Auth0’s custom domains let your users see your brand, not ours, during login and signup.
Let’s say you want your login page to live at login.myawesomeapp.com instead of myawesomeapp.auth0.com. This is more professional and helps build trust.
Here’s how it looks from the user’s perspective. Normally, after clicking "Login," they’d be redirected to a URL like:
https://myawesomeapp.auth0.com/authorize?client_id=...&redirect_uri=...&response_type=...&scope=...&state=...
With a custom domain, that same redirect happens, but the user sees this in their browser’s address bar:
https://login.myawesomeapp.com/authorize?client_id=...&redirect_uri=...&response_type=...&scope=...&state=...
The actual Auth0 authorization process still happens on Auth0’s servers, but the URL presented to the user is your own.
To set this up, you’ll need two main things:
- A domain name that you own (e.g.,
myawesomeapp.com). - Access to your domain’s DNS (Domain Name System) records. This is usually managed through your domain registrar (like GoDaddy, Namecheap, Google Domains, etc.).
The process involves configuring your DNS to point a subdomain (like login.myawesomeapp.com) to Auth0, and then telling Auth0 to use that subdomain.
First, in your Auth0 dashboard, navigate to Settings > Custom Domains. Click the Set up Custom Domain button. You’ll be asked to enter your desired custom domain name. Let’s use login.myawesomeapp.com for this example.
Auth0 will then provide you with DNS records you need to add to your domain’s DNS configuration. These records are crucial for verifying ownership and routing traffic correctly. You’ll typically see two types of records:
-
CNAME Record: This is the primary record that points your custom subdomain to an Auth0-managed domain. It looks something like this:
Type Host/Name Value/Target CNAME loginyour-tenant.auth0.com(or similar Auth0 URL)- Host/Name: This is the subdomain part. If you entered
login.myawesomeapp.com, the host/name is usually justlogin. Some DNS providers might require the fulllogin.myawesomeapp.com. - Value/Target: This is the Auth0-specific endpoint that handles your custom domain traffic. Auth0 will tell you exactly what this should be.
- Host/Name: This is the subdomain part. If you entered
-
TXT Record (for verification): This record helps Auth0 verify that you own the domain. It will look something like this:
Type Host/Name Value/Content TXT loginauth0-domain-verification=YOUR_UNIQUE_VERIFICATION_CODE- Host/Name: Again, this is your subdomain (
loginorlogin.myawesomeapp.com). - Value/Content: A unique string provided by Auth0.
- Host/Name: Again, this is your subdomain (
You’ll log into your domain registrar’s control panel and find the DNS management section. You’ll then add these records. The exact interface varies by provider, but you’re looking for an "Add Record" or "Manage DNS" option.
Example DNS Configuration (Namecheap):
- Log in to Namecheap.
- Go to your Domain List.
- Click Manage next to
myawesomeapp.com. - Go to the Advanced DNS tab.
- Click Add New Record.
- Select CNAME Record.
- Host:
login - Value:
your-tenant.auth0.com - TTL: Auto (or 1 hour)
- Host:
- Click Add New Record again.
- Select TXT Record.
- Host:
login - Value:
auth0-domain-verification=YOUR_UNIQUE_VERIFICATION_CODE - TTL: Auto (or 1 hour)
- Host:
- Save all changes.
After you’ve added the DNS records, you need to wait for them to propagate across the internet. This can take anywhere from a few minutes to 48 hours, though it’s usually much faster. Auth0 will periodically check for these records.
Once Auth0 detects the correct DNS records, it will automatically provision an SSL certificate for your custom domain using Let’s Encrypt. This ensures all traffic to login.myawesomeapp.com is encrypted.
Back in your Auth0 dashboard, after adding the DNS records, you’ll click a Verify button. If propagation is complete and records are correct, the status will change to "Verified" or "Active."
You then need to configure your Auth0 Application settings to use this custom domain. Go to Applications > Applications, select your application, and go to the Settings tab. Find the Allowed Callback URLs and Allowed Logout URLs fields. Ensure these URLs use your custom domain.
For example, if your original callback URL was https://myawesomeapp.auth0.com/callback, you’ll need to change it to https://login.myawesomeapp.com/callback. This is critical for Auth0 to know where to redirect users after authentication, using your custom domain.
The most surprising truth about custom domains is that Auth0 doesn’t just proxy your domain; it actively manages the SSL certificate for it. This means you don’t have to worry about certificate renewals or management for your login endpoint. Auth0 handles it all seamlessly in the background, ensuring your login experience remains secure and branded.
If you’ve set up your custom domain and it’s verified, but your callback URLs are still using the *.auth0.com domain, users will be redirected to the Auth0 domain after login, breaking the seamless branded experience. Always double-check that all your application’s callback and logout URLs in Auth0 are updated to reflect your new custom domain.
After successfully setting up your custom domain, the next hurdle is understanding how Auth0’s Universal Login page, which is served from your custom domain, can be further customized with your branding.