Configure Custom Domains with Auth0-Managed Certificates

Availability varies by Auth0 plan and login method

Both the login implementation you use and your Auth0 plan or custom agreement affect whether this feature is available. To learn more, read New Universal Login vs. Classic Universal Login and Pricing.

If you want Auth0 to manage the certificates for your custom domain, you only need to add a CNAME record on the domain. Auth0 validates the record and then generates the certificate on Auth0 servers. These certificates are renewed automatically every three months. You can configure this easily, and you won't have to maintain the certificates yourself.

To set up your custom domain using Auth0-managed certificates, you must provide your domain name to Auth0 and verify that you own that domain. Once verified, you will need to configure your Auth0 features to start using your custom domain.

Provide your domain name to Auth0

  1. Go to Dashboard > Settings > Custom Domains or Dashboard > Branding > Custom Domains. Enter your custom domain in the provided box, and select Auth0-managed certificates.

    Dashboard Settings Custom Domains Tab Certificate Type Auth0-Managed Certificates
  2. Click Add Domain. You can only add one domain per tenant even though the Add Domain button still appears after you add a domain.

Verify ownership

Before you can use the domain with Auth0, you'll need to verify that you own it.

  1. Go to Dashboard > Branding > Custom Domains and add the CNAME verification record listed in the Dashboard to your domain's DNS record.

    Auth0 Branding Custom Domains Auth0-Managed Certificate Verify Domain
  2. Click Verify to proceed. It may take a few minutes before Auth0 is able to verify your CNAME record, depending on your DNS settings. If Auth0 was able to verify your domain name, you'll see a confirmation window. This means the verification process is complete. Within 1 to 2 minutes, your custom domain should be ready to use.

Add CNAME verification record to DNS record

Once added, the CNAME record must be present at all times to avoid issues during certificate renewal.

If you need to enable CNAME flattening for all subdomains managed by Cloudfare and also configure a specific subdomain to be an Auth0 custom domain, consider delegating the subdomain for Auth0 to another DNS provider. To learn more, read Delegating Subdomains Outside of Cloudflare in the Cloudflare documentation. This will enable you to use CNAME flattening for all subdomains except the one used for Auth0.

The following steps may vary for your domain host provider.

  1. Log in to your domain management service.

  2. Create a new record.

    Parameter Value
    Record type CNAME
    Name Enter your custom domain name (such as login.northwind.com).
    Time to Live (TTL) Use default value.
    Value Paste in the CNAME value provided by the Auth0 Dashboard for your domain's DNS record.

  3. When done, save your record.

If Auth0 was able to verify your domain name, you'll see a confirmation window. This means the verification process is complete. Within 1 to 2 minutes, your custom domain should be ready to use.

If you are unable to complete the verification process, wait at least 4 hours before repeating these steps. To avoid any interruptions to your service, do not recreate the custom domain when reverifying. For troubleshooting guidelines, see Troubleshoot Custom Domains.

Additional steps for specific Auth0 features

There are additional configuration steps you must complete depending on which Auth0 features you are using. To learn more, see Configure Features to Use Custom Domains.

Learn more