authentication and Identity management
    ==> Brand Management
    ==> LDAP /Oauth 2.0 Federation

    Self-service password reset is also a Nice to have feature.

    Yet for a startup developer or someone building their first app on AzureAD, it makes no sense whatsoever to upgrade to either Basic or Premium since that involves signing an Enterprise Agreement, which often is not viable at…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  15. MSMQ is still not available in Azure Active Directory services

    MSMQ is still not available in Azure Active Directory services for cload only organisations.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  16. Common OpenID Connect discovery endpoint should not contain invalid URL

    The OIDC discovery endpoint for the common tenant ( https://login.microsoftonline.com/common/.well-known/openid-configuration ) has an invalid URL as the issuer attribute. The issuer must a valid URL, but it contains curly brances: 'https://sts.windows.net/{tenantid}/'. This can cause problems in libraries such as Nimbus OAuth 2.0 SDK, which parse and validate this attribute. The braces should either be URL-encoded or a different placeholder should be chosen.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  17. AppModelV2: support additional 'scope' values when using OpenId connect

    It looks like the current V2 implementation doesn't allow requesting OpenId scope values beyond "openid". At least with the ASP.Net MVC sample, if I modify the Owin Auth setup code to request additional values (e.g. "openid profile email"), an error is returned.

    Please consider supporting other values such as 'profile', 'email', 'address', 'phone' etc. (https://openid.net/specs/openid-connect-basic-1_0.html#Scopes) to request additional claims from the user.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  18. Need email alert option when keys are about to expire

    Need email alert option when keys are about to expire

    238 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    34 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  19. Make Azure Ad Application 'permissions to other applications' optional not mandatory

    From what I understand, adding permissions in the 'permissions to other applications' section of an Azure AD Application means that any tenant administrator trying to grant access to that application using the Admin consent flow must have all the services requested. E.g. if requesting Office 365 'Read users email' permission and CRM Online 'Access CRM Online as organization users' permission the requesting tenant must have both of those Microsoft Services linked to their Azure AD.

    If you don't have access to all requested services you receive the following error:

    'AADSTS65005: The application needs access to a service that your organization…

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →

    The v2 endpoint for Azure AD supports incremental/dynamic consent, by which an app requests the permissions it needs at run time, dynamically. This will allow your app to get tokens for basic scenarios first (e.g. sign in and get profile) and only get tokens for other, optional, scenarios (e.g. read and send mail as the user) later.

    Be sure to review the current limitations on which services the v2 endpoint will grant tokens for, as this does work for all scenarios or all Microsoft services yet: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations#restrictions-on-services-and-apis

  20. AD Groups in Application Owners

    Would be great to be able to add groups to application owners in AD instead of only users. Scenario is to use on-prem AD synced with Azure to keep management of application roles/groups/etc on-prem for cloud hosted solutions.

    Thanks!

    145 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  13 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
1 2 3 5 Next →
  • Don't see your idea?

Feedback and Knowledge Base