Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. workday-AAD please add support for sending email notifications after provisioning operations complete

    From the FAQ: "Does the solution support sending email notifications after provisioning operations complete?
    No, sending email notifications after completing provisioning operations is not supported in the current release."
    This would be useful as all of our current processes include emailing a few people per region a user is created in.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow User Consent per Scope

    Provide option to allow admins to control which scopes the user can consent to, rather than the blanket disable available currently in "User settings".

    Primarily this would be helpful to allow users to consent to apps that only require access to "Sign in and read user profile" (User.Read) for SSO purposes but not scopes that potentially contain sensitive company data.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    Thanks for your feedback. This feature is currently in our backlog. We expect to make good progress on the incoming months.

    The idea is that as an Admin, you can have a list of low risk permissions that the users can consent to.

    Please keep voting and subscribing so we can update you when we have a more concrete plan.

    /Luis

  3. Workday to AD multiple domain support: Resolve manager references across domains

    As an AD Admin, when configuring Workday to Active Directory User Provisioning integration we would like the user provisioning service to resolve manager references across domains so that it supports the scenario where a user in one child domain and the user's manager is in another domain.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support Chrome Credentials Passing API for SAML SSO

    Using Azure AD SAML SSO with G Suite, when logging into a Chrome OS device after completing the Azure AD sign in you need to enter your password in to a Chrome dialog. Google has an API available to SAML vendors to bypass this extra step: https://www.chromium.org/administrators/advanced-integration-for-saml-sso-on-chrome-devices

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. Application Registration Portal - error when saving edited manifest with optionalClaims

    On apps.dev.microsoft.com I'm trying to edit a manifest to enable the optional "email" claim. I'm adding a block near the bottom of the manifest, and it looks valid:

    "optionalClaims": {
    "idToken": [
    {
    "name": "verified_primary_email",
    "essential": false
    }
    ]
    }

    Based on this reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims

    but when saving I get:

    The request body contains unexpected characters/content for the specified content type and encoding.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. We have a few non-gallery applications we would like to be added.

    We are a K-12 School District and cannot afford the Premium upgrade. The apps are:
    ez-proxy - https://www.oclc.org/en/ezproxy.html
    Frontlineeducation.com (Absense Management and Professional Growth)
    GoGuardian
    Schoolwires (part of Blackboard.com)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure AD->EnterpriseApp->All App->New App button is disabled

    Azure AD->EnterpriseApp->All App->New App button is disabled for normal user, it should give a warning that this feature is not available for a normal user or "You need to have Admin " permissions to enable this feature.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. Service Principals is so broken from a UI standpoint. Needs to be redone.

    Here is a link to the official documentation, notice how it is like 200 steps:

    https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal

    This is HORRIBLE guys. On Amazon, to grant API access to something it is one click - Generate API Key.

    I wasted 20 minutes trying to follow above steps. Guess what - at the end, it still doesn't work. Awesome! Now I get to debug your broken system for you instead of being productive.

    Can you please either:

    - Get rid of Service Principals (please shoot it), and just add a Generate API key command to replace it.
    - Add Generate API Key as…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  9. Amend the userprincipalname within a SAML Token Attribute

    A really useful feature would be to allow us to amend the userprincipalname (email address) before passing it (to an SaaS Application such as salesforce) as part of a SAML Token Attribute using the Single sign on connector with Azure AD.

    We currently have two instances of SalesForce/RemedyForce and we need our users to have logins into both but the logins need to be unique so I want to add .ds to the end of the userprincipalname in one of the instances but still allow them to use single sign on.

    I have been informed that it is not possible…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Possibility to map custom fields from ServiceNow

    We had some custom field on serviceNow user table, and we don't be able to map these fields in Add attribute mapping in AAD (see attached file)

    It is the normal behavior (FYI we use ServiceNow Helinski release)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow variable attributes for password SSO

    We currently use Onelogin which allows us to use variables from user profiles. We want to use Azure AD password SSO to push custom variables to the form such as the user's first name, last name, email, etc...

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  13. Auto configure single sign-on to Google Apps set wrong signout URL

    Currently, auto configure set same URL to sign in and sign out in Google Apps config.
    but, correct sign out URL is https://login.windows.net/common/wsfederation?wa=wsignout1.0

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  14. ADD Documentation for Percipio ( skillsoft product )

    Percipio ( Skillsoft's SaaS Application ) SAML APP documentation is needed

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  15. BSD

    SE:

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow to define delegation authorization rules.

    [ADFS to Azure AD App migration]

    The application has custom delegation authorization rules defined. Azure AD doesn’t support this today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow to source user attributes from external directories (different than Active Directory) to be emitted in the SAML token

    The relying party is configured to source claims from another claim provider different than Active Directory. We need to be able to do this in Azure AD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow in Azure AD to specify certain authentication types

    [ADFS to Azure AD App migration]

    This is a setting in AD FS that let you specify whether the application is configured to only allow certain authentication types. Azure AD doesn’t support this today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow multiple WS-Fed assertion endpoints

    [ADFS to Azure AD App migration]

    Azure AD only supports (1) one of these today.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  20. How to export NSF file from Lotus Notes?

    Choose a smart tool which can perform the entire process of NSF data exportation from Lotus Notes. eSoftTools NSF to PST converter software is one such organization. The user can see entire database on the screen in a layout which is easily readable. It does not require MS Outlook installation to provide best results. A free demo edition is also offered to all users. This tool works well with all editions of IBM Lotus Notes and MS Windows OS. Each element of the mailbox can be restored without structural changed
    • Simply select .nsf file and then elements which are…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base