Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Get user membership groups in the claims with AD B2C

    As it's possible in the standard AD by changing the API application manifest option "groupMembershipClaims" to "SecurityGroup", is it possible to return user membership group in the claims with AD B2C?

    Now, we can have only the default and custom attributes by adding a signin policy, but it's impossible to get user membership groups.

    1,088 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    68 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We definitely recognize the popularity of this feature, and we discuss it constantly during the planning phases. However there are certain technical limitations in the system that add a large amount of development cost. Because of the cost and the fact that there is a workaround available, other features get prioritized over this one.

    That being said, please keep voting for it. The popularity of the feature does help bring it up and makes us reconsider every time.

    Apologies for the delay.

    /Parakh


    Old message:
    We’re doing some research both on the specifics of this ask as well as what it would take to support this.
    Is the ask here to do the same thing that regular Azure AD does (see: https://blogs.technet.microsoft.com/enterprisemobility/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles/) or is are there different requirements around this for Azure AD B2C?

  2. Fully customizable verification emails

    Currently, Azure AD B2C sends verification codes via emails to end users during sign-up and password reset flows. These emails have limited customization. Add support for full customization of the email body & content.

    896 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    113 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  3. Customer-owned domains

    Run Azure AD B2C's sign-up & sign-in pages under a custom domain, for e.g., login.contoso.com, instead of login.microsoftonline.com.

    606 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    72 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.

    If you are looking to use custom domains to use javascript, we are now looking to enable that experience by providing a new (non-customizable) domain. Please look for updates here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15493536-add-support-for-javascript-inside-the-custom-ui-br

    /Parakh

  4. B2C Fully Customizable Sign-In Page

    Create a Sign In Policy by which we can provide our own template for the sign in page. It could work the same way as the Sign Up policy does.

    377 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    61 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  5. AADB2C: Send email invitation for new user to sign up

    I would like the ability to trigger an email invitation be sent to new users for our web application that I want to authenticate with AADB2C. In our multi-tenant design, each tenant will be responsible for adding their own users to their tenant. I would like the admin of the tenant to be able to send an email invitation to the new user and then that user can complete the sign-up process.

    344 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    27 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  6. SAML protocol support

    Azure AD B2C currently supports OpenID Connect and OAuth 2.0. Add SAML protocol support as well.

    325 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library

    Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library, just like Azure AD and Active Directory Authentication Library has.

    The Azure AD B2C page has been saying 'Get tokens using a username & password with the OAuth 2.0 Resource Owner Password Credentials Flow (coming soon)' since September 2015.
    https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-reference-protocols/

    322 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    64 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Just to provide an update, we are close to launching a private preview. We are in the final testing stages for this feature. We will have another update in the next few weeks with instructions on how to join the private preview.

  8. Add an Azure AD Identity Provider

    AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

    297 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  9. AADB2C: Support OAuth 2.0 client credential flow

    As mentioned in the B2C limitations:

    https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-limitations/

    Our daemons / server-side applications need this feature as part of our security implementation in order to grant access to our web apis.

    254 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Currently, you can use “App Registration” blade in the Azure Portal (outside of the Azure AD B2C blades) to register an apps that define application permission and the register apps that use client credentials to request these. The caveat is that this is done using the same mechanism that you’d use in regular Azure AD.

    Ideally we’d have a first class experience for this in the Azure AD B2C blades or at least have an Azure doc that walks you through the experience I just summarized, so I’m leaving this feature ask open.

    It would be great if you guys can add comments with your feedback. What scenarios areyou trying to achieve? Does the approach above help you achieve what you want to achieve? Does the experience to do so work for you guys and if not, what would you like to see?

  10. AADB2C: Force password reset

    Add the ability to force user's to reset password at next login. It would be ideal if this was available for both individual users as well as in bulk. This is necessary for situations such as credential leaks, etc.

    235 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    32 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We have started the planning for this feature and hope to have a preview by the end of the calendar year. In the meantime, could you respond to aadb2cpreview@microsoft.com with the answers to the following questions:
    - In which scenarios do you plan to force the user to change his/her password?
    - What kind of information (if any) would you like to get back if the user goes through the reset flow?
    - Do you currently or plan to track which users have reset their password?

  11. Add Japan region to data residency location of Azure AD B2C

    Lots of Japanese customers would like to use Azure AD B2C. But they can not decide to adopt B2C because we do not have Japan region as data residency location.

    217 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure AD B2C Data Residency in Australia

    Although Azure AD B2C is available for use in Australia, there is not option to create a directiry for which the user data resides in Australia. We would like to be able to ensure that our Azure AD B2C user data remains in Australia.

    202 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    50 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  13. Azure AD B2C, How to Avoid / Validate, duplicate Sign up with Social Identity Providers

    Hi, Assume, I sign up with Google 'siva@gmail.com', it creates a user in the tenant. I sign up with Facebook 'siva@gmail.com', it creates another user in the tenant. Also I went and Sign up using email account, for 'siva@gmail.com', now am finding 3 users with same email id. I see this is a duplicate accounts are getting created. Is there any way this can be validated & inform user in Azure AD B2C ?

    201 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you. We will examine the experience of duplicate sign ups across Identity providers. Would performing this check by using the email address be sufficient?

    BTW, Linking multiple provider accounts to one user is in our roadmap and we’ve already achieved it in preview…

    We look forward to your feedback

    /Jose Rojas

  14. Add support for the Microsoft Authenticator app in B2C

    Enable the Microsoft Authenticator app to be used for 2FA in Azure B2C.

    199 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We are looking to add additional MFA options for Azure AD B2C in the next few months. As part of the investigation, we want to learn more about your requirements. Email your feedback to aadb2cpreview@microsoft.com.

    When you say “support for Microsoft Authenticator”, which feature are you referring to?
    1. The ability to see the codes in the authenticator app
    2. The ability to receive push notifications for MFA

    If both, which do you prefer more?

    Again, please email your feedback to aadb2cpreview@microsoft.com. Feel free to include more details about your scenarios/requirements!

  15. B2C Support for client credential flow.

    To enable APIs to use authentication from another application with separate security credentials (clientId+secret). Needed for APIs to make graph calls.

    (This is not the same as on-behalf-of flow, which represents the ability to exchange an access token intended for one audience for an access token intended for a different audience)

    167 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  16. Programmatically register B2C applications

    I want to be able to call a Graph API to register new B2C applications

    160 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  17. Phone number sign-up

    Local accounts currently allows email addresses and usernames as sign-in identifiers. Add phone numbers as well.

    136 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    38 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We are interested in enabling this scenario and are looking for more data.
    - Would you want to be able to use this in conjunction with email or would you only be interested in one way to sign up accounts at a time?
    - Would you like to be able to create the account without needing an email at all?

    /Sam

  18. Deploy and manage Active Directory B2C using ARM templates and RM PowerShell cmdlets.

    When building Azure-based applications intended for generalization and multiple deployment, it would simplify both the development and deployment experience if B2C directories could be configured using the standard Azure RM template and PowerShell cmdlet functionality.

    128 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Given that a Azure AD B2C tenant should only be used for configuring Azure AD B2C, would having programmatic API’s to configure all of the Azure AD B2C settings be useful or is there more that you are looking to achieve using ARM templates?

    /Parakh

  19. Programmatically manage B2C policies

    I want to be able to call the Graph API or use PowerShell to manage Azure AD B2C policies.

    126 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  20. "Change password" policy

    Add a new Azure AD B2C policy that allows a signed-in user to change his or her password. Not the same as password reset.

    116 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We are in the process of planning this feature and hope to have a preview available by the end of november. In the meantime, could you please respond to aadb2cpreview@microsoft.com with your responses to the following questions:

    - If you had a “password change” policy, what kind of information would you like to get back once the policy has been executed?
    - Would you prefer to have a policy that forces you to sign in first, and then asks you to change the password, or one that let’s you do it all on the same page?
    - Would you want an email to get sent out to the user whenever the password is changed?

← Previous 1 3 4 5 18 19
  • Don't see your idea?

Feedback and Knowledge Base