Azure Active Directory
Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.
Thank you for joining our community and helping improve Azure AD!
Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account. You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...
-
Azure AD SSO with SAML2.0 should support the Relay State parameter
SP-initiated SSO is working fine, but we're interested in doing IDP-initiated SSO with a RelayState. Our goal is to provide a seamless SSO experience for the user so that they can SSO from our application directly into an Azure component (Azure Synapse, Azure Data Factory, etc.) without having to first enter their UPN on the Azure AD login page. This feature is supported in AD, but not Azure AD.
10 votes -
idp initiated
IDP-Initiated SAML authentication is described in article: https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers#enable-identity-provider-initiated-flow-optional When this article is followed to the letter, we receive error that <Item Key="IdpInitiatedProfileEnabled">true</Item> is not set to true. After escalation to support team, said the feature is unsupported. This is a conflicting message. Please support IDP initiated SAML authentication as advertised.
6 votes -
Group Claim Adjustment
adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "
2 votes -
1 vote
-
Date dependent Company Branding Theme
What I am thinking is date dependent Company Branding. During summer, a summer theme. When we welcome new students, a theme that reflects this. During winter, the Northen light, snow...
Others can use this during events, changes in the company profile, etc. Or simply, you just want to change the background picture on a regular basis. I think there is a lot of use cases.
One profile can be marked as default, while others runs from a specific date and ends at a specific date.
Just for the example: 01. september 2021 to 30. september 2021 - Students welcome theme.
2 votes -
Provide "Sign-Up" User Flow
Related issues have opened and closed and/or been worked-around via custom policies. But in adherence to Microsoft’s own sensible recommendation to stick w/ canned B2C User Flows…
Use Case: SaaS client wants to present end-users w/ a landing page that has 2 discreet panels.
• Panel 1: “New to Our Community? Register for Free!”
• Panel 2: “Already a Member? Sign in Here!”
That requires mutually exclusive end-user journeys. How is the combination of both sign-up and sign-in available out-of-the-box, but not separately? Yes, there are ways to hack this and I’m settling for the least bad one for now.
…
1 vote -
Adjust Azure AD Sign in prompts so it reduces ability for account enumerations
The sign in prompts for Azure AD provide attackers the ability to perform account enumeration. They provide for the enumeration of both username and passwords.
When you enter a bad username you get a response of "The username may be incorrect. Enter a different one or create a new one".
This alerts an attacker that the username was incorrect. If they then put in a valid username, it then prompts for a password.
We are asking for this to be changed to provide a more generic response so that an attacker is not aware if there are entering proper credentials…
1 vote -
by making it register the ip adress ******** it
aucun service ne demande en répétition une validation d'identité. Je clear mes cookie à chaque fois que je ferme mon internet. Si vous vous fiez sur les cookie ce n'Est pas une bonne façon. C'est l'Adresse ip et autre numéro permanent qui doivent être utilisé. je parle de la validation par téléphone.
1 vote -
1 vote
-
An ideal solution for Office 365 Mailbox Migration
Many organizations around the world are getting benefited from Microsoft Office 365 services. This cloud-based email solution has enabled businesses with the utmost productivity. Often the need arises for Office 365 to Office 365 migration. For this, essential Office 365 mailbox / documents need to be migrated. As Office 365 related processes are complex, most users do not know how to migrate mailbox from one Office 365 account to another one. This issue will be resolved now with EdbMails Office 365 mailboxes migration.
EdbMails Office 365 Migration has the ability to migrate emails, calendars, contacts, and tasks of one Office…
1 vote -
Group Claim Adjustment
adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "
1 vote -
Group Claim Adjustment
adjust SSO SAML Application AD claims to allow adding group Claim to send specific AD groups not assigned to application ( EX : we need to send in Group Claim All AD groups started with " vf-organzation name-group "
1 vote -
Avoid Sign-in prompt on iOS by adding Redirect URI scheme for Apple device in Safe List
When adding a new Microsoft Exchange account under Settings / Password & Accounts on an Apple iOS device to access O365, after authentication a consent page is displayed (see screenshot). This page is not clear to users, and we have seen cases where the device would be stuck on it (Continue or Cancel wouldn’t work)
Looking at AAD logs and after opening a case, we found out that this page is displayed because the redirect URI that the iOS device sends back to AAD is not in the “Safe List” (http://, https://, msauth:// (iOS only), msauthv2:// (iOS only)…7 votes -
******** WITH YOUR DUMB **** AUTHENTICATIONS!
its a pain in the , and as a grown adult I should be able to allow to steal my identity if I want.
Its a of a thing for me to have to double sign in literally every time I want to access something!?
I despise that other are too stupid to realise how easy it is to NOT use microsoft products, would be a great world if you lot just upped and died.
Edit Even that ? dead if you * put half your brain power into making the world a better place instead of putting more **…1 vote -
Allow seamless SSO with non-routable domains
Currently, if you have a domain with a non-routable domain name (i.e. "company.local"), and use an alternate UPN, support for seamless SSO is limited.
It works in web browsers if you pass a domain hint, but it doesn't in native applications such as Excel or Teams. This leads to limited user experience if they keep having to manually log on to their applications.
Some companies are not able to change their on-premise domain name due to dependancies from other applications.
If this feature could be modified so that seamless SSO fully works with non-routable domain names, user experience would be…
2 votes -
Authenticator Backup
Authenticator backup should allow cloud backup to work or school accounts and allow recovery across devices.
Presently, I cannot recover my work codes, via my personal account on an iOS device because the backup was originally taken on my Android phone.
A backup that can't be restored is useless (if it's even that good).
5 votes -
Add support for SAMLP extensions in logout requests in ADFS and AAD
At the current time, logout requests from a relying party that supports the <samlp:Extensions> element in logout requests cause a failure in ADFS and sign-out is not achieved. I do not know if other requests or responses in the SAML protocol are affected.
At very least, the server should be able to ignore SAML protocol extensions that it does not support. More ideal would be to also have a supported mechanism for extending the functionality of the IdP for extensions not supported out of the box.
4 votes -
OpenID Connect should always return email claim if requested
The OpenID Connect implementation of Azure AD is not compliant with the spec and should be fixed. If the RP requests the email or profile scopes and the user gives permission, the id token must include an email claim.
It appears that for some users, even if you add the optional claims for email, you do not get an email claim back. This is unacceptable. There is only one email address that any OIDC login would expect to get back and that is the email address they have just used to login, since that is the authenticated identity.
The fact…
1 vote -
Enable Azure AD Password Protection in Azure Government
This is a feature available in Azure public, please add this feature to Azure Gov. With this enabled, we have much more flexibility in terms of make passwords maintenance easier for our users.
17 votes -
Since yesterday, I didn't receive the code Microsoft on my phone 37321973
Since yesterday, I didn't receive the code Microsoft on my phone 37321973
1 vote
- Don't see your idea?