Managing a unified, seamless user experience across a portfolio of brands can be a daunting task. For businesses operating multiple applications or services, maintaining separate identity systems for each brand is inefficient and often leads to inconsistent user journeys. This article will walk you through Auth0 Multiple Custom Domains (MCD) feature and how it simplifies identity management for multi-brand enterprises.
The Challenge of Multi-Brand Identity
Let's consider a common business scenario: an organization that manages multiple distinct brands or applications under one umbrella. For example, an education technology company might operate a platform for students and teachers and a separate service for corporate training and professional development.
This type of organization faces a clear set of priorities that are difficult to achieve with traditional identity solutions:
- Scale Many Brands with One Tenant: They need to efficiently manage and scale multiple brands from a single, centralized identity tenant, rather than creating a new one for each brand.
- Customize User Experience Across Brands: The user experience (UX) needs to be customized for each brand to feel unique and on-brand, while the underlying login process remains consistent.
- Branded URLs for Different Brands: Inconsistent domains during authentication flows — for example, a user trying to access one brand but being redirected to a generic identity provider domain for login — can confuse customers and erode brand trust.
These challenges are common across a range of multi-brand businesses. MCD helps resolve these by allowing a single Auth0 tenant to manage distinct custom domains for the different brands, unifying the user store while decoupling the presentation layer.
The Sample Application
Once you have a high-level understanding of the challenge without MCD, let’s see how to implement it for our example applications: MyLearning, a platform dedicated to students and teachers, and Streamward, a service designed for corporate training and professional development.
Implementing MCD begins in the Auth0 Dashboard. This process requires an Enterprise plan and domain ownership verification.
1. Scale many brands with one tenant
Introducing Centralized Domain Management. Instead of spinning up separate tenants for every new product launch, MCD allows you to manage the infrastructure for both brands in one place.
Inside the Auth0 Dashboard, you can add and verify multiple distinct fully-qualified domain names. For example, you can have auth.my-learnings.net and auth.streamward.net, all within a single tenant.
Verification is handled via simple CNAME DNS records that point each branded URL to your tenant’s origin. Once verified, both domains enter a "ready" state, allowing you to handle traffic for two completely different business lines without duplicating administrative overhead.
2. Branded URLs for different brands
The second priority is ensuring users never lose trust by seeing a generic or incorrect URL during login. MCD ensures the consistent authentication endpoints where the browser address bar always matches the application the user intends to visit.
When a student logs into MyLearning, they are redirected to auth.my-learnings.net, not a generic provider domain. Because both domains point to the same underlying Auth0 tenant, user authentication and data are centralized and shared, but the Universal Login page is dynamically branded based on the request's hostname.
While a user navigating to a login page is redirected to their brand's URL, each custom domain represents a separate security context and requires its own Access Token and session. Therefore, while the user profile is shared, users must sign in separately to each custom domain to establish a new application session. This design ensures your users are secure by isolating sessions across distinct domains, preventing automatic cross-domain Single sign-on (SSO) propagation while still allowing users to benefit from a single, shared identity profile and dynamic branding upon every login.
3. Customize user experience across brands
Finally, the user experience, from emails to registration flows, must feel unique to the specific brand (B2C vs. B2B). MCD enables this deep customization through two key features:
Customizing Email Templates
MCD enables branded communications for security-sensitive flows like password resets. This is through the new custom_domain.domain variable that is exposed via Liquid Syntax within your email templates. For instance, the email template's From Address can be set to support@{{ custom_domain.domain }}, dynamically resolving to the correct branded domain.
Dynamic Identity Flows with Actions
For deeper logic, Auth0 Actions and the enriched event.custom_domain object allows you to execute domain-aware logic. With EA enhancements, you gain access to structured attributes like event.custom_domain.domain (which provides the hostname) and event.custom_domain.metadata (which includes custom data configured for that domain), allowing for more reliable and data-driven conditional logic than relying on the raw request headers.
Use Case: Progressive Profiling Based on Brand Type
We can enforce different data collection requirements for B2B vs. B2C users.
The following Post-Login Action dynamically renders a form to collect additional data (like a company name) only when the user is logging in through a specific B2B domain (for example, store.com):
exports.onExecutePostLogin = async (event, api) => { const domain = event.custom_domain.domain; // Check if the domain is a known restricted/allowed domain if (domain && allowed_domains.includes(domain)) { // Logic for allowed domains } // Check if the user is logging in via the specific B2B domain ('store.com') if (domain === 'store.com') { // Render the Progressive Profiling form return api.prompt.render('PROGRESSIVE_PROFILING'); } // Other domains proceed with standard login };
This ensures that the identity flow itself is tailored to the business segment associated with the custom domain, allowing for efficient, domain-specific onboarding without needing multiple tenants.
Personalize Every Login with MCD
MCD is a powerful tool for large enterprises. It helps simplify identity management by centralizing user data and configuration in a single tenant, while allowing for branding and dynamic user experience tailoring across an entire portfolio of applications and services. By utilizing MCD with Actions, you can gain access to fine-grained control that will help deliver both security and a truly seamless, branded experience at scale.
Want to learn more? Read the Multiple Custom Domains (MCD) documentation and Multiple Custom Domains Best Practices.
About the author
Meina Liu
Technical Product Marketing Manager Intern