Custom Domains

Serve your Passage OIDC app on a custom domain

Configuration

Existing passkeys will no longer work on your new, custom domain.

Passkeys are scoped to a single auth origin, meaning they will only be valid for the domain they were created on.

New subdomain

  1. Configure a DNS record to be used as your authentication domain (ex: auth.example.com)
  2. Add your custom domain in the Passage Console on the Settings --> Custom Domains page
  3. Add a CNAME record for your subdomain to point at customers.withpassage.com
  4. Click the Verify button in the Passage Console in the Configure Custom Domain section you entered your subdomain in during step #2

Existing subdomain

If you have existing authentication traffic to a subdomain you would like to continue using you have two options.

Option 1: No downtime

When verifying custom domain ownership, an HTTP verification method is used since it doesn't require additional actions. However, this can potentially introduce downtime if the custom domain is already in use.

To avoid this, a DNS-based verification method that ensures no service interruptions is also available.

Contact support@passage.id for support, and we'll guide you through each step to ensure a smooth experience for your users. Currently, this process takes less than 3 business days to complete.

Option 2: Limited downtime

In the instances where you have an existing subdomain but have an accepted available window of downtime, you can run the flow via the Console UI. In most cases, you will experience a downtime of 2-10 minutes + your record TTL.

  1. Reduce the TTL on your existing record to 10
  2. Point your CNAME record at customers.withpassage.com
  3. Increase your TTL to your previous value
Domain status
StatusDescription
Active Custom hostname has completed hostname validation and is active.
PendingCustom hostname is pending hostname validation
MovedNon-active after an active domain moved to a pending state for more than 7 days