Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Get user membership groups in the claims with AD B2C

    As it's possible in the standard AD by changing the API application manifest option "groupMembershipClaims" to "SecurityGroup", is it possible to return user membership group in the claims with AD B2C?

    Now, we can have only the default and custom attributes by adding a signin policy, but it's impossible to get user membership groups.

    1,618 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    91 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We definitely recognize the popularity of this feature, and we discuss it constantly during the planning phases. However there are certain technical limitations in the system that add a large amount of development cost. Because of the cost and the fact that there is a workaround available, other features get prioritized over this one.

    That being said, please keep voting for it. The popularity of the feature does help bring it up and makes us reconsider every time.

    Apologies for the delay.

    /Parakh


    Old message:
    We’re doing some research both on the specifics of this ask as well as what it would take to support this.
    Is the ask here to do the same thing that regular Azure AD does (see: https://blogs.technet.microsoft.com/enterprisemobility/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles/) or is are there different requirements around this for Azure AD B2C?

  2. Azure AD B2C, How to Avoid / Validate, duplicate Sign up with Social Identity Providers

    Hi, Assume, I sign up with Google 'siva@gmail.com', it creates a user in the tenant. I sign up with Facebook 'siva@gmail.com', it creates another user in the tenant. Also I went and Sign up using email account, for 'siva@gmail.com', now am finding 3 users with same email id. I see this is a duplicate accounts are getting created. Is there any way this can be validated & inform user in Azure AD B2C ?

    259 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    44 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you. We will examine the experience of duplicate sign ups across Identity providers. Would performing this check by using the email address be sufficient?

    BTW, Linking multiple provider accounts to one user is in our roadmap and we’ve already achieved it in preview…

    We look forward to your feedback

    /Jose Rojas

  3. Deploy and manage Active Directory B2C using ARM templates and RM PowerShell cmdlets.

    When building Azure-based applications intended for generalization and multiple deployment, it would simplify both the development and deployment experience if B2C directories could be configured using the standard Azure RM template and PowerShell cmdlet functionality.

    245 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Given that a Azure AD B2C tenant should only be used for configuring Azure AD B2C, would having programmatic API’s to configure all of the Azure AD B2C settings be useful or is there more that you are looking to achieve using ARM templates?

    /Parakh

  4. Change MFA sender phone number and content

    Currently is not possible to change the phone number or the content of the SMS to validate the user's number or for MFA.

    B2C would be more useful for financial and/or government organizations if the MFA had more branding options in order give peace of mind to wary customers.

    72 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We’re looking at this feedback and along with work for verification emails, looking to do some work around customization to completely remove the Microsoft brand and allow this depth in customization. Please bear with us as we are looking at how best to prioritize these changes.

    /Sam

  5. RBAC roles for Viewing/Modifying Authentication Info (MFA)

    Currently, only Global Admins can view and modify the information in a user's account in the Authentication Info fields. This is problematic as we have people performing B2C support that are User Administrators and can't see or update the user's info in these fields to help troubleshoot access issues/MFA issues.

    For users assigned the User Administrator role, allow them to view and modify the Authentication Info fields. They currently see grey fields that are empty.

    65 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  6. AADB2C: Add CORS headers to AD B2C token endpoint to allow for implicit flow (XHR POSTS)

    We are trying to implement Azure AD B2C authentication with a web app using implict flow. We can login and successfully get redirected to the correct url which includes the correct items on the redirect url (idtoken&code). However, as this article suggests (https://github.com/Azure/azure-content/blob/master/articles/active-directory-b2c/active-directory-b2c-reference-oidc.md#get-a-token) the app then needs to perform a xhr POST request to the token endpoint to retrieve a token for a resource (web api) the app needs to interact with. However, when I try and do an XHR POST to that token endpoint (https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token?p=b2c1_signinpolicy) the browser (quite rightly) performs a preflight check (an…

    64 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD B2C Support Social IDP Profile Picture

    Add support for a built-in attribute type for storing a profile picture URL. Azure AD B2C should then store the profile picture URL as a user attribute when signing in with a social provider. This attribute can then be selected as an application claim attribute so applications can have access to social provider profile pictures. The attribute should also update on any subsequent successful sign in attempts when there is an updated profile picture from the social provider.

    Alternatively, just update AD B2C to set the user's social profile picture as the AD thumbnail photo when creating an account.

    54 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Although we do not directly support this feature, there is a new workaround available which is to use the IdP token (like Facebook’s token) to grab the profile photo. You can do this by calling Facebook directly from the app using the facebook token.

    Azure AD B2C now allows the access tokens of OAuth 2.0 identity providers to be passed as a claim in the B2C token. Please try it out (see instructions below) and give us feedback at aadb2cpreview@microsoft.com.

    User flows (built-in policies)

    https://docs.microsoft.com/azure/active-directory-b2c/idp-pa

    Custom policies

    https://docs.microsoft.com/azure/active-directory-b2c/idp-pass-through-custom

  8. Terms of use and privacy policy

    It would be great if AD B2C could manage all the process for terms of use and privacy policy management.
    There is actually no way to manage it in the sign-up policy...

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    We have created samples to do this in custom policies here:

    Sample: https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/source/aadb2c-ief-terms-of-use

    Readme: https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/scenarios/readme.md

    While we realize this is only works for custom policies (the part where you can track versions of consent), we currently don’t have plans to implement this in built in policies.

  9. Update Azure AD B2C claims when signing in with social providers

    When an Azure AD B2C account is set up after signing in with a social provider, the basic claim details are populated with data from the social provider, such as surname, given/family name, emails, etc. When this information is changed in the social provider account, can it be automatically updated in the B2C claims on the next sign in?

    In essence, when a Facebook/Google/Microsoft/Amazon/LinkedIn user changes their name, email address, etc. I want their B2C account claims updated to reflect the new info the next time they sign in to my B2C app.

    I am attempting to do this without…

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback. So to clarify, you would the ability to interrupt the user during the sign in process to ensure their info is in sync with the identity provider they are using. Is that correct? Would you like to see this at all times or just when the data is out of sync?

  10. "Recover Username"

    Allow for B2C users to recover their usernames.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  11. Restrict new user signups using disposable email

    i want to restrict new users signup using disposable email address

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  12. Refresh Tokens can take a long time to be exchanged

    We are seeing an issue where it is taking a while for a refresh token to be exchanged.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add Identity provider for more than one platform in a single Azure AD B2C Tenant

    Hi, We were using B2C to setup facebook login. We were able to add an identity provider whose client id and client secret were linked to facebook IOS App. But we also require to set up facebook login on app running on Android. How can we do it in the same tenant?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base