Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Include custom attribute store as in ADFS

    Azure AD doesn't support use of Custom attribute store for claim processing as in ADFS. In ADFS, I can have logic (say derive location based on incoming IP from a table/excel sheet) in custom attribute store and fetch that data during claim transformation

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. I have an application that not accept "@" in the username, I would like to replace this for an other character in the SAML Claim

    I have an application that not accept "@" in the username, I would like to replace this for an other character in the SAML Claim

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  3. Automatic revalidation of Registered APPs on Azure AD

    Hi Team,

    We are trying to implement a governance policy to all the registered APPs into our Azure AD environment and it will be really great if you could help us to do through some automatic revalidation process and management of Disabled Applications.

    FYI I have submitted a Microsoft Support Case 120070823002186 for it but it looks like it is not possible to do so and hence based on the suggestion received from assigned support personnel I am putting my idea here to see if could help us to get some alternative option.

    I have downloaded a spreadsheet from Azure…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Better SAML SSO Signing Certificate Notifications/Automation

    For applications set up with single sign on with Azure, could we have a way to:
    1. Default to a certain email address (i.e. team mailbox)
    2. Mass-update notification email addresses so we can change them to our team email
    3. Automatically roll over to a new signing certificate as an option when the 3-year expiration comes (ADFS can do this)
    4. Allow the owner of an application to view or manage the signing cert manually if they need to

    That would help us better manage the certificates used for SSO. Thanks!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow users to provide AAD application ID and Object ID

    We are asked to not egress anything generated within our prod environment, including AAD application ID and Object ID.

    But if those IDs are generated outside and are provided into our prod environment, that is OK.

    So we are requesting AAD Application to add supports allowing customer to provide the application ID/object ID during the creation time of an AAD application rather than generating them automatically.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. Implement Google Passing Credentials API in Azure AD GSuite App

    For Azure AD’s GSuite App, implement the google credentials passing api to allow chrome devices that use azure ad for authentication to not have to input a second local password after authentication succeeds. https://www.chromium.org/administrators/advanced-integration-for-saml-sso-on-chrome-devices

    https://bugs.chromium.org/p/chromium/issues/detail?id=1127575&hotlist_id=7264&sort=%20rank%20-ID

    This will provide seamless authentication experience for chromeos users that rely on Microsoft Azure AD for user authentication and office 365 for productivity suite in lieu of googles own services.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. Restore ServicePrincipal

    Currently we can restore applications as the following but can not restore service principals.

    https://docs.microsoft.com/en-us/powershell/module/azuread/restore-azureaddeletedapplication?view=azureadps-2.0

    If it was deleted by mistake, Admins have to reconfigure User and Group, RBAC, SSO configration, Admin consent, etc

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add Locale and City mappings to Envoy provisioning

    The new SCIM provision tool for Envoy is good but it doesn't seem to account for the fact the Envoy maps users to locations based on Locale or City, neither of which are mapped by default.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  9. Virtual Entity ID to connect SSO to multiple environments serviced by the same SP partner.

    I have a use case where i need to connect SSO to multiple environments serviced by the same SP partner. Unfortunately, the SP cannot setup multiple partner connections using the same Identifier (Entity ID) provided by the Azure AD tenant.
    This capability is currently possible in Pingfederate with the use if Virtual Server IDs which becomes the Issuer element in the assertion or message. This Issuer element is used by the recipient of the SAML to determine the configuration used to process the assertion.

    Virtual server IDs provide more configuration flexibility in cases where you need to identify your service…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow Relying Party AutoUpdateEnabled

    Hello,

    Azure AD does not provide a way to automatically update the application configuration based on changes within the Relying Party federation metadata.

    For most of us, it's a big drawback because IT admins have to handle this change and only a few admins IT have identity technical background.

    As Microsoft pushes Azure AD to be used as the Identity provider for most apps (and Microsoft provide tools to migrate from ADFS to Azure AD), this feature becomes essential!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow Regex or String Processing for Claim Tranformation

    I have tried multiple permutations of existing functions and am unable to get a result that is very simple with ADFS - and yes I have opened a case on this issue (120070721001865).

    We have designated an extensionattribute as a "saas information attribute" which means we have placed a delimited string in the attribute so that we can provide applications with claim information. A sample string would be "AP1:App 1 data|BP1: Business App Data|BP2:Business App2 Data|ETC: and so on"

    With regex this is a very simple routine to isolate the attribute in question - such as "BP2:([^\|]+)" which would get…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Custom SAML Certificate common name

    We store SAML signature certificate in our documentation system to log the expiration and track them as part of our documentation.

    We saw, that the common name of all created certificates is 'Microsoft Azure Federated SSO Certificate'. I would like to have the application name (at least) included in the common name. It could be possible to set a custom common name as well.

    That would make it much easier to identify the corresponding application.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  13. Self service registration of Applications to be extended to SP initiated flows

    Currently AAD admin can configure self service access for pre-provisioned apps wherein they can configure users to request access to applications from the Myapps portal experience. (https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access). This is similar to the IDP initiated experience. However we have some apps which require users to start with Service Provider but they are not granted access to the users and groups. Extending this feature to Service provider initiated flows will allow the user to request access to those applications ( SAML, Password SSO, OIDC) if the user is not already granted access. An Administrator can choose to be notified and…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  14. Transform SamAccountName to include domain\ prefix using the distinguished name to get the domain name

    Applications need Domain\UserName as a claim. Can we transform the SamAccountName to add the domain\ prefix by getting it from the distiguished name. So the SamAccountName would be Contoso\John.Smith.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add claim manipulation for padding

    It could be an independent function such as PadLeftWith() or PadRightWith() to pad, let's say an employee number by 0s. Or a combination of functions such as Join() and followed by ExtractNums(), allowing exact number of characters retrieval, e.g., Join 0000000, 2233835, and ExtractNums() 9 of previous function's output retrieves 002233835.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add Concatenate/Prepend/Append function to Claim Transformations

    Provide a function to concatenate two values as part of claim transformation. Should allow existing attributes OR the ability to concatenate/Prepend/Append an attribute value with static text - even for NameID. In our case, we have third party applications that can be SSO enabled, but that do not use one of our registered domain names. Solving this through AD extension is feasible, but using expressions would be much simpler.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  17. Optional claims from https endpoint

    It would be great it we could have an optional claim fetched from an external https endpoint (secured with an Azure AD application token).

    We have some requirement where some privacy rule requires us to decrypt an encrypted user attribute, before sending it to the external application.

    By allowing us to specify an url endpoint for that claim we could manage the encryption ourself. Azure should send the user id (or allow us to include some user attribute in the request)

    It should also pass an azure ad jwt token with the application id that is used in the current…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Deactivating of users in ServiceNow do not happen when the user is removed from the ServiceNow group or from Azure AD itself.

    After removing the user from the ServiceNow Assignment or Removing the user from the Azure AD itself, there is no information passed to ServiceNow about the user and the user remains active in ServiceNow.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. Have the ability for SSO between SugarCRM and Genesys PureCloud

    SSO into SugarCRM with App Roles should SSO into Genesys PureCloud

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. Need to update Carlson Wagonlit Travel app in Azure Marketplace

    Hi,
    I'm with CWT and maintaining SSO connections with our clients. We've noticed recently that the Azure app for CWT contains a legacy ACS URL which we need to remove.
    Can you provide a process for such a change, please?

    Thank you, Michal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base