Exposing SecureAuth Through Custom Domain
Expose SecureAuth through a custom domain behind a customer-managed web application firewall (WAF), content deliver network (CDN), or custom proxy.
Note
Before you start setting up custom domains, reach out to SecureAuth support and choose one of the below solutions:
Configure WAF/CDN/Custom Proxy
Want to use Custom Domains?
If you want to use custom domains, contact SecureAuth Sales Team.
You can learn more about the topic by reading the Custom Domains Overview.
Set up proxy for the SecureAuth vanity domains endpoint.
proxy_pass https://<VANITY_DOMAIN_ID>.vanity.<REGION>.authz.cloudentity.io;
Add the following HTTP headers to your proxied requests:
X-Acp-Domain-Key: <VANITY_DOMAIN_KEY>X-Forwarded-For- this header contains a comma-separated list of IP addresses of all proxies between the end user and SecureAuth (including the end user’s IP address).True-Client-IP- this header contains the real IP address of the end user.
Different reverse proxies
If you are using a reverse proxy different than nginx, set up your proxy in the way corresponding to the nginx configuration shown above.
Vanity Domain Direct Setup with SecureAuth
Set a CNAME DNS record (alias) on the vanity domain pointing to your SecureAuth tenant URL.
Example:
authz.acme-org.com ---CNAME---> $TENANT_DOMAIN
Once your CNAME DNS record is set up, let SecureAuth support know, and we will do the rest for you. With your CNAME set up, we are able to add a TLS certificate and configure SecureAuth SaaS platform to work with your domain. Once we finish, your custom domain is ready to be used.