Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Concatenate/Prepend/Append function to Claim Transformations

    Provide a function to concatenate two values as part of claim transformation. Should allow existing attributes OR the ability to concatenate/Prepend/Append an attribute value with static text - even for NameID. In our case, we have third party applications that can be SSO enabled, but that do not use one of our registered domain names. Solving this through AD extension is feasible, but using expressions would be much simpler.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Optional claims from https endpoint

    It would be great it we could have an optional claim fetched from an external https endpoint (secured with an Azure AD application token).

    We have some requirement where some privacy rule requires us to decrypt an encrypted user attribute, before sending it to the external application.

    By allowing us to specify an url endpoint for that claim we could manage the encryption ourself. Azure should send the user id (or allow us to include some user attribute in the request)

    It should also pass an azure ad jwt token with the application id that is used in the current…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  3. Deactivating of users in ServiceNow do not happen when the user is removed from the ServiceNow group or from Azure AD itself.

    After removing the user from the ServiceNow Assignment or Removing the user from the Azure AD itself, there is no information passed to ServiceNow about the user and the user remains active in ServiceNow.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Have the ability for SSO between SugarCRM and Genesys PureCloud

    SSO into SugarCRM with App Roles should SSO into Genesys PureCloud

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. Need to update Carlson Wagonlit Travel app in Azure Marketplace

    Hi,
    I'm with CWT and maintaining SSO connections with our clients. We've noticed recently that the Azure app for CWT contains a legacy ACS URL which we need to remove.
    Can you provide a process for such a change, please?

    Thank you, Michal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. allow transform to add data and symbols

    Does the transformation function have the ability to change and email to the DOMAIN\Username format?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD SAML SSO to salesforce: Is it possible to use user.onpremisesamaccountname as unique ID?

    I've setup Azure AD SAML SSO to Salesforce using user.mail (unique ID) and it worked. this integration is widely available on youtube.

    However, In client environment, Azure AD is integrated with On-prem AD. and the requirement is to setup SAML SSO to Salesforce using user.onpremisesamaccountname (unique ID). Since there is no documentation for step to step process for this scenario. Please can you suggest if this is similar to this link --> https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/salesforce-tutorial#

    or Is there any extra step need to be done in Azure AD or Salesforce SSO settings?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. Need an SSO claims transformation rule to remove leading zeros

    When customizing the claims issued in the SAML token by Azure AD for single sign on, there should be a claims transformation function that allows for removing the leading zeros from an attribute.

    Example: If employeeid is '00002204', then replace with '2204'. If employeeid is '00010346', then replace with '10346', etc.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  9. Require IsMemberOf filter for users sync

    Azure Databricks SCIM Provisioning Connector needs IsMemberOf filter for users sync.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enerprise Application Restriction

    Restrict third-party application to gain admin level consent and allow third-party app to gain user level consent for a specific set of users/groups without enabling option: 'Let people in your organization decide whether third-party apps can access their Office 365 information'

    For example: If a specific amount of users want to use a third-party application, instead of providing the third-party application admin consent to all users in our tenant, only provide user level consent to the set users/groups. While keeping the option 'Let people in your organization decide whether third-party apps can access their Office 365 information' disabled.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. Implement "Admin Permit" for Azure AD Apps which then allows users to consent

    As an admin of a tenant where user consent is disabled, we require the ability to permit users to consent to approved applications, without granting a tenant-wide admin consent to those applications.

    Users would see the normal consent page for approved applications and the admin approval workflow for unapproved.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Scope does not show up when setting up Zscaler SCIM, we have to exit current screen and come back for "scope" to appear.

    Scope does not show up when setting up Zscaler SCIM in Enterprise applications, we have to exit current screen and come back for the "scope" setting to appear.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  14. need list of saas application configured for SAML sso along with their reply url,identifier and signon urls

    How to get list of saas application configured for SAML SSO on Azure AD along with their reply url,identifier and sign on urls.
    Powershell command or any place

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow group for admin consent requests (Enterprise applications)

    I know admin consent requests are still in preview, but maybe this will help to get a better GA version:

    Currently, if you configure admin consent requests for enterprise apps, you can only add user accounts for review, that have the required role. Only accounts that have a required role assigned are being displayed. This sort of breaks a strategy of zero standing administrative privileges and zero standing access (which MS has successfully deployed themselves) in a customer environment.

    In my view, the best option would be to be able to add a distribution list or group for consent review…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. Remove LinkedIn Integration

    This integration is problematic to say the least.

    a) consent mechanism by-passes the normal 3rd Party AAD user consent security control;
    b) consent UI does not provide full disclosure of what those permission grants mean;
    c) permissions granted to linkedin exposes wildly inappropriate sensitive data and takes consent from a person who does not own that data;
    d) linkedin branding inside the corporate boundary
    e) freely exchanges data between a service designed to protect your information and one that is designed to sell your information
    f) on by default (at least in some tenant types?)

    For those who haven't looked…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  17. ADD Documentation for Percipio ( skillsoft product )

    Percipio ( Skillsoft's SaaS Application ) SAML APP documentation is needed

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. BSD

    SE:

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow to define delegation authorization rules.

    [ADFS to Azure AD App migration]

    The application has custom delegation authorization rules defined. Azure AD doesn’t support this today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow to source user attributes from external directories (different than Active Directory) to be emitted in the SAML token

    The relying party is configured to source claims from another claim provider different than Active Directory. We need to be able to do this in Azure AD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base