4 mins read

Branding Cloudentity

Cloudentity enables organizations to brand web pages and messages in order to display a united image of your brand to your developers, users, partners, and more. Additionally, paid customers can leverage custom (vanity) domains to expose their tenants under a different URL.

UI Customization and Branding in Cloudentity

Cloudentity enables you to configure the look and feel of the Cloudentity platform components such as login pages, consent pages, user portals, and more.

As an Cloudentity administrator, you get a dedicated view where you can set up specific graphical items or create Themes and see the instant demo of the input you provide as the UI settings.

There are 2 ways of branding the web pages and messages in Cloudentity:

Appearance Editor Custom Themes Editor
Appearance Editor Custom Themes Editor
Edit logos, fonts, colors for Web Pages: Login Pages, Consent Pages, MFA pages, Error Pages, User Portal, and Developer Portal Edit the HTML code of all Cloudentity components – both Web Pages and Messages (Email and Text)
In a workspace, you can configure the appearance of co Found in Tenant Settings
Tenant Wide A theme can be applied to multiple workspaces

Branding Using Themes

With Themes, you can modify any web page and message template to match your needs. Any content can be modified. You can modify, for example, the login page, consent page, email sent to users asking for account activation, and more.

You can create Theme without applying it into any workspace first and play around with it. You will see in the Preview screen how it would look like in action. Once you feel you have all you need to can create test workspace and apply the Theme to it and test it live. Once you verify all is working fine, it’s time to assign the Theme to your production workspace. Once you want to make a change to such Theme just duplicate it on UI, test it, and apply new version to your workspaces.

With Themes you can achieve the following advantages:

  • Completely style the page branding so that it matches the rest of your website that Cloudentity provides identity capabilities for.

  • Include the correct privacy statements for all customers.

  • Apply individual styling for all customers and de-couple it from Cloudentity’s own branding.

  • Change email and text messages to match your branding

Themes consumed by Cloudentity are Golang-based HTML templates, so you’re going to need an understanding of this technology in order to modify them. The Cloudentity theme is a system theme and cannot be changed. When ready, themes can be bound to one or many workspaces.

There are two main sections of Themes to customize:

Custom (Vanity) Domains

Organizations can forward the users from a custom (vanity) domain to the original Cloudentity domain. With Cloudentity, you can expose your tenant on a custom domain that is, for example, easier to remember, simplified, or is set to follow your branding.

For example, a company called ACME wants to expose their Cloudentity tenant under a different domain. So far, the employees could access it under the domain. To simplify the domain, the ACME company decides to expose their tenant under a custom (vanity) domain called

There are two ways of configuring vanity domains:

  • Vanity domain behind a customer-managed web application firewall (WAF) / content delivery network (CDN) / proxy.

  • Vanity domain directly served by Cloudentity

Feature availability

If your organization wants to use custom domains, contact Cloudentity Sales Team.

Vanity Domain Traffic Flow

flowchart LR vd[Custom Domain] vp[Vanity Proxy] ve[Cloudentity Vanity Endpoint] cl[Cloudentity] vd-- points to -->vp vp-- redirects traffic -->ve ve-- points to -->cl

Custom Domains with WAF / CDN / Custom proxy

In this setup, customer has an existing WAF or similar solution that acts as a reverse proxy. WAF is responsible for handling the TLS certificate. Configure WAF/CDN/Custom Proxy.

sequenceDiagram participant Client participant WAF participant ACP as Cloudentity (Custom Ingress) Client ->> WAF: Call API activate WAF WAF -->> WAF: Inject x-acp-domain-key header opt WAF -->> WAF: Inject client TLS cert in a header end WAF ->> ACP: Call Cloudentity deactivate WAF activate ACP ACP -->> ACP: Validate x-acp-domain-key header opt ACP -->> ACP: Validate the WAF IP end ACP -->> WAF: Respond deactivate ACP WAF -->> Client: Respond

Direct Custom Domain Setup with Cloudentity

In this setup, Cloudentity serves the vanity domain directly. Used by organizations which do not have a proxy infrastructure (vanity proxy) and own only a company domain through any DNS registrar. Traffic translation from a vanity domain to a tenant domain is handled on the Cloudentity infrastructure.

sequenceDiagram participant Client participant Ingress as Cloudentity Custom Ingress Client ->> Ingress: Call API Ingress -->> Client: Present TLS cert matching vanity domain opt Ingress -->> Ingress: Inject client TLS certificate end Ingress -->> ACP: Call API ACP -->> Ingress: Respond Ingress -->> Client: Respond

In the direct setup, there is a custom Ingress specifically created for the vanity domain. To make this work with vanity domains, you have to set up a CNAME record pointing to Cloudentity’s custom ingress. Learn more.

Updated: Jun 21, 2023