Can I have multiple customised login pages with Azure B2C and Azure Active Directory based on criteria other than internationalisation?

1
votes

I am running a Dot Net web application on App Service in an Azure subscription.

My application uses Azure B2C with an Azure Active Directory for user authentication.

Users are redirected from my application's base URL to the B2C login page, which has been customised to show the company logo.

Now, I'll need to point a second domain to the same application, and when users hit the application through that domain, I will need the login page to display a completely different logo. The choice of the logo is not based on language or location. It is purely based on the domain the user used to get to the application in the first place.

I see the Branding option is at the AD level, not at the B2C level. Therefore, all B2C applications registered under the same AD will be sharing the same login page.

AD only seems to allow me to create additional login page customisations based on language/region pairs.

Is there any way I can have multiple customised login pages using the same AD?

I would be willing to register multiple B2C applications and redirect users to the login page with different application Ids if necessary. I could change my code to identify the domain the user used to get to the application and then use the correct Id, but I couldn't find a way to have different login page customisations for different B2C applications under the same AD.

2
azure-active-directoryazure-ad-b2c

2 Answers

1
votes

Following on from the previous answer by @Sunny, you can select the custom page UI based on any of the authentication request parameters, using a custom policy.

Example 1: Select on the standard "client_id" parameter

This following content definition loads the custom page UI where the client_id parameter is part of the URL path to the page resource:

<ContentDefinition Id="api.signuporsignin">
  <LoadUri>https://somewhere.com/{OIDC:ClientId}/signuporsignin.html</LoadUri>
</ContentDefinition>

Example 2: Select on a non-standard "brand" parameter

This following content definition loads the custom page UI where the brand parameter is part of the URL path to the page resource:

<ContentDefinition Id="api.signuporsignin">
  <LoadUri>https://somewhere.com/{OAUTH-KV:brand}/signuporsignin.html</LoadUri>
</ContentDefinition>

The main advantage of including parameters as parts of the URL paths to the page resources is that these page resources can be deployed to a storage service, such as Amazon S3 or Azure Storage, where this storage service doesn't support a query string parameter that is described by the "Step 8: Add dynamic content" section in the "Azure Active Directory B2C: Configure the UI with dynamic content by using custom policies" document.

0
votes

The Azure AD B2C tenant represents a collection of identities to be used with relying party applications, it can use Customize UI dynamically to configure the identity provider selection page for sign in or sign up, but what you want to configure is just for the different Azure AD tenant, all of them are considered as one same kind identity provider in the Azure AD B2C,it cannot make this like the Company Branding in Azure AD.