Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Is it been forced to use Group-managed service accounts for the new further installation of " Microsoft Azure AD Connect Provisioning Agent"

    Configuring User Deployment of SAP SuccessFactors in Active Directory

    I am following the below article to setup and configure the installation process for the Azure AD Connect Deployment Provisioning Agent (Azure Active Directory) from SAP successFcator to on-premise AD but please let me know if their is a control to bypass gMSA option and use your own custom service account option due to my network controls. let me know the options and also what are the controls when provisioning AD accounts, with SAP SF as source, about how password can be provided.

    https://docs.microsoft.com/de-de/azure/active-directory/saas-apps/sap-successfactors-inbound-provisioning-tutorial#part-1-add-the-provisioning-connector-app-and-download-the-provisioning-agent

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable Cloud Provisioning from SAP Fieldglass to Azure AD

    Similar to Workday, SAP Fieldglass seems to be a strategic Worker Management solution. Enabling cloud provisioning would help companies move towards Cloud Only Identity Management.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  3. option to skip attribute mappings or to add option to Apply mapping on 'disable' SoftDelete task

    Would like to see added two things,
    1) The option to apply mappings 'only' when the account is SoftDeleted.
    2) The option to skip a mapping should a NULL value be returned.

    These would help prevent provisioning errors when the Source directory contains NULL values causing failures when creating in Active Directory.
    If you happen to 'update' a field with a NULL value to an exisitng account in Active Directory, the update task will work, but should you try this during a 'Create account' task, this fails with a "ConstraintViolation-LdapErr: A value in the request is invalid".
    So far, this…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  4. WorkdayHCM Implement WebHook Triggers for Provisioning to AAD or AD

    Need: An AzureAD inbound, event-driven user provisioning interface for external systems that are an originating source of people/users (joiners/movers/leavers).

    WorkdayHCM is our primary HCM system. It is not the only point-of-origin for people that will require IT services (apps licenses/access, compute devices, facility access badges, phones, etc.)

    The current AzureAD WDHR provisioning adaptor is polling based. This Poll-for-Change pattern does have utility, but is far from modern "Event-Driven" auto-provisioning.
    https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial#overview

    I've read through the Provision-On-Demand feature, purposed as a test/debugging tool. Not available as a continuous runtime pattern.

    In the Power.Automate Connectors reference I found the WorkdayHCM (Preview) connector.
    https://docs.microsoft.com/en-us/connectors/workdayhcm/

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  5. Workday to AD: Unable to update any IT attribute for disabled account (user on leave)

    We are trying to update IT attribute (manager field, phone number, mobile number) for disabled account (user on leave). We are using below expression to disable/enable the user profile in AD:

    Switch([Active], , "0", "True", "1", "False")

    When user is disabled in AD, the provisioning service finding the user is disabled or soft deleted, it automatically skipping that user and preventing updates.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  6. workday: allow writeback of matching user employee id from different ERP system

    The Workday Writeback connector needs the capability to writeback a users emplid from an adjacent ERP system. We are using WD HCM and WD financials, and we are using Peoplesoft Campus Solutions for student information system. We need a way to write the Peoplesoft Employee ID back to workday into a custom workday attribute.

    20 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  7. AAD to SF writeback: isPrimary tag hard coded

    Hi,

    When performing a writeback from AAD to SF, it is mandatory to hard code an isPrimary tag "true" or "false" with a phone number.
    There are several occasions where this methodology can fail.

    For example, when there is already a telephone number in SF where isPrimary=True, and the interface has another type of telephone number on isPrimary=True, the telephone number from AAD will not provision into SF because there is already a primary telephone number in SF.

    The interface should be able to dynamically decide if a telephone number is primary or not.

    Regards,
    Arne

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  8. SF to AD: user is disabled one day before termination

    In the standard interface of SF to AD, there is a direct mapping between activeEmploymentsCount (SF) and accountDisabled (AD). Following HR practices, the activeEmploymentsCount is inactive one day too early.

    The accountStatus attribute in SF does not have this behaviour.
    However, the activeEmploymentsCount is useful for future hires.

    In order to have the best of both worlds, you should implement a mapping:
    Switch([activeEmploymentsCount], "N/A", "1", "False", "0", Switch([accountStatus], "N/A", "ACTIVE", "False", "INACTIVE", "True"))

    I suggest to take this into consideration to change the default mapping.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  9. Be able to remove transactionlogdata as a critical attribute

    We're trying to use the Workday connector to automatically deprovision users, with a bare essentials standard mappings list, but whenever transactionlogdata information is updated in workday, this causes all users to resync and their UAC is overwritten, which puts Domain Controllers under stress due to the many thousand simultaneous writes. We have no mappings that are relevant to transactionlogdata, but we've been told removing it from the advanced attributes will break functionality. I can't see any logical reason why you'd need to process that data, if we tell you not to?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  10. expand customStringNav

    As confirmed by Microsoft support and PG, the following path doesn't retrieve the value existing in SuccessFactors, this is not supported at the moment.

    for example, the following path cannot retrieve the value of externalName under customString2Nav

    $.employmentNav.results[0].jobInfoNav.results[0].customString2Nav.externalName

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  11. Create future hires two weeks before startDate

    Hi,

    We have a scenario where we need future hires to be not only created, but also in enabled state a few weeks before their effective start date in SuccessFactors. This because the IT department already needs to do operations on the account.

    Any plans for the interface to support fetching the current date and create logic based on this?

    Thanks,
    Arne

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  12. How to deactivate users based on last day of work from Workday?

    I am searching for a solution how to feed the AzureAD attribute accountExpires from the StatusTerminationLastDayOfWork on the day of Last Day Of Work which is often before the Termination Effective Date

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  13. Scoping for Sync from SaaS to AD

    Provisioning from SaaS to AD, as well as having scoping to limit records from SaaS syncing, woud be good to have scope for target as well so we can disable sync for objects in AD using attributes.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  14. Create a standard API for Inbound Provisioning

    Create a standardized API that can be used for inbound provisioning.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  15. Workday to AD provisioning - Disable AD users after Account_Disabled attribute instead of Active attribute

    User would like to have a feature implemented:
    - That the account in AD is disabled responding to Accountdisabled in Workday Account instead of the "Active" attribute from the Worker object.
    - That the Expiration Date in AD is updated with the Account
    expiration_Date of the Workday Account.

    This requires the API call GetWorkdayAccount, from WorkDay's v34.1 API

    Here's the API documentation that specifies the XML for that call: https://community.workday.com/sites/default/files/file-hosting/productionapi/HumanResources/v34.1/GetWorkday_Account.html

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  16. Workday to Azure AD provisioning application under attribute mapping, under target object action delete feature deleting users in Azure

    Workday to Azure AD provisioning application

    under attribute mapping, under target object action delete feature deleting users from Azure AD. Instead of deleting user from Azure AD the account should disable in AD

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  17. workday

    Regarding Workday integration with AD, will you update the Azure AD User Provisioning Service/tool to sync photos from Workday to AD? It would need to read the data for a jpg file (the photo from workday) into a byte-encoded object and then stamp that data on the thumbnailphoto attribute of the AD account.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  19. Date time comparison in scoping filter of Workday to AD provisioning service

    We want to control user provisioning/deprovisioning based on termination date comparing it with current date using scoping filter.
    Can you please introduce this feature so that it will ease implementation process.

    Reason: In some environment we need to control this with time comparison.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
  20. Workday Address Attribute mapping and Expression for multi line address?

    Does anyone have an idea to write an expression from Workday to Active Directory for address?
    Workday had [AddressLineData] "100 Main Street", [AddressLine2Data] "Suite 100"
    The default mapping is Direct [AddressLineData] --> streetAddress in AD.
    If you mannually type the address in AD ADUC it will look like this:
    100 Main Street
    Suite 100
    When you look at the AD attribute for streetAddress is looks like this "100 Main StreetSuite 100"
    There are actually hidden special characters in it
    100 Energy WayCRLF
    Suite 100CR
    Carriage Returns and LineFeed
    So how would i add the CR and LF with a join…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Provisioning from Cloud HR  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base