Single Identity Provider: Branding

Branding collateral associated with an organization is extremely valuable because using brand collateral provides users with an environment that they know and trust. Using recognized brand collateral also increases user confidence that the information they provide (for example, credentials) will be handled safely and securely. In our architecture scenarios, we provide general guidance on a number of B2B Branding topics, which we recommend reviewing alongside the guidance provided here.

Branding a multi-organization environment can be more complex than in a standard environment where you only have to deal with one set of brand collateral. Auth0 Organizations, however, leverages the Universal Login experience, which provides a number of page templates to help simplify brand customization. Auth0 Organization configuration itself also allows you to select basic color scheme branding.

When using a Database or Custom Database Connection, the Login page is used to obtain first-factor credentials for a user. You can configure the Login page using a set of template variables available to assist with per-organization customization.

Similar to the Login page, the Password Reset page can be configured in scenarios that use a Database or Custom Database Connection. For scenarios involving an Enterprise Connection or a Social Connection, password changes are handled external to Auth0 by the upstream Identity Provider (IdP), so an Auth0 Password Reset page is never displayed.

Multi-Factor Authentication (MFA) in Auth0 is supported for all methods used to obtain first-factor credentials for a user (i.e., Database or Custom Database Connection, Enterprise Connection, or Social Connection). If you're using MFA, then you will likely want to brand the Universal Login experience pages associated with MFA, which can be done similarly to Login page branding.

As with Universal Login page templates, a set of email template variables are available to assist with per-organization email customization. The email templates that need to be customized will vary depending on how users are authenticated (in other words, via Database or Custom Database Connection, Enterprise Connection, or Social Connection). To learn more about email template customization when using the Auth0 Organizations feature, see Create Your First Organization: Email Templates.

The Auth0 Organizations feature supports only one Custom Domain, which is defined at the Auth0 Tenant level. Therefore, we recommend that you use a Custom Domain Name that is organization agnostic. If you absolutely must implement per-organization domain naming, then multiple Auth0 Tenants will need to be deployed to production. Because using multiple tenants has ramifications that affect Single Sign-On (SSO), user profile management, and so on, you should carefully consider before going down this route.