Custom domains in B2C and B2B?

%3CLINGO-SUB%20id%3D%22lingo-sub-1482974%22%20slang%3D%22en-US%22%3ECustom%20domains%20in%20B2C%20and%20B2B%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1482974%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20it%20be%20possible%20to%20setup%20custom%20domains%20for%20B2C%20or%20even%20B2B%20in%20products%20Microsoft%20owns%20such%20as%20Azure%20Front%20Door%3F%20Functionality%20we%20have%20seen%20in%20other%20B2C%20configurations%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fpro.login.realmadrid.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fpro.login.realmadrid.com%2F%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Flogin.dsb.dk%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flogin.dsb.dk%2F%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Flogin.elkjop.no%2F14871260-b609-4d8e-bec5-faaeb66c1e19%2Foauth2%2Fv2.0%2Fauthorize%3Fp%3DB2C_1A_SignUp_Local_C%26amp%3Bclient_id%3D7e8a7d2e-fa84-410c-a90a-3b5679786bc8%26amp%3Bui_locales%3Dnb%26amp%3Bredirect_uri%3Dhttps%253A%252F%252Fwww.elkjop.no%252FINTERSHOP%252Fweb%252FWFS%252Fstore-elkjop-Site%252Fno_NO%252F-%252FNOK%252FCC_ViewAzureSSO-RegisterAzureCustomer%26amp%3Bresponse_mode%3Dform_post%26amp%3Bresponse_type%3Dcode%2Bid_token%26amp%3Bscope%3Dopenid%2Boffline_access%2Bhttps%253A%252F%252Felkjopb2c.onmicrosoft.com%252Fcustomers%252Fuser.data.read%2B%2Bhttps%253A%252F%252Felkjopb2c.onmicrosoft.com%252Fcustomers%252Fuser_impersonation%26amp%3Bnonce%3DBFmsGQWIY90AAAFy0PB_p.As%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Flogin.elkjop.no%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20already%20tried%20to%20configure%20Front%20Door%2C%20but%20run%20into%20some%20challenges%20with%20B2C.%26nbsp%3BWould%20love%20to%20also%20have%20the%20possibility%20to%20setup%20TLS%201.3%20(%222.0%E2%80%9D)%3B%20the%20front%20door%20to%20the%20safe%20azure%20harbor.%20Similar%20functionality%20we%20have%20shown%20with%20VPN%20and%20other%20products%2C%20where%20we%20route%20quickly%20to%20the%20nearest%20region%20and%20utilize%20the%20azure%20network%20backbone%20routing%20traffic%20internally%20to%20different%20azure%20clouds%20and%20regions.%20%26nbsp%3B%3CBR%20%2F%3EI%20assume%20we%20will%20also%20soon%20in%20Azure%20be%20able%20to%20set%20the%20default%20TLS%20version%20higher%20than%201.2%3B%20just%20as%20other%20cloud%20provider%20chooses%20to%20set%20the%20default%20version%20to%201.3.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EBest%20regards%3CBR%20%2F%3EMrSmith%3CBR%20%2F%3E%3CBR%20%2F%3EBTW%3A%20a%20lot%20of%20excellent%20stuff%20your%20identity%20team%20delivers%3B%20love%20that%20you%20bring%20in%20more%20of%20the%20B2C%20functionality%20into%20the%20main%20tenant%20(%20external%20identities%20in%20B2B)...%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1483992%22%20slang%3D%22en-US%22%3ERe%3A%20Custom%20domains%20in%20B2C%20and%20B2B%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1483992%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F207021%22%20target%3D%22_blank%22%3E%40Kjetil%20Smith%3C%2FA%3E%26nbsp%3BAzure%20AD%20B2C%20is%20a%20white-label%20solution%20so%20you%20should%20be%20able%20to%20create%20custom%20URLs.%26nbsp%3B%5B%23%24dp5%5D%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-b2c%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-b2c%2Foverview%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EWe%20are%20looking%20to%20bring%20additional%20custom%20branding%20options%20to%20Azure%20AD%20in%20the%20future.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Will it be possible to setup custom domains for B2C or even B2B in products Microsoft owns such as Azure Front Door? Functionality we have seen in other B2C configurations:

https://pro.login.realmadrid.com/
https://login.dsb.dk/
https://login.elkjop.no/

I have already tried to configure Front Door, but run into some challenges with B2C. Would love to also have the possibility to setup TLS 1.3 ("2.0”); the front door to the safe azure harbor. Similar functionality we have shown with VPN and other products, where we route quickly to the nearest region and utilize the azure network backbone routing traffic internally to different azure clouds and regions.  
I assume we will also soon in Azure be able to set the default TLS version higher than 1.2; just as other cloud provider chooses to set the default version to 1.3.

Best regards
MrSmith

BTW: a lot of excellent stuff your identity team delivers; love that you bring in more of the B2C functionality into the main tenant ( external identities in B2B)...





8 Replies

@Kjetil Smith Azure AD B2C is a white-label solution so you should be able to create custom URLs. https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview

We are looking to bring additional custom branding options to Azure AD in the future.

@Jeff_Bley 

 

> Azure AD B2C is a white-label solution so you should be able to create custom URLs.

 

You should be able to, but you can't. From the FAQ

  • Can I use my own URLs on my sign-up and sign-in pages that are served by Azure AD B2C? For instance, can I change the URL from contoso.b2clogin.com to login.contoso.com?

    Not currently. This feature is on our roadmap. Verifying your domain in the Domains tab in the Azure portal does not accomplish this goal. However, with b2clogin.com, we offer a neutral top level domain , and thus the external appearance can be implemented without the mention of Microsoft.

 

From this community post, it also seems like it's been "on the roadmap" for 4 years now.

 

This should be a deal-breaker for most big companies — when trying to educate customers about phishing attacks and the importance of making sure they're on the correct domain before entering sensitive details, to then have to say "oh, except for b2clogin.com, that one is OK" seems frankly bizarre.

 

Let alone that most companies don't advertise that they're using hosted Active Directory, so there's actually no mention of Microsoft or b2clogin.com on their site.

 

If an end-user does browse to www.b2clogin.com to try and validate who this is 3rd party entity and are they legitimate, rather than seeing anything to provide an explanation of what b2clogin.com is, they get redirected to https://login.microsoftonline.com/common/oauth2/authorize?redirect_uri=https://www.office.com — that is, prompted by a Microsoft branded login page & if they authenticate, presented with their Microsoft Office account!

@anotherdave thanks for the correction. You're right that publicly this is not available yet. However, I can tell you that this feature is in private preview and should reach public preview soon. I apologize for my mistake.

@Jeff_Bleycheers for coming back. That's good to know that the feature is expected to drop soon. Looking forward to seeing it rolled out.

@anotherdave  @Jeff_Bley 

 

I find this so bizarre that this is not a feature. This is a deal breaker for us as we need our users looking at the sign in page knowing it is coming from our domain.

 

This feels like a very basic feature and I see it's been 4 years in the pipeline. 

 

We'll probably move to Auth0 because of this.

@Jeff_Bley do you have any updates on this, yet? We are also very keen on having this feature enabled so we can offer a white labeled solution to our customers.

 

Currently we are getting feedback from some of our customers if the b2clogin.com is really genuine and is ours, which is great to see that some customers pay attention to the domain prior to entering their personal credentials.

 

Thanks in advance!

The capability to use a custom domain for your B2C tenant is now available in public preview
https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow

@Edward-Wu-1986 , 

Can we use Azure feedback instead of tech community?

https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15334317-customer-owned-... here info comes straight from  microsoft.

www.000webhost.com