Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure AD Applications - Needs

    - Allow applications in Azure AD to be organised into folders so business units who work in this space can 'claim' applications.
    - Provide the ability to rename applications or application instances once created.
    - Provide visbility of what user created an application.
    - Provide the ability to 'lock' applications from being accidently deleted.
    - Deletion of applications requires X global admins to approve, at the moment a rogue admin could destroy an SSO setup for an entire company in minutes...

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback, some of the suggestions are already available:

    - Ability to rename applications
    - Provide visibility of what users created an application: You can use audit activity reports: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-activity-audit-logs

    Regarding the other suggestions, I’ll update this once it’s a planned feature. In the meantime, keep the voting coming so we can prioritize this higher.

    /Luis
    Program Manager

  2. Custom error messages per SaaS App and tenant-wide also

    It would be really awesome, if Microsoft would provide developers with an option to provide custom error messages per Azure AD SaaS Apps and Global Admin to define some tenant-wide custom error messages as well. The error messages provided from Microsoft is not especially user-friendly or customer specific yet. This creates some confusions among internal and B2B users.

    I hope this would be taken into considerations like the Azure Conditional Access custom error messages.

    /Peter Selch Dahl
    Azure MVP

    Also see these related request:
    ---------------------------------------------------------------------

    Fix Error AADSTS50020 when logged in user doesn't have permissions to selected Application:
    https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/6795635-fix-error-aadsts50020-when-logged-in-user-doesn-t

    Customize…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →

    We don’t plan to provide the capability to customize the error message for now. But, we have been working on making the error messages more actionable.

    If you have any suggestions for improving an specific error message. Please create another post and the team will improve it.

    /Luis
    Program Manager

  3. IDP-Initiated SAML flow option for all gallery applications

    Gallery integration for some SaaS applications (such as ServiceNow) use SP-Initiated sign-in flows. This makes ADFS -> Azure AD "migrations" for customers difficult as there is no way to validate the user experience without making Azure AD the default SSO provider. Additionally, some customers rely on just-in-time SAML provisioning, which is seamless with IDP-Initiated flow.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    unplanned  ·  1 comment  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support inbound provisioning from TalentSoft to Azure AD

    Similar to Workday, add support for inbound provisioning from https://www.talentsoft.com/ to Azure AD.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  5. Conditional SAML Token Attributes

    We need the ability to optional pass SAML token attributes based on a predefined condition. In our scenario we'd like to pass a join attribute only if both strings aren't empty.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  6. Application Roles UI

    Support the assignment of multiple application roles to users via the new portal. In the classic portal you can only assign a single application role to a user (and have to use the API to assign more).

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow variable attributes for password SSO

    We currently use Onelogin which allows us to use variables from user profiles. We want to use Azure AD password SSO to push custom variables to the form such as the user's first name, last name, email, etc...

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SaaS Applications  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base