Domain
Under the Signup/Login > Branding / Domain section of your Management consol you can define the Domain to which your users are redirected for signup and login. Read on to learn how to request a custom domain.
Custom domains
By default, Identity Cloud uses a domain depending on your instance ID in all URLs, for example, yourinstance.id.nevis.cloud.
You can configure your own custom domain for the Identity Cloud signup and login flows upon request. With a custom domain, your users see a URL that displays your brand, for example, login.yourcompany.com.
With a custom domain, your users are not redirected to a third-party URL outside your branding context during signup and login. They experience your branded URL within the complete authentication process and can be confident to enter their information and credentials to only your application.
Read more about how configuring a custom domain affects authentication-related endpoints and the issuer of Identity Cloud.
Configure custom domains
To configure a custom domain for your Identity Cloud instance:
- Go to Signup/Login > Branding.
- In the section Domain, click form.
- In the dialog, click Open form and fill out the form by providing the required inputs.
We get back to you for further inquiries or once your custom domain is set up for your Identity Cloud instance.
CNAME DNS
To set up your own Custom domain for your Identity Cloud instance you need access to your domain's DNS.
To allow Identity Cloud to be reached over your custom domain, you need to add some CNAME DNS records.
- CNAME
login.yourcompany.compointing to the aliasyourinstance.id.nevis.cloud. - CNAME
_acme-challenge.login.yourcompany.compointing to the aliasacme-fwd.yourinstance.id.nevis.cloud.
Changes to endpoints
Setting up your custom domain changes all authentication-related endpoints and the issuer of Identity Cloud.
- You might have to adjust the OAuth 2.0 / OIDC or SAML endpoints used by your applications.
- You might have to adjust the SAML SSO URL used by your integrations.
- You might have to adjust the Redirect URIs configured in social identity providers.
- You might have to adjust the expected Identity Cloud Issuer if you validate it in your applications.
Changes to passkeys
Setting up your custom domain changes the origin for the passkey authentication method. Existing passkeys become invalid and users need to register new passkeys for your custom domain. For more information, see Passkey.
Custom domain endpoints
Identity Cloud supports your custom domain on all authentication-related endpoints. The examples in this chapter assume login.yourcompany.com as your custom domain.
The Identity Cloud API Endpoint is not affected by a configured custom domain and remains unchanged.
OAuth 2.0 / OIDC applications
| Endpoint | Custom domain endpoint |
|---|---|
| Authorization endpoint | https://login.yourcompany.com/auth/oauth2/authorize |
| Token endpoint | https://login.yourcompany.com/auth/oauth2/token |
| Token introspection endpoint | https://login.yourcompany.com/auth/oauth2/introspect |
| User info endpoint | https://login.yourcompany.com/auth/oidc/userinfo |
| JWK set endpoint | https://login.yourcompany.com/.well-known/jwks.json |
SAML applications
| Endpoint | Custom domain endpoint |
|---|---|
| SSO service URL | https://login.yourcompany.com/auth/saml/sso |
| Metadata service URL | https://login.yourcompany.com/auth/saml/metadata |
Integrations
| Endpoint | Custom domain endpoint |
|---|---|
| SAML SSO URL | https://login.yourcompany.com/auth/saml/sso |
Social login
| Endpoint | Custom domain endpoint |
|---|---|
| Google Redirect URI | https://login.yourcompany.com/oidc/google/ |
| Facebook Redirect URI | https://login.yourcompany.com/oauth2/facebook/ |
| Apple Website URL | https://login.yourcompany.com/oidc/apple/ |
| Microsoft Redirect URI | https://login.yourcompany.com/oidc/microsoft/ |
Custom domain issuer
Your custom domain is reflected in the Identity Cloud issuer. The examples in this chapter assume login.yourcompany.com as your custom domain.
| Issuer | Custom domain issuer |
|---|---|
| OAuth 2.0 / OIDC Identity Cloud issuer | https://login.yourcompany.com |
| SAML Identity Cloud issuer | https://login.yourcompany.com |
Custom domain certificates
Identity Cloud manages the certificates for your custom domain. The certificates are generated on Identity Cloud and renewed automatically every three months.