Mask Azure B2C Authentication URL with Custom Domain

Hrushikesh Yalavarthi 5 Reputation points
2025-01-17T08:29:41.6733333+00:00

Hello everyone,

We are currently using Azure B2C authentication for our application. When the app redirects users for authentication, it hits the default Azure B2C URL:

https://xxxdevtestb2c.b2clogin.com/xxxdevtestb2c.onmicrosoft.com/b2c_1_xxx_sign_in_dev

Our goal is to mask this default URL with our custom domain, so that users see a more branded and professional URL during the authentication process.

For example, instead of the default b2clogin.com domain, we want it to redirect to a URL like:

https://login.example.com/b2c_1_xxx_sign_in_dev

We have already added the custom domain to our Azure B2C tenant, but we're looking for guidance on configuring Azure B2C to use this custom domain for authentication URLs. Any best practices, solutions, or steps to achieve this would be greatly appreciated!

Thank you in advance for your help!

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,257 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,147 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Goutam Pratti 1,565 Reputation points Microsoft Vendor
    2025-01-20T21:20:25.66+00:00

    Hello @Hrushikesh Yalavarthi ,

    Thank you for reaching out Microsoft Q&A.

    I understand you want to Mask Azure B2C Authentication URL with Custom Domain.
    You can enable custom domains for Azure AD B2C by using Azure Front Door.

    When using custom domains, consider the following:

    • You can set up multiple custom domains. For the maximum number of supported custom domains, see Microsoft Entra service limits and restrictions for Azure AD B2C and Azure subscription and service limits, quotas, and constraints for Azure Front Door.
    • Azure Front Door is a separate Azure service, so extra charges will be incurred. For more information, see Front Door pricing.
    • If you've multiple applications, migrate all of them to the custom domain because the browser stores the Azure AD B2C session under the domain name currently being used.
    • After you configure custom domains, users will still be able to access the Azure AD B2C default domain name <tenant-name>.b2clogin.com. You need to block access to the default domain so that attackers can't use it to access your apps or run distributed denial-of-service (DDoS) attacks. Submit a support ticket to request for the blocking of access to the default domain.

    Additionally, as of now, there is no way to update the "Run endpoint" with custom domain. Only way to get the custom domain in your endpoint is to manually update.

    NOTE: Don't request blocking of the default domain until your custom domain works properly.

    For additional information and steps follow the documentation: https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-custom-policy#:%7E:text=During%20DNS%20resolution%2C%20a%20canonical%20name%20(CNAME)%20record%20with%20a%20custom%20domain%20name%20points%20to%20your%20Front%20Door%20default%20front%2Dend%20host%20(for%20example%2C%20contoso%2Dfrontend.azurefd.net).

    Hope this helps. Do let us know if you any further queries.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.Regards,
    Goutam Pratti.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.