Manage organization signup and login branding
You can manage the brand name and logo the users of an organization see on the signup and login pages within the Identity Cloud Management console.
With Identity Cloud you can choose between the following branding setups:
- The branding settings defined under Signup /Login area of the Management console (referred to as default settings going forward), that apply globally to all users who are not assigned to an organization.
- The settings defined specific to organizations, such as brand name and logo. These apply only to the specific organization they are set for and can override the default settings for the users of the organization.
The details of how you can configure the signup and login flows of an organization to your needs can be found in our concept document
Applying the organization specific branding
There are two methods in the Identity Cloud signup and login flows that help identify if an organization's settings should be applied to a user.
Detecting the email domain
After you enter your preferences in the Management console, we use the email domain to make sure the users who sign up go through the flows you defined for them in your settings. The email domain means the part of the user's email that follows the @ sign, e.g. greg.b.@fictitiousgarding.com
A user lands on the signup pages that at first show the default branding settings, the default brand name and default logo. After they enter their email we can identify if the domain in the email of the user matches the domain of an organization. If yes, we apply the settings you made for that specific organization, we display the organization specific brand name and logo.
Detecting the organization identifier
You can make sure that the users of a specific organization fully skip the default branding on the signup and login pages, and only see the organization specific branding.
You can do this by specifying the organization identifier in the OAuth 2.0 Authorization Endpoint or SAML SSO Service Endpoint in the client application’s requests.
With this setup, when a user opens the signup or login link to the application, we detect that the application has organization specific settings tied to it and we apply them automatically. The brand name and logo defined for the organization you specified using the organization identifier appear for the users landing on the pages right from the start.
Use cases
New user signup
When a user attempts to sign up, after entering their email address we try to match the domain of the user's email to the domain of an organization.
- If we find a matching organization, then we adjust the signup page to show the name and logo of the organization.
- If we do not find a matching organization, we show the branding according to the default settings defined under Signup /Login.
Existing user login
When a user who already has their account attempts to log in, we check if the user is already assigned to an organization.
- If we find that the user is assigned to an organization, we adjust the login page to show the name and logo of the organization.
- If the user is not assigned to an organization, we show the branding according to the default settings defined under Signup /Login.
Organization hint is set up
With the organization ID in the request URL as a query parameter, we can apply organization specific branding without first identifying the user.
- If the request URL indicates the ID of an existing organization, we adjust the page to show the name and logo of the organization.
- If the request URL does not indicate the ID of an existing organization, we show the branding according to the default settings.
The following is a snippet of an example request containing the organization hint as query parameter in an OAuth 2.0/OIDC request:
https://${instanceId}.id.nevis.cloud/auth/oauth2/authorize?organizationId=$organizationId
The following is a snippet of an example request containing the organization hint as query parameter in a SAML request
https://${instanceId}.id.nevis.cloud/auth/saml/sso?organizationId=$organizationId