Configure Custom Domains with Auth0-Managed Certificates

Limited Access

Your Auth0 subscription plan and the login method you choose can affect feature availability. To learn more, read:

If you want Auth0 to manage the certificates for your custom domain, you only need to add a CNAME record on the domain. Auth0 validates the record and then generates the certificate on Auth0 servers. These certificates are renewed automatically every three months. You can configure this easily, and you won't have to maintain the certificates yourself.

To set up your custom domain using Auth0-managed certificates, you must provide your domain name to Auth0 and verify that you own that domain. Once verified, you will need to configure your Auth0 features to start using your custom domain.

Provide your domain name to Auth0

  1. Go to Dashboard > Settings > Custom Domains or Dashboard > Branding > Custom Domains. Enter your custom domain in the provided box, and select Auth0-managed certificates.

    Dashboard Settings Custom Domains Tab Certificate Type Auth0-Managed Certificates
  2. Click Add Domain. You can only add one domain per tenant even though the Add Domain button still appears after you add a domain.

Verify ownership

Before you can use the domain with Auth0, you'll need to verify that you own it.

  1. Go to Dashboard > Branding > Custom Domains and add the CNAME verification record listed in the Dashboard to your domain's DNS record.

    Auth0 Branding Custom Domains Auth0-Managed Certificate Verify Domain
  2. Click Verify to proceed. It may take a few minutes before Auth0 is able to verify your CNAME record, depending on your DNS settings. If Auth0 was able to verify your domain name, you'll see a confirmation window. This means the verification process is complete, and within 1 to 2 minutes, your custom domain should be ready to use.

Add CNAME verification record to DNS record

Once added, the CNAME record must be present at all times to avoid issues during certificate renewal.

Auth0 recommends turning off CNAME flattening unless it's strictly necessary, according to the Cloudflare documentation, Understand and configure CNAME flattening. CNAME flattening for Auth0 managed certificates is an unsupported configuration and as such may cause the custom domain to break without notice if CNAME flattening is enabled.

If you need to enable CNAME flattening for all subdomains managed by Cloudfare and also configure a specific subdomain to be an Auth0 custom domain, consider delegating the subdomain for Auth0 to another DNS provider. To learn more, read Delegating Subdomains Outside of Cloudflare in the Cloudflare documentation. This will enable you to use CNAME flattening for all subdomains except the one used for Auth0.

The following steps may vary for your domain host provider.

  1. Log in to your domain management service.

  2. Create a new record.

    Parameter Value
    Record type CNAME
    Name Enter your custom domain name (such as login.northwind.com).
    Time to Live (TTL) Use default value.
    Value Paste in the CNAME value provided by the Auth0 Dashboard for your domain's DNS record.

  3. When done, save your record.

If Auth0 was able to verify your domain name, you'll see a confirmation window. This means the verification process is complete, and within 1 to 2 minutes, your custom domain should be ready to use.

If you are unable to complete the verification process, you may need to repeat these steps.

If your DNS provider enables a proxy on the CNAME record by default, it will leave the custom domain in a pending state indefinitely. You may need to check your DNS provider settings and disable the proxy.

Additional steps for specific Auth0 features

There are additional configuration steps you must complete depending on which Auth0 features you are using. To learn more, see Configure Features to Use Custom Domains.

Learn more