Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Find and Replace Claims Transformation Function

    When customizing the claims issued in the SAML token by Azure AD for single sign on, there should be a claims transformation rule that allows for a Find and Replace transformation. For example:

    If 'user.extensionattribute10' contains '@', then replace '@' with 'A'.​

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enerprise Application Restriction

    Restrict third-party application to gain admin level consent and allow third-party app to gain user level consent for a specific set of users/groups without enabling option: 'Let people in your organization decide whether third-party apps can access their Office 365 information'

    For example: If a specific amount of users want to use a third-party application, instead of providing the third-party application admin consent to all users in our tenant, only provide user level consent to the set users/groups. While keeping the option 'Let people in your organization decide whether third-party apps can access their Office 365 information' disabled.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  3. Be able to provide credentials when assigning an Enterprise Application through PowerShell

    We are on-boarding hundreds of SaaS applications in to Enterprise Apps across a number of customers.

    When we assign these Enterprise Apps to users/groups we populate the credentials so they don't need to ever know them.

    Currently this is having to be done manually in the portal (which is really really time consuming) but we need it to be available as an option/action through PowerShell.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Implement "Admin Permit" for Azure AD Apps which then allows users to consent

    As an admin of a tenant where user consent is disabled, we require the ability to permit users to consent to approved applications, without granting a tenant-wide admin consent to those applications.

    Users would see the normal consent page for approved applications and the admin approval workflow for unapproved.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support claims transformation on user.assignedroles

    I can't apply a claim transformation method to the source attribute user.assignedroles or any multi value.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. Scope does not show up when setting up Zscaler SCIM, we have to exit current screen and come back for "scope" to appear.

    Scope does not show up when setting up Zscaler SCIM in Enterprise applications, we have to exit current screen and come back for the "scope" setting to appear.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow group for admin consent requests (Enterprise applications)

    I know admin consent requests are still in preview, but maybe this will help to get a better GA version:

    Currently, if you configure admin consent requests for enterprise apps, you can only add user accounts for review, that have the required role. Only accounts that have a required role assigned are being displayed. This sort of breaks a strategy of zero standing administrative privileges and zero standing access (which MS has successfully deployed themselves) in a customer environment.

    In my view, the best option would be to be able to add a distribution list or group for consent review…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. *Workday to Azure AD UPN attribute our requirement is upn and email should create like this firstnamefirstletterandlastname@domain.com.au

    *Workday to Azure AD UPN attribute

    our requirement is upn and email should create like this firstnamefirstletterandlastname@domain.com.au
    for Example

    Firstname : Sam
    lastname :Dood
    upn should like this sdood@domain.com.au
    With the help of an expression its creating no issue.

    Issue is if we have a duplicate user and if the upn already exist in Azure AD ,based on our expression user is not provisioning .Not sure the expression is correct.
    we need to create upn based on this requirement firstnamefirst2letterandlastname@domain.com.au

    for example Samson Dood
    First Name : Samson
    Last Name :Dood

    UPN should create like this : sadood@domain.com.au

    Please provide…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow User Consent per Scope

    Provide option to allow admins to control which scopes the user can consent to, rather than the blanket disable available currently in "User settings".

    Primarily this would be helpful to allow users to consent to apps that only require access to "Sign in and read user profile" (User.Read) for SSO purposes but not scopes that potentially contain sensitive company data.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. need list of saas application configured for SAML sso along with their reply url,identifier and signon urls

    How to get list of saas application configured for SAML SSO on Azure AD along with their reply url,identifier and sign on urls.
    Powershell command or any place

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Remove LinkedIn Integration

    This integration is problematic to say the least.

    a) consent mechanism by-passes the normal 3rd Party AAD user consent security control;
    b) consent UI does not provide full disclosure of what those permission grants mean;
    c) permissions granted to linkedin exposes wildly inappropriate sensitive data and takes consent from a person who does not own that data;
    d) linkedin branding inside the corporate boundary
    e) freely exchanges data between a service designed to protect your information and one that is designed to sell your information
    f) on by default (at least in some tenant types?)

    For those who haven't looked…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow to define delegation authorization rules.

    [ADFS to Azure AD App migration]

    The application has custom delegation authorization rules defined. Azure AD doesn’t support this today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  14. ADD Documentation for Percipio ( skillsoft product )

    Percipio ( Skillsoft's SaaS Application ) SAML APP documentation is needed

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. How to export NSF file from Lotus Notes?

    Choose a smart tool which can perform the entire process of NSF data exportation from Lotus Notes. eSoftTools NSF to PST converter software is one such organization. The user can see entire database on the screen in a layout which is easily readable. It does not require MS Outlook installation to provide best results. A free demo edition is also offered to all users. This tool works well with all editions of IBM Lotus Notes and MS Windows OS. Each element of the mailbox can be restored without structural changed
    • Simply select .nsf file and then elements which are…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. BSD

    SE:

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add support for Chrome OS

    We need users access Exchange only from Android and iOS. In Conditional Access rule, "Any device" is selected and grant access only if user access from "Approved Client App". But users are able to access email from Outlook in Chrome OS. As per Microsoft, neither conditional access nor Approve app support Chrome OS. So users are able to access emails from Chrome OS.

    Can Chrome OS support be added as part of Conditional Access rule? This is a major security threat for us as we are finance.organization.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Enterprise Applications - Gallery Apps - Deploy Via API or Powershell

    We have hundreds of AWS accounts that need to be federated with our Azure Active Directory. We in turn create an Enterprise Application thru Gallery Apps per AWS account to enable provisioning and sync all roles into Azure. Unfortunately, scaling and automating this is not possible thru Gallery Apps.

    We need a way to deploy Gallery Apps for AWS / SalesForce programmatically.

    Currently, we are configuring these accounts one at a time. We need to be able to automate this process as we cannot onboard AWS accounts into Azure Active Directory.

    31 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. SAML SSO, pass Restricted Claims

    It would be good if you could specify a restricted claim to be passed to the relying party such as isCompliant etc if a user is on a managed device. Clearly these claims should not be modifiable.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow to source user attributes from external directories (different than Active Directory) to be emitted in the SAML token

    The relying party is configured to source claims from another claim provider different than Active Directory. We need to be able to do this in Azure AD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base