Extended tenant ID-dependent customization of the Loginapp UI

The TENANT_ID is an attribute in the REST API. It provides styling and customization depending on the client's ID or the URL used to access Airlock IAM.

In setups with OAuth or OIDC, the TENANT_ID attribute can be configured to contain the client_id. In SAML setups, it can be configured to contain the entityID.

Configuration of tenant ID

The TENANT_ID is configured in the Loginapp UI.

Go to:
Loginapp >> UI Settings
In property UI Tenant ID Rules, create and edit one or more plugins. You can choose from several types of plugins. For an overview, see the table below.
Note that these plugins are processed in order. The first match sets the TENANT_ID.

Plugin	Purpose
OAuth 2.0 Client ID Pattern UI Tenant ID Rule	The OAuth `client_id` is matched against a regex pattern. If the pattern matches, the `TENANT_ID` is set to the configured string. This applies only to authorization code grant/flow.
OAuth 2.0 Client ID UI Tenant ID Rule	If an OAuth `client_id` is present, this rule matches. The `TENANT_ID` is set to the `client_id`. This applies only to authorization code grant/flow.
Request URL Pattern UI Tenant ID Rule	The request URL is matched against a regex pattern. If the pattern matches, the `TENANT_ID` is set to the configured string.
SAML 2.0 SP Entity ID Pattern UI Tenant ID Rule	The SAML `entityID` is matched against a regex pattern. If the pattern matches, the `TENANT_ID` is set to the configured string. This applies only to SP-initiated SAML requests.
SAML 2.0 SP Entity ID UI Tenant ID Rule	If a SAML `entityID` is present, this rule matches. The `TENANT_ID` is set to the `entityID`. This applies only to SP-initiated SAML requests.

Notice

The Request URL Pattern UI Tenant ID Rule will match the URL of the first request made to the IAM backend to start the flow. It will not match the URL entered into the end-client browser.

If no plugin matches, the TENANT_ID remains unset.

Using the tenant ID with the Loginapp Design Kit

Naming of the tenant ID attribute:

For customization with the Loginapp Design Kit, the attribute is named TENANT_ID.
For customization in Javascript, the attribute is named uiTenantId.

To use the Loginapp Design Kit with different tenant IDs, add the entry config.uiTenantId = 'myTenant' in the custom.sdk.config.js file.

OAuth use case

A typical use case scenario for OAuth is:

Several tenants use the same authorization server.
Each tenant provides its users with a mobile app or a web application.
Mobile and web applications are registered as clients in the IAM authorization server with their own client IDs.
During the authorization code flow, IAM identifies the clients with their client ID and supplies this information as TENANT_ID to the Loginapp UI.
The Loginapp UI applies styling and customization depending on the TENANT_ID, FLOW_ID, and STEP_ID.

Further information and links

Internal links:

Fine-grained customization using tenant ID, flow ID, and/or step ID provides information on how customizations are applied depending on the tenant, flow, or step ID.
Advanced HTML customization demonstrates how uiTenantId is used in Javascript for customizations.
Customization with Resource Sets provides information on how multiple bundles of customizations can be used with a single instance of Airlock IAM.
General information about Airlock IAM flows provides general information about flows and about starting flows in particular.