Skip to main content

Custom (Vanity) Domains

Organizations can set up a custom (vanity) domain name for their SecureAuth tenant that is easier to remember, simpler, or aligned with your branding.

Example: ACME wants to use a different domain for their SecureAuth tenant. Employees previously accessed it through
acme.us.authz.secureauth.io/acme. To simplify access, ACME now uses a custom domain, acme.example.com.

Setup Options

You can configure vanity domains in two ways:

  1. Customer-managed infrastructure: Use a web application firewall (WAF), content delivery network (CDN), or custom proxy.
  2. Direct through SecureAuth: Let SecureAuth handle the domain setup.

Traffic Flow Diagram

The following diagram illustrates the traffic flow for vanity domain usage:

Vanity Domain Traffic Flow

Getting Started

To set up a custom domain for your organization, contact
SecureAuth Support.

Custom Domain Implementation Methods

Method 1: WAF/CDN/Proxy Setup

Use your existing WAF, CDN, or proxy as a reverse proxy. TLS is terminated at the proxy level.

Custom Domains with WAF/CDN/Custom proxy

Best for: Organizations with existing proxy infrastructure.

Learn how to configure this setup

Method 2: Direct Setup with SecureAuth

SecureAuth handles domain traffic directly if you don’t have a proxy or WAF.

Direct Custom Domain Setup with SecureAuth

How it works:

  1. SecureAuth creates a custom Ingress for your vanity domain.
  2. You configure a CNAME record pointing to the SecureAuth ingress endpoint.
  3. SecureAuth maps and routes the traffic to your tenant.

Best for: Organizations without proxy infrastructure.

Learn how to configure this setup