Active Directory

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Login hint for Saml based application

    Provide login_hint fordwarding for ws-saml protocol and from ws-saml to ws-fed protocal

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  2. Force select groups to forms authentication in ADFS

    Their exists a scenario with ADFS and SSO based apps (to include 365) where there is a common user logged into their PC but need to access their webmail. However it detect the user logged and and wants to leverage WIA. Current work around is to do a REGEX and push user agent string to those impacted PCs to not perform WIA and results in Forms Auth. However with Microsoft pushing Edge and Chromium going towards client hints, this bandaid is slowly loosing its adhesive.

    Ideally it would be nice to specify a group and force them to forms based…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  3. Build ADFS 2019 Plug-in to allow user authentication requiring Azure MFA to be bypassed when internet access is down

    My company uses O365, AD FS 2016 and Azure AD, recently our internet provider had repeated outages where the AD FS servers access to the internet was compromised. This was a unavoidable outage for users on our internal network but since O365 leveraged Azure MFA in a CA policy external users could not get to O365 resources because they could not do MFA at ADFS. I want to create a plugin that checks for access to Azure MFA if it fails it places a default hardcoded claim in the token package validating MFA but raising a RIsk factor whtich will…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  4. Change Get-ADFSAccountActivity to return all users in ADFS Activity database

    Change Get-ADFSAccountActivity to return all users in ADFS Activity database, like supporting a -All parameter. Then users can be searched using powershell of users that have triggered lockout or failed given amount of times. Currently users have to be retrieved one by one which is tedious at best

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  5. Specify primary authentication method per relying party

    Not being able to specify primary authentication method per relying party is something I run into all the time. Can you please fix this? More and more vendors support SAML-based authentication and ADFS but none of them have a way of requesting Certificate Authentication as a primary authentication method. I do not want to change this on a global level, because we have other relying parties which use WIA. I'm guessing you have everything you need for this already, please fix!

    34 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support User preferences for using MFA as primary authentication method

    Support other methods using MFA for Primary Authentication, based on what the user's preferences are (as setup in aka.ms/mfasetup)

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  7. ADFS + Azure SQL Managed Instances Supportability

    ADFS + Azure SQL Managed Instances Supportability

    Add supportability for extend AD FS in Azure using Azure SQL Managed Instance to host the database.

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  8. pay pal 25BSKLIM TOW KADDOURI CHOUAIB

    compte 0005859947 63 touggourt30002 algeria ccp

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add Alert before Token Signing and Token Decryption auto renewed

    My customer experienced several outage during ADFS Toke Signing and Token Decryption certificates automatically renewing. Thus , they really hope that Microsoft PG can add alert functionality , if AutoCertificateRollover is true , when those two certificates are issued automatically by system and before promoted to Primary Certificates , will send alerts

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  10. Have ADFS display 'last login' information when users log in using FBA

    When logging in through ADFS forms-based authentication, the user is only prompted to enter their credentials, they aren't given any way to know when the last time they did so was was. Many web sites offer this feature to allow a user to know when, from where, and from which device they last logged in to they can report any anomalies to the powers that be. ADFS should have such a feature.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow AD FS to fall back to Forms-based authentication if Windows Integrated Authentication fails

    Currently, if a browser-based user comes to the AD FS sign-in page, AD FS can only decide whether to use integrated authentication by looking at the browser's user agent string. However, t

    There are cases where not all users arriving at the AD FS sign-in page can perform a Kerberos login - they might be within the IP range of the "internal" part of AD FS (in a split-brain DNS configuration) but the client may not be domain joined for various reasons, for example wireless users using BYOD. For these users Kerberos fails and it falls back to NTLM/Basic auth…

    68 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  12. Saml <Subject> from AuthnRequest

    Allow rps to specify a saml <Subject>. When the rp knows the user adfs could then pre populate the username field on the login page.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  13. AD FS support for inline registration for Azure MFA

    Would improve user experience a lot if AD FS would support inline user provisioning for Azure MFA. This is so inconvenient that users should do this separately, and not in app.
    E.g. Microsoft Intune has this integrated in provision process.

    Also error message for this is not provisioned users is too general and not informative at all.

    More info in paragraph "Registering users for Azure MFA with AD FS 2016"
    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  14. ADFS and Claims Rule Language Reference

    we need a comprehensive syntax and semantics reference for Claims Rule Language. I know there are operators besides == ~= EXIST and such, which are not covered here. and this link is by far the most comprehensive which is available:
    http://social.technet.microsoft.com/wiki/contents/articles/4792.understanding-claim-rule-language-in-ad-fs-2-0-higher.aspx

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  15. AD FS should not require Domain Admin privileges

    Right now in Windows Server 2012 R2 you are required to run present Domain Admin credentials while installing. This is not an option when AD FS and AD DS are supported by separate teams - it exposes domain admin credentials to persons which are not allowed to know them.
    This was not a case for AD FS 2.0 - please remove the need of DA privileges to be entered at AD FS server.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  16. ADFS should support SQL Azure

    Please add support to use SQL Azure as DB. Would open up some easy HA scenario deployments for ADFS.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  17. join domain

    Add the setting of ACL for domain join to "New-ADComputer" cmdlet.

    In MMC it is possible to create an Computer AD Account and set "The following user or group can join this computer to a domain"

    Would be nice to have it in New-ADComputer

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  18. ADFS Custom Branding of "Password Changed" page

    It would be nice, if we cound put some custom text/links on the password change page that is shown to the users after they change their password.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  19. AD FS should support user consent options

    AD FS should support a user consent option besides the now provided admin consent only.
    We'd like to use AD FS as a Federation Service with external parties, which is possible for single external targets, but not for bigger federations like InCommon, SWITCH or similar, since an admin cannot decide, which attributes a user wants to release to an service provider. Especially not, when the users (as in our case) are students and employees.
    Other implementations of federatet authentication such as Shibboleth 3 or Thinktecture Identity Server 3 do support user consent. Online Authentication providers (Facebook, Live, Google, etc.) also…

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
  20. AD FS should support EntityDescriptor_s Metadata

    AD FS currently only supports single Entity Metadata files, which works well for local applications, but works not for federation with InCommon, SWITCH, DFN, etc.
    It would be good to see support for multi Entity Metadata files, to get a real interoperable product.

    19 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  ADFS  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base