Custom Domains
Serve your Passage OIDC app on a custom domain
Configuration
Existing passkeys will no longer work on your new, custom domain.
Passkeys are scoped to a single auth origin, meaning they will only be valid for the domain they were created on.
New subdomain
- Configure a DNS record to be used as your authentication domain (ex: auth.example.com)
- Add your custom domain in the Passage Console on the Settings --> Custom Domains page
- Add a CNAME record for your subdomain to point at
customers.withpassage.com - Click the Verify button in the Passage Console in the Configure Custom Domain section you entered your subdomain in during step #2
Existing subdomain
If you have existing authentication traffic to a subdomain you would like to continue using you have two options.
Option 1: No downtime
When verifying custom domain ownership, an HTTP verification method is used since it doesn't require additional actions. However, this can potentially introduce downtime if the custom domain is already in use.
To avoid this, a DNS-based verification method that ensures no service interruptions is also available.
Contact support@passage.id for support, and we'll guide you through each step to ensure a smooth experience for your users. Currently, this process takes less than 3 business days to complete.
Option 2: Limited downtime
In the instances where you have an existing subdomain but have an accepted available window of downtime, you can run the flow via the Console UI. In most cases, you will experience a downtime of 2-10 minutes + your record TTL.
- Reduce the TTL on your existing record to
10 - Point your CNAME record at
customers.withpassage.com - Increase your TTL to your previous value
Domain status
| Status | Description |
|---|---|
| Active | Custom hostname has completed hostname validation and is active. |
| Pending | Custom hostname is pending hostname validation |
| Moved | Non-active after an active domain moved to a pending state for more than 7 days |