Skip to main content

Custom Domain and SSL Configuration

The Custom Domain feature allows you to serve LoginRadius-hosted authentication pages on your own domain, delivering a fully branded and secure login experience for your users.

Use Cases

  • White-labeled authentication for SaaS platforms
    Provide customers with a branded login experience under your own domain.

  • Partner and vendor portals
    Secure access for partners, vendors, and resellers using trusted domains.

  • Multi-tenant enterprise authentication
    Configure distinct login domains for different business units or clients.

  • Regulatory and security compliance
    Maintain consistent and secure authentication endpoints to support standards such as GDPR, HIPAA, and SOC 2.

  • Federated identity and SSO
    Enable seamless authentication across multiple applications and subsidiaries.

  • Improved user trust
    Reinforce brand credibility by avoiding third-party authentication domains.

Prerequisites

  • The Custom Domain feature must be enabled on your LoginRadius account.
  • To enable this feature or request multiple custom domains, contact:
    https://console.loginradius.com/get-support

Steps to Set Up a Custom Domain

  1. Log in to the LoginRadius Admin Console.
  2. Navigate to Branding → Custom Domain, or open:
    https://console.loginradius.com/branding/custom-domain
  3. Click Add Custom Domain.
  4. Enter your custom domain (for example, login.example.com) and click Save.

Multiple Custom Domains

LoginRadius supports configuring multiple custom domains, allowing different brands, tenants, or regions to use separate login URLs while sharing the same identity platform.

With multiple custom domains, you can:

  • Configure separate login domains for different brands, tenants, or regions.

  • Align each domain with its own branding (logo, colors, wording) on LoginRadius‑hosted pages.

  • Tailor authentication journeys and workflows per domain (for example, slightly different signup or verification experiences for different brands).

Support both:

  • Hosted pages managed by LoginRadius, and/or
  • Self‑hosted (custom) frontends that call LoginRadius APIs from different domains.

Note: Multiple custom domains require LoginRadius assistance. Submit a request via https://console.loginradius.com/get-support with the domain list and intended usage.

How This Impacts SSO & Redirect URIs

When a custom domain is enabled, it becomes the primary authentication endpoint for hosted pages and SSO flows.

  • SSO Redirect URLs
    OAuth, SAML, and OpenID Connect (OIDC) redirect and callback URLs must use the custom domain.

  • Social Login Providers
    Update authorized redirect and callback URLs in providers such as Google, Facebook, and Apple.

  • Multiple Domains
    Each domain must be explicitly whitelisted in the relevant identity provider configurations.

  • Session Behavior
    Authentication sessions are scoped to the domain. Improper domain alignment may cause re-authentication.

Recommendation: Test all login, registration, and SSO flows on the custom domain before production rollout.

SSL Configuration

If you encounter SSL-related issues on your custom domain, submit a request to:
https://console.loginradius.com/get-support

Include the following details:

  • Certificate provider
  • Certificate Signing Request (CSR), if applicable
  • Public key or certificate files

The LoginRadius team will assist with SSL configuration and validation.

Important Notes

  • Ensure DNS changes are fully propagated before testing authentication flows.
  • Validate login, registration, verification, and SSO journeys on the new domain.
  • Update redirect URLs in all third-party identity providers after domain changes.

Best Practices

  • Verify your CNAME record is correctly configured to avoid validation failures.
  • Ensure SSL certificates remain valid to prevent browser security warnings.
  • Re-test authentication flows whenever domains or certificates change.
  • Maintain consistent redirect and callback URLs across environments.