Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD SSO with SAML2.0 should support the Relay State parameter

    SP-initiated SSO is working fine, but we're interested in doing IDP-initiated SSO with a RelayState. Our goal is to provide a seamless SSO experience for the user so that they can SSO from our application directly into an Azure component (Azure Synapse, Azure Data Factory, etc.) without having to first enter their UPN on the Azure AD login page. This feature is supported in AD, but not Azure AD.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. idp initiated

    IDP-Initiated SAML authentication is described in article: https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers#enable-identity-provider-initiated-flow-optional When this article is followed to the letter, we receive error that <Item Key="IdpInitiatedProfileEnabled">true</Item> is not set to true. After escalation to support team, said the feature is unsupported. This is a conflicting message. Please support IDP initiated SAML authentication as advertised.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Group Claim Adjustment

    adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  5. Date dependent Company Branding Theme

    What I am thinking is date dependent Company Branding. During summer, a summer theme. When we welcome new students, a theme that reflects this. During winter, the Northen light, snow...

    Others can use this during events, changes in the company profile, etc. Or simply, you just want to change the background picture on a regular basis. I think there is a lot of use cases.

    One profile can be marked as default, while others runs from a specific date and ends at a specific date.

    Just for the example: 01. september 2021 to 30. september 2021 - Students welcome theme.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. by making it register the ip adress ******** it

    aucun service ne demande en répétition une validation d'identité. Je clear mes cookie à chaque fois que je ferme mon internet. Si vous vous fiez sur les cookie ce n'Est pas une bonne façon. C'est l'Adresse ip et autre numéro permanent qui doivent être utilisé. je parle de la validation par téléphone.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  8. An ideal solution for Office 365 Mailbox Migration

    Many organizations around the world are getting benefited from Microsoft Office 365 services. This cloud-based email solution has enabled businesses with the utmost productivity. Often the need arises for Office 365 to Office 365 migration. For this, essential Office 365 mailbox / documents need to be migrated. As Office 365 related processes are complex, most users do not know how to migrate mailbox from one Office 365 account to another one. This issue will be resolved now with EdbMails Office 365 mailboxes migration.

    EdbMails Office 365 Migration has the ability to migrate emails, calendars, contacts, and tasks of one Office…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  9. Group Claim Adjustment

    adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  10. Group Claim Adjustment

    adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  11. Avoid Sign-in prompt on iOS by adding Redirect URI scheme for Apple device in Safe List

    When adding a new Microsoft Exchange account under Settings / Password & Accounts on an Apple iOS device to access O365, after authentication a consent page is displayed (see screenshot). This page is not clear to users, and we have seen cases where the device would be stuck on it (Continue or Cancel wouldn’t work)
    Looking at AAD logs and after opening a case, we found out that this page is displayed because the redirect URI that the iOS device sends back to AAD is not in the “Safe List” (http://, https://, msauth:// (iOS only), msauthv2:// (iOS only)…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  12. ******** WITH YOUR DUMB **** AUTHENTICATIONS!

    its a pain in the , and as a grown adult I should be able to allow to steal my identity if I want.
    Its a
    of a thing for me to have to double sign in literally every time I want to access something!?
    I despise that other
    are too stupid to realise how easy it is to NOT use microsoft products, would be a great world if you lot just upped and died.
    Edit Even that
    ? dead if you * put half your brain power into making the world a better place instead of putting more **…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow seamless SSO with non-routable domains

    Currently, if you have a domain with a non-routable domain name (i.e. "company.local"), and use an alternate UPN, support for seamless SSO is limited.

    It works in web browsers if you pass a domain hint, but it doesn't in native applications such as Excel or Teams. This leads to limited user experience if they keep having to manually log on to their applications.

    Some companies are not able to change their on-premise domain name due to dependancies from other applications.

    If this feature could be modified so that seamless SSO fully works with non-routable domain names, user experience would be…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add support for SAMLP extensions in logout requests in ADFS and AAD

    At the current time, logout requests from a relying party that supports the <samlp:Extensions> element in logout requests cause a failure in ADFS and sign-out is not achieved. I do not know if other requests or responses in the SAML protocol are affected.

    At very least, the server should be able to ignore SAML protocol extensions that it does not support. More ideal would be to also have a supported mechanism for extending the functionality of the IdP for extensions not supported out of the box.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  15. OpenID Connect should always return email claim if requested

    The OpenID Connect implementation of Azure AD is not compliant with the spec and should be fixed. If the RP requests the email or profile scopes and the user gives permission, the id token must include an email claim.

    It appears that for some users, even if you add the optional claims for email, you do not get an email claim back. This is unacceptable. There is only one email address that any OIDC login would expect to get back and that is the email address they have just used to login, since that is the authenticated identity.

    The fact…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable Azure AD Password Protection in Azure Government

    This is a feature available in Azure public, please add this feature to Azure Gov. With this enabled, we have much more flexibility in terms of make passwords maintenance easier for our users.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. Since yesterday, I didn't receive the code Microsoft on my phone 37321973

    Since yesterday, I didn't receive the code Microsoft on my phone 37321973

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  18. I can't login to Agresso if can someone help me please

    could anyone, please help to connect to Agresso. I can't get access. ASAP

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Validate signed SAML AuthnRequest

    Azure AD does not validate signed SAML authentication requests if a signature is present. Requestor verification is provided for by only responding to registered Assertion Consumer Service URLs.

    Is this secure? The auth response is sent back via the user's browser (presumably using a redirect?) - if this is correct then is it not possible for a compromised user agent (browser) to modify the redirect to point to another SP url?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make refreshing SSO sessions an option

    Currently, an SSO session has a fixed lifetime as configured by the SsoLifetime parameter, i.e., a user logs in, and once [SsoLifetime] minutes have passed, their SSO session ends, even if they were still active until minutes before.
    This is because a new SSO session is only created when an authentciation is performed, but as long as an SSO session is active, (of course) no authentication is performed.

    There are use cases, however, where we want the user to be able to extend their SSO session whenever they are active, provided that their current SSO session is still valid.

    It…

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 25 26
  • Don't see your idea?

Feedback and Knowledge Base