Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Force Azure AD to verify the signature in the SAML request

    Enable optional SAML request signature when federating with a SAML 2.0 IDP

    SAML Authn request from AAD to a third party SAML 2.0 IDP are not signed. This leaves the third party IDP open to DoS attacks on their credential repository.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback.

    We would like to hear why you absolutely need this option before you move to Azure AD.

    Azure AD accepts a signed SAML request; however, it will not verify the signature. Azure AD has different methods to protect against malicious calls. For example, Azure AD uses the reply URLs configured in the application to validate the SAML request. Azure AD will only send a token to reply URLs configured for the application.

  2. Better governance for SaaS apps (App Registration description)

    Azure App Registration needs some kind of better governance. The amount of applications is exploding within companies with all kind of apps all ranging from breakfast to compliance applications. Microsoft needs to add some some extra property fields that can be used for description of the application purpose, but also a field that can be used for service management. I do not think that a Azure Tag would be sufficient. It must be some kind of value that can be set on the application.

    Reference:
    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/13102086-azure-ad-applications-needs

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  3. Engage Approval process when attempting to use the app directly

    Please can we initiate the approval process at the application level, not just when being added into the application portal (myapps)?

    An example. draw.io has been configured to require authentication and assignment. A user goes to draw.io and logs in with their Office365 account. They see a user-unfriendly error message as below: -

    [OneDriveSDK Error] errorType: badResponse, message: AADSTS50105:+The+signed+in+user+is+not+assigned+to+a+role+for+the+application+'01234567-89ab-cdef-0123-56789abcdef0'. Trace+ID:+01234567-89ab-cdef-0123-56789abcdef0 Correlation+ID:+01234567-89ab-cdef-0123-56789abcdef0 Timestamp:+2000-01-01+00:00:00Z

    Instead - I would want the application to prompt with the same approval process notification/initiator that is seen when attempting to add the app via MyApps.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    First, we’re working to allow end-users to request Admins to consent to an application that requires Admin permissions.

    As a next step for this feature, we’re considering to add other scenarios like this one where user assignment is required.

    Please keep voting to help us prioritize

    /Luis

  4. Rename Azure AD Application "Office 365 Exchange Online" to "Outlook"

    Users with Office 365 license when accessing myapps.microsoft.com do not understand that in order to open "Outlook Web App" they should use "Office 365 Exchange Online" icon. Please rename Azure AD Application "Office 365 Exchange Online" to "Outlook" or "Outlook Web App".

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. We would like to have an advanced claim transformation process to simply the configuration of AWS app integrations

    For the integration of AWS with AzureSSO we need to send via the claim "https://aws.amazon.com/SAML/Attributes/Role" the aws account and role information, which will be used for authentication on AWS side. For our scenario, we create for each users an own role in AWS and want to generate the role claim based on the user mail address.

    The transformation of the claim should work like:
    1.) Extract the mail prefix from the user with ExtractMailPrefix()
    2.) Execute on the value from 1.) a tolowercase()
    3.) Use the value from 2.) in a Replace transformation

    The result should look like…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure AD->EnterpriseApp->All App->New App button is disabled

    Azure AD->EnterpriseApp->All App->New App button is disabled for normal user, it should give a warning that this feature is not available for a normal user or "You need to have Admin " permissions to enable this feature.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. Password based SSO - support multiple app profiles per user

    The Password based SSO solution does not allow for multiple app profiles.
    Eg use case:
    Digital Marketing team supports multiple brands, and requires access to multiple accounts within the same social platform, like facebook.com.

    A single user or group can be assigned multiple Password based SSO Apps.
    User installs PlugIn in Chrome or IE or FireFox.
    User navigates to facebook.com url and there is no auto sign in. - ok
    User goes to MyApps portal and clicks Brand A Facebook app. - User is signed in.
    User does what they need to do and then change accounts.
    They click to…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add SCIM to support UserType field in Scoping Filter

    If AAD UserType field was available in SCIM Scoping Filter, it would be easy to filter out all guest users from the scope of synchronization.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    Hi we will review.

    One option to consider is to set the filter to filter out specific domains that guest users are coming from. You could also control who is provisioned based on groups that users are assigned to.

    That being said, the need to scope on user type makes sense.

  9. workday-AAD please add support for sending email notifications after provisioning operations complete

    From the FAQ: "Does the solution support sending email notifications after provisioning operations complete?
    No, sending email notifications after completing provisioning operations is not supported in the current release."
    This would be useful as all of our current processes include emailing a few people per region a user is created in.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provisioning connector to Dashlane

    Dashlane is a cloud based password management solution that supports SAML 2.0 https://support.dashlane.com/hc/en-us/articles/212111089. Would it possible to it to the App Gallery?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  11. We have a few non-gallery applications we would like to be added.

    We are a K-12 School District and cannot afford the Premium upgrade. The apps are:
    ez-proxy - https://www.oclc.org/en/ezproxy.html
    Frontlineeducation.com (Absense Management and Professional Growth)
    GoGuardian
    Schoolwires (part of Blackboard.com)

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  12. Yardi

    Azure SSO does not include Yardi property management ERP. We have several clients who use this online

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base