ToddElliott What you're describing is a common limitation and something that could use some more definitive explanation in documentation. You could give what is described here a shot: https://docs.microsoft.com/en-us/azure/application-gateway/troubleshoot-app-service-redirection-app-service-url#solution-rewrite-the-location-header. Basically there are two aspects, the URL coming inbound to the auth logic, and then the post-auth redirection that the auth logic decides for where to send you. You have control over the URL that arrives inbound to the auth logic (persist the original, overwrite Host, rewrite Location, etc), but little control over how the built-in auth logic redirection works. The short of it is that you could try adding the same custom domain to 2 Web Apps by hosting them in different datacenter sub-unit by creating them in different ASPs in different Resource Groups. Otherwise you may need to explore some reconfiguration of Host/Location header behavior. I have not built this one out myself but will try to take some time to do so and see what the best option is, maybe these thoughts will be useful for others.