Same problem here: [Allow multiple custom domains for multitenant applications]
Fixed the problem, unorthodox and I think Auth0 should implement a solution for this problem.
Within Auth0, there is the option to use multiple organization login screens (organizations). This is only possible when you’re not using the Auth0 management API. Which we are using, and we aren’t able to allow multiple domains using Auth0 organizations. Therefore, the solution to create a SaaS product, with multiple subdomains, where companies can log in through their MS AAD tenant on their own subdomain is as follows:
-
I’ve created a multiple AAD tenant application.
-
I’ve created one Auth0 tenant per subdomain.
-
Every single Auth0 tenant will be connected to our own multiple AAD tenant application
-
Within every single Auth0 tenant, you can add rules (in the future actions), in here we can check if the user trying to log in has a matching tenant ID with the allowed tenant ID’s. If the user’s tenant ID is from a different company, it won’t be on our whitelist.The rules within the auth0 pipeline look like this for now.
// Auth0 pipeline rules
function (user, context, callback) {
var ownAADTenantID = 'lotsofnumbersandletters';
var companyAADTenantID = 'lotsofnumbersandletters';
//authorized Azure AD tenants.
var whitelist = [ ownAADTenantID, companyAADTenantID ];
var userHasAccess = whitelist.some(
function (tenantId) {
return tenantId === user.tenantid;
});
if (!userHasAccess) {
return callback(new UnauthorizedError('Access denied.'));
}
return callback(null, user, context);
}
The rules will be depreciated in November 2024, I hope Auth0 will have a solution to use the actions by then…
Honestly, the solution will be expensive in the end, Auth0 should really come up with a solution for supporting multiple subdomains.