## Custom domain setup By default, every Frontegg environment is created with a Frontegg domain ending in `.frontegg.com`. While this domain is functional, it may lead to unwanted cookie issues caused by third-party cookie blocking and result in a domain that doesn’t align with your brand identity. Limitations Note that you can configure one custom domain per environment, and up to two domains in total. If you need to configure additional custom domains, [contact us](https://support.frontegg.com/hc/en-us/requests/new). Note that custom domains for each environment are configured separately. ### Configuring a custom domain To configure custom domains, open the **Frontegg portal** and navigate to [ENVIRONMENT] → Configurations → Keys & domains → Domains. To configure a new custom domain, click on **Configure**, and in the popup dialog box, insert your desired domain name to generate the CNAME record you need for your DNS configuration. ![custom-domain](/assets/custom-domain.cf3721fa0226cd34d2a81ab1ad6c83156a3893bb6dc51830be8c74d7581b4ebf.42627d99.png) br ![custom-domain](/assets/custom-domain-2.3d165690b8283d71746e1e78667a54e9e5030e1770d1f8f264e0f2fb4862d54d.42627d99.png) Best practice A common practice is to use a subdomain as the custom domain because if your app is hosted on `app.sample.com` and you have an existing A record for that domain, you cannot use `app.sample.com` as a custom domain on Frontegg. Instead, use a subdomain as the custom domain, like `auth.sample.com`. br After adding the CNAME to your DNS configuration, click the **Verify** button. If Frontegg is able to verify the CNAME record, you will see a success message. After a successful setup, you should also see your custom domain listed on the Administration Page's Domain tab with a verified tag. Domain verification typically takes anywhere from a few minutes to a few hours. If you see a notification that Frontegg is unable to verify your custom domain, please double-check that you entered your CNAME correctly in your DNS provider and try again. br ![custom-domain](/assets/custom-domain-3.41f91f525de01885290d3b6c260b2a3e8e0559ca33026b659cb1baf85d7d3d67.42627d99.png) br A `CNAME does not exist` error may appear if your domain failed validation, possibly due to a Certificate Authority Authorization (CAA) issue. This can usually be resolved by adding the appropriate CAA record to your DNS settings. ### Managing URLs after configuring the custom domain Once the custom domain is set up, make sure to update the following URLs to ensure everything functions correctly across your platform. #### Login URL Ensure that the login URL in your applications is updated to reflect the new custom domain. 1. Open the **Frontegg portal**. 2. Go to the **Configuration** section. 3. Click **Applications**. 4. Select your application. 5. On the **Settings** tab, scroll down to the **Login URL** field. 6. Update the URL. ![Update-URL](/assets/update-url.f4eace80db676989c8706e505404a0e96fc43b25050782ee191dd758cb7f1964.42627d99.png) 1. Click **Save**. #### Client-side SDKs If you're using a Frontegg client-side SDK, update the `baseUrl` in `contextOptions` to reflect your new custom domain in your application code. For example: ```javascript const contextOptions = { baseUrl: '[YOUR-CUSTOM-DOMAIN]', clientId: '[YOUR_CLIENT_ID]', appId: '[YOUR_APP_ID]' }; ``` br * Replace `[YOUR-CUSTOM-DOMAIN]` with your actual custom domain URL. * Replace `[YOUR_CLIENT_ID]` with your actual client ID. * Replace `[YOUR_APP_ID]` with your actual app ID. #### Single Sign-On If you're using Single Sign-On (SSO) and are in a production environment, make sure to update the `ACS` (Assertion Consumer Service) URL to match the new custom domain. br This is crucial for SSO configuration to work properly. br 1. Open the **Frontegg portal**. 2. Go to the **Configuration** section. 3. Click **SSO**. 4. Select Service Provider → Manage. 5. Select SAML → Manage. 6. Enter the application URL into the **ASC URL** field. ![SAML-URL](/assets/saml-url.c373acbb2cf648fb4f8507a631325d2b2e8494e3c5820e48ded0f71420b62577.42627d99.png) 1. Click **Save changes**. #### Emails When sending emails, make sure to use dynamic parameters for login URLs - `{{LOGIN_URL}}`. If dynamic parameters aren't used, manually update the login URL in the email templates as well. 1. Open the **Frontegg portal**. 2. Go to the **Authentication** section. 3. Click **Emails**. 4. On the **Templates** tab, select the required email template. 5. If you're using `{{LOGIN_URL}}`, no changes are needed. If using hardcoded values, update the `Redirect URL` field to match the new custom domain ![Email-URL](/assets/email-url.690a265a2fbd9540cbc0a9f77601d5f67a62898d9ae077665ef72f5c6e621e00.42627d99.png) 1. Click **Save changes**.