Customizing Lobby

Part of Authio Lobby

Lobby customization splits into three buckets. Each bucket has a deeper concept page; this hub aggregates the entry points.

Custom domains

Point auth.your-domain.com at the Lobby hosted UI via DNS verification + automated ACME. RPID-per-origin pinning means each WebAuthn ceremony binds to the requesting origin — no cross-domain passkey leaks.

• Custom domains (concept)
• Custom domain setup wizard
• WebAuthn RPID for custom domains

Custom claims / JWT templates

Per-project static, JSON, or computed claims. Authio reserves a small set of claims (kind, roles, permissions, act_org); the reserved-claim guard prevents your custom layer from shadowing them.

• The dashboard editor lives at /settings/jwt-claims.
• Computed claims fire through the Actions pre_token_mint trigger when you need per-request data (Authorization product upsell).

Organization policies

Per-org policy engine — require SSO, require MFA, IP CIDR allowlist, geo allow/deny. Three-line policy in the dashboard; takes effect within 60 seconds across every auth-core replica.

• The dashboard editor is at /orgs/{org}/policy.
• API: PUT /v1/session/orgs/{org_id}/policy.

Organization branding (coming with P1-A)

Per-org logo + colors + email template overrides land with the parallel P1-A Branding editor worker — see Branding.