We are working to support SP-initiated SSO as well. However, we don’t have timing on when it would available to customers.
Thank you for your interest in SAML support. As some of you may know, we already support IDP-initiated SSO with SAML using Custom Policies (https://docs.microsoft.com/en-us/azure/active-directory-b2c/saml-technical-profile). We are working to support SP-initiated SSO as well. However, we don't have timing on when it would available to customers.
We plan to start work on this in the next 6 months. Please note we don’t have timing on when it would be available for customers.
Thank you for your interest in Azure AD B2C in Australia. I am excited to inform that we are planning to have data residency in Australia. We plan to start work on this in the next 6 months. Please note we don't have timing on when it would be available for customers.
28 votes9 comments · Azure Active Directory Application Requests » Single Sign-On · Flag idea as inappropriate… · Admin →
This app is published in the gallery. You can find the details at https://azuremarketplace.microsoft.com/marketplace/apps/cisco.meraki-vmx?tab=Overview
Currently, we are not aware of any plans from Windows Server for this capability. We’ll continue to work with Windows Server to revisit this in the near future
Dan - the capability you are referring to is already available. We call it Hybrid AAD Join. You'll need to deploy AAD Connect and enable sync between your AD and AAD to get to that state. Please refer to our documentation on Hybrid AAD Join for that
We’re continuing to investigate options for adding this support. There are technical challenges to overcome in order to make this happen. We thank you for all your valuable comments so far, and welcome any additional feedback you have on what are the most important use cases involved with these scenarios.
It sounds like there is a difference in the way the tenants are set up. In one, the toggle for "Users can consent to apps accessing company data on their behalf" is likely set to no, meaning that no end user can consent to any 3rd party app. To allow users to consent, this toggle should be set to yes.
Hope that helps!
http:// and https:// schemes are not supported in custom redirect URIs for native apps. If you would like to use those schemes, you should add a web platform.
Hope that helps!
We would like more specifics on this scenario. How would you user to self identify for MFA?
This is possible through custom policies (see documentation below). We are planning to bring it into built-in policies within the next 6 months.
2 votes1 comment · Azure Active Directory » Multi-factor Authentication · Flag idea as inappropriate… · Admin →
Azure AD Application Proxy doesn't perform any separate authentication - the preauthentication will be determined by what you have configured and what is available through AAD. Moving this to the MFA team to consider.
Currently, you can use “App Registration” blade in the Azure Portal (outside of the Azure AD B2C blades) to register an apps that define application permission and the register apps that use client credentials to request these. The caveat is that this is done using the same mechanism that you’d use in regular Azure AD.
Ideally we’d have a first class experience for this in the Azure AD B2C blades or at least have an Azure doc that walks you through the experience I just summarized, so I’m leaving this feature ask open.
It would be great if you guys can add comments with your feedback. What scenarios areyou trying to achieve? Does the approach above help you achieve what you want to achieve? Does the experience to do so work for you guys and if not, what would you like to see?
@Eric Jutrzenka, please open an issue in the Git sample (https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet/issues) so that we can help you there. Most likely you are hitting the wrong endpoint. You should using https://login.microsoftonline.com/<tenantId>/oauth2/authorize (without v2.0).
Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.
We're still in early enough stages that we can't provide anything more concrete than our target of summer 2017. We'll narrow this down as we get a better sense on the date around this.
First iteration won't include an API surface for configuring this, only through the portal.
The first iteration will also have a limit as to how many custom domains are allowed per tenant (looking at somewhere between 1 and 5 )
Can you elaborate on your scenario? Why do you want to link your B2C Facebook identity provider using the same Facebook client ID and secret as your IOS/Android apps?
Can you email us at AADB2C@microsoft.com. We would like to understand your scenario more specifically and why you need to have an individual Facebook app for each of your platforms.
1 vote1 comment · Azure Active Directory Application Requests » Single Sign-On · Flag idea as inappropriate… · Admin →
If you're the app developer and want to support SSO with Azure AD. Please go to this article to get more information: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-protocols
Azure AD supports SAML 2.0, OpenID connect, WS-Fed and OAuth 2.0. If you haven't implemented any of the protocols I'd suggest to take a look at the OpenID connect libraries we provide to developers.
If you're an IT pro and want to request an app to be integrated in AAD gallery: in addition to this post, please fill out this form: http://aka.ms/aadappsurvey
Alan, if I understand correctly, you are saying you cannot see the converged apps you registered on apps.dev.microsoft.com in the Azure Portal. Converged apps cannot currently be managed in the Azure Portal, even though they are registered in the Azure AD tenant listed in the message. If you would like to manage converged apps in the Azure Portal, please post that as an idea/suggestion or vote for it once the post exists.
We are in the process of planning this feature and hope to have a preview available by the end of november. In the meantime, could you please respond to firstname.lastname@example.org with your responses to the following questions:
- If you had a “password change” policy, what kind of information would you like to get back once the policy has been executed?
- Would you prefer to have a policy that forces you to sign in first, and then asks you to change the password, or one that let’s you do it all on the same page?
- Would you want an email to get sent out to the user whenever the password is changed?
Thank you for the feedback guys, keep it coming.
We've got enough information to get a better sense on the ask. This will remain unplanned at least for this half of the year. We'll provide an update as we come out of our next planning cycle in the middle of this year.
Bill, no plans in the immediate future for this. We're currently prioritizing other items that have higher demand.
Thanks for the feedback! We are investigating.
Could you please provide some additional information? You can follow these steps:
1. Open the site in the browser of your choice
2. Go through the process to create an app
3. Wait until it fails and you see the error message
4. Open your browser’s development tools
5. Click on the console tab
6. Get the value for $config.correlationId and localStorage.ai_session
57 votes8 comments · Azure Active Directory Application Requests » User Provisioning · Flag idea as inappropriate… · Admin →AdminAzure AD Team (Software Engineer, Microsoft Azure) supported this idea ·
3 votes3 comments · Azure Active Directory Application Requests » Single Sign-On · Flag idea as inappropriate… · Admin →
Thanks Michael for the update. Please feel free to reach out to us when the ISV is ready for SSO
Thanks for your suggestion. Be aware that we may need to contact you to proceed with the app request.