Configure Custom Domains with Self-Managed Certificates
You can choose to manage the certificates for your custom domains yourself, which means that you are responsible for managing your SSL/TLS certificates and configuring a reverse proxy to handle SSL termination and forwarding requests to Auth0.
Choose this option if:
- You want to have more control of your certificates (such as choosing your own CA or certificate expiration)
- You want to enable additional monitoring over your API calls to Auth0
You'll need to register and own the domain name to which you're mapping your Auth0 domain.
How to Configure Custom Domains with Self-Managed Certificates
Setting up your custom domain with Self-managed certificates requires you to do the following steps:
- Provide your domain name to Auth0
- Verify ownership
- Configure the reverse proxy
- Complete feature-specific setup
Step 1: Provide Your Domain Name to Auth0
Log in to the Dashboard and go to Tenant Settings. Click over to the Custom Domains tab.
Enter your custom domain in the provided box and select Self-managed certificates. Click Add Domain.
Step 2: Verify Ownership
Before you can use this domain, you'll need to verify that you own your domain. To do this, you will need to add the TXT verification record listed in the Dashboard to your domain's DNS record.
When you've done so, click Verify to proceed.
Here's how to add the TXT verification record to your domain's DNS record. The steps specified may vary by domain host provider, but generally speaking, you will need to:
Log in to your domain management service (such as GoDaddy or Google Domains)
Create a new record:
- For the record type, indicate TXT
- For the Name field, enter your custom domain name (such as login.northwind.com)
- Leave the Time to Live (TTL) field set to the default value
- In the Value field, paste in the TXT value provided by the Auth0 Dashboard
When done, save your record.
If Auth0 was able to verify your domain name, you'll see a confirmation window.
Save the information provided in this pop-up, especially the
cname-api-key value, since this is the only time you'll see this value.
This means the verification process is complete and within 1 to 2 minutes, your custom domain should be ready to use.
Step 3: Configure the Reverse Proxy
Next you will need to set up your reverse proxy. In this example, we will walk through how to do so using AWS CloudFront.
Step 4: Complete Feature-Specific Setup
There are additional steps you must complete depending on which Auth0 features you are using. Refer to our custom domains documentation for more details.