Custom login page for Azure Active Directory

Question

I'm working on an application that uses Azure AD as an identity provider. It works well, but the login experience is jarring when the user is taken from my application to the https://login.microsoftonline.com Azure hosted login page. In addition to losing all application branding, the user is unlikely to know that the tenant domain suffix must be appended to their username when entering credentials (e.g. bob becomes [email protected]). Is there any way of hosting a login page for Azure AD within my own application?

Answer 1

Custom company branding is now available with Azure Active Directory Basic and Premium editions. You can customize some of the experience, with some text, images and logos.

• Azure Active Directory Editions
• Add company branding to your Sign In and Access Panel pages

Answer 2

No. You cannot either host login page, nor customize the login page of Azure AD.

The only login page that you can change/host/customize is the one of the Access Control Service. And this is because ACS acts as Federation Provider, not as Identity Provider. And this is for security reasons.

What you may try is explore the OAuth 2.0 Resource's Owner Password Flow with AAD. However I never advise clients doing so for Web Applications.

If you are going to use AAD as a one-and-only-one Identity Provider for your web application. And you will be managing all the sign-up, password expiry, password reset, etc. flows with AAD. And you want a total customization of the login page - I will suggest that you take a look at the Identity Server. Use management in this product is probably easier, and you can customize login page. And you will maintain the service.