Why This Matters Now
Managing multiple brands under a single umbrella is becoming increasingly complex. As companies expand their offerings, maintaining separate identity systems for each brand can lead to inefficiencies and inconsistent user experiences. The recent surge in multi-brand strategies has made it crucial for organizations to adopt streamlined identity management solutions. Auth0’s Multiple Custom Domains (MCD) feature addresses these challenges by providing a centralized, yet flexible, identity management system.
The Challenge of Multi-Brand Identity
Consider an education technology company that operates two distinct platforms: MyLearning, aimed at students and teachers, and Streamward, focused on corporate training and professional development. Each brand requires a unique user experience and branding, but maintaining separate identity systems for each can be cumbersome.
Scale Many Brands with One Tenant
One of the primary challenges is scaling multiple brands efficiently. Traditionally, each new brand would require setting up a new Auth0 tenant, leading to duplicated administrative overhead. With MCD, you can manage all brands from a single tenant, streamlining operations and reducing costs.
Branded URLs for Different Brands
Another critical issue is maintaining brand consistency during authentication flows. Users should never be redirected to a generic or incorrect URL, as this can erode trust. MCD ensures that users are always redirected to the branded domain corresponding to the application they intend to access.
Customize User Experience Across Brands
Each brand must have a unique user experience, from email templates to registration flows. MCD supports deep customization through features like dynamic email templates and domain-aware logic using Auth0 Actions.
Implementing MCD
Let’s dive into how to implement MCD using the example of MyLearning and Streamward.
Step 1: Set Up Your Auth0 Tenant
First, ensure you have an Enterprise plan, as MCD is only available on this tier. Then, navigate to the Auth0 Dashboard.
Step 2: Add and Verify Custom Domains
Inside the Auth0 Dashboard, go to the “Custom Domains” section. Here, you can add multiple fully-qualified domain names (FQDNs) for your brands. For example, you can add auth.my-learnings.net and auth.streamward.net.
📋 Quick Reference
- `auth.my-learnings.net` - MyLearning brand - `auth.streamward.net` - Streamward brandTo verify each domain, you need to set up a CNAME DNS record pointing to your tenant’s origin. This typically looks like:
auth.my-learnings.net. CNAME mytenant.auth0.com
auth.streamward.net. CNAME mytenant.auth0.com
Once verified, both domains will enter a “ready” state, allowing you to handle traffic for different business lines without duplicating administrative overhead.
Step 3: Ensure Branded URLs
With MCD, users are redirected to the branded URL corresponding to the application they intend to access. For example, a student logging into MyLearning will be redirected to auth.my-learnings.net, not a generic provider domain.
Step 4: Customize Email Templates
MCD allows you to customize email templates dynamically based on the domain. You can use the custom_domain.domain variable in Liquid Syntax within your email templates. For instance, the email template’s From Address can be set to:
support@{{ custom_domain.domain }}
This will dynamically resolve to [email protected] or [email protected], depending on the brand.
Step 5: Implement Dynamic Identity Flows with Actions
For more advanced customization, you can use Auth0 Actions and the event.custom_domain object to execute domain-aware logic. This allows you to tailor the identity flow based on the specific brand.
Here’s an example of how you might use an Action to customize the registration flow:
exports.onExecutePostLogin = async (event, api) => {
if (event.custom_domain.domain === 'auth.my-learnings.net') {
// Custom logic for MyLearning
api.idToken.setCustomClaim('brand', 'MyLearning');
} else if (event.custom_domain.domain === 'auth.streamward.net') {
// Custom logic for Streamward
api.idToken.setCustomClaim('brand', 'Streamward');
}
};
Key Takeaways
- Centralized Management: Manage multiple brands from a single Auth0 tenant, reducing administrative overhead.
- Branded URLs: Ensure users are always redirected to the correct branded domain during authentication.
- Dynamic Customization: Customize email templates and identity flows dynamically based on the brand.
Comparison Table
| Feature | MCD | Traditional Approach |
|---|---|---|
| Centralized Management | Single tenant for all brands | Separate tenants for each brand |
| Branded URLs | Users redirected to branded domains | Users redirected to generic domains |
| Customization | Dynamic email templates and Actions | Static email templates and limited customization |
Security Considerations
MCD enhances security by isolating sessions across distinct domains, preventing automatic cross-domain SSO propagation. While users share a single identity profile, they must sign in separately to each custom domain to establish a new application session.
Conclusion
Auth0 Multiple Custom Domains is a powerful feature that simplifies identity management for multi-brand enterprises. By centralizing management, ensuring branded URLs, and supporting dynamic customization, MCD enhances both security and user satisfaction. Implementing MCD can save you time and resources while providing a seamless and consistent user experience across your portfolio of brands.
