Custom Domains
Every environment has a default subdomain (e.g. acme-prod.paylent.com), but you can configure a custom domain like auth.yourcompany.com so your users see your brand during login and OAuth flows.
How It Works
Section titled “How It Works”When you add a custom domain, Paylent provisions an SSL certificate automatically through Cloudflare. Once active, all OAuth endpoints — login, authorization, token exchange, and OIDC discovery — respond on your custom domain.
Your OAuth issuer URL updates to use the custom domain, so tokens are issued under your domain rather than a Paylent subdomain.
-
Add the domain in your dashboard
Go to Settings → General and enter your domain in the Custom Domain section (e.g.
auth.yourcompany.com). -
Add a CNAME record
In your DNS provider, create a CNAME record pointing your domain to Paylent’s origin:
Type Name Target CNAME authcustomers.paylent.comFor apex domains (e.g.
auth.example.comwhereauthis the subdomain), use a standard CNAME. If you need to use a bare domain, check if your DNS provider supports ALIAS or CNAME flattening. -
Wait for SSL provisioning
Certificate provisioning typically takes a few minutes. The dashboard shows the current status:
Status Description Pending DNS verified, certificate being issued Active Certificate provisioned, domain is live Failed Provisioning failed — check your DNS records Use the Refresh button to poll for updates.
What Changes
Section titled “What Changes”Once your custom domain is active:
- OIDC Discovery —
/.well-known/openid-configurationreturns URLs under your domain - OAuth endpoints —
/oauth/authorize,/oauth/token, and others respond on your domain - JWT issuer — The
issclaim in tokens uses your custom domain - Login page — Users see your domain in the browser address bar
The default subdomain continues to work alongside your custom domain.
Validation Rules
Section titled “Validation Rules”Custom domains must:
- Be a valid hostname with at least two labels (e.g.
auth.example.com, not justexample) - Not be a subdomain of
paylent.com - Not be an IP address
- Not contain wildcards
- Be globally unique across all Paylent environments
Removing a Domain
Section titled “Removing a Domain”In Settings → General, click Remove Domain. This deletes the SSL certificate and reverts OAuth endpoints to the default subdomain. Your DNS records are not automatically cleaned up — remove the CNAME record from your DNS provider after removal.