Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Custom Identity Provider feature to Azure AD

    We have a custom IDp on old ACS and use ADAL v1 to auth a desktop app. We need to use new thinks of ADAL v2 or newer versions.

    We already have this app in production so we realy need a way to use Azure b2c with our custom identity provider. In fact we want the feature of custom Idp in Azure AD in order to substitute ACS.

    50 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  2. OpenIdConnect: bug in Azure AD SSO Reply URL

    If the reply url contains a # sign, Azure AD doesn't redirect the token back to the configured reply url but to the root.

    Configured reply url: http://localhost:8050/#/login/

    Expected reply url after successful authentication: http://localhost:8050/#/login/?idtoken=eyJ....
    Actual reply url after successful authentication: http://localhost:8050/#idtoken=eyJ

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →

    URL fragments in the redirect URL are not supported in OAuth 2.0 (or OpenID Connect).

    The OAuth 2.0 spec (RFC 6749) Section 3.1.2, in reference to the redirection endpoint:

    “The redirection endpoint URI MUST be an absolute URI as defined by [RFC3986] Section 4.3. The endpoint URI MAY include an “application/x-www-form-urlencoded” formatted (per Appendix B) query component ([RFC3986] Section 3.4), which MUST be retained when adding additional query parameters. The endpoint URI MUST NOT include a fragment component."

    (https://tools.ietf.org/html/rfc6749#section-3.1.2)

    A second thing I notice is that you seem to be invoking the Implicit Grant flow (“response_type=id_token”, or “response_type=id_token token”), which is why the id_token (and possibly access_token) are being returned as URI fragments (“#id_token=…”) and not query string parameters (“?id_token=…”).

    — Philippe Signoret

  3. 4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
    declined  ·  Anonymous responded

    Cory, could you add a bit more to this idea. Perhaps a use case.

  4. i think allow open ldap direct query to Azure Directory

    i think allow open ldap direct query to Azure Directory

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sack the authentication development team

    The authentication experience is a complete nightmare

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  6. It's extremely complicated even for a software engineer to work on this platform.

    It's extremely complicated even for a software engineer to work on this platform. Not something, which can be called user friendly. I tried to operate a vital machine from my MAC and I had to give up. Just to give you an idea that I have been working in IT since last 7 years and still it's outside my scope. Just imagine what it would be to a person who is even even less technical than me.

    It's only meant for geeks and no user friendliness.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create ADAL library for Windows Phone Silverlight applications

    Recent announcement about ADAL library for WP 8.1 is great but a version for Silverlight should also be available.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  8. Use my own api keys for Access Control Service

    I want to be able to use my own API key's for Google, Yahoo, etc in Access Control service, so that when the Identity Provider asks the user if it trust my app, it will ask about mydomain.com and not mydomain.accesscontrol.windows.net. It will also allow my app to lookup more information about the user. Please implement something closer to Janrain engage.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
    declined  ·  Anonymous responded

    The Azure Active Directory team has aligned its resources behind services in Azure Active Directory. This effort will eventually replace functionality available in ACS. The blog post – http://blogs.technet.com/b/ad/archive/2013/06/22/azure-active-directory-is-the-future-of-acs.aspx – provides a high-level overview of this transition. The ideas posted around ACS have been collected and passed to the team. We will close out ideas posted around ACS to return votes used on this topic. Please feel free to post additional ideas here, and/or email me directly – robert.faller@microsoft.com.
    The Azure Active Directory team greatly appreciates the feedback. We look forward to hearing from the community as much as possible. It is one of the essential ways we can continue to create and enhance our service offerings to meet your needs. Thank you.

  • Don't see your idea?

Feedback and Knowledge Base