Set up a custom domain

1. Open the dashboard

In dashboard / Custom domains, click Add domain. Enter the hostname your users will land on (typically auth.yourcompany.com).

2. Publish the DNS records

Authio will surface a list of DNS records to publish. The exact set depends on whether Cloudflare for SaaS is enabled on the platform:

• Routing CNAME — always required. Point your hostname at Authio.
• Ownership TXT — proves you control the domain.
• SSL DCV records — Cloudflare uses these to issue your TLS cert. Shown only when the platform zone has SSL for SaaS turned on.

Add every row at your DNS provider. Each row has a one-click copy affordance next to the host and value.

3. Verify

Click Verify now in the dashboard. Authio re-reads Cloudflare for the cert status and the DNS records for the ownership proof. The status moves through pending_dns → verified → active over a few minutes:

• verified: DNS records have resolved; cert provisioning underway.
• active: TLS cert is live, traffic is routing. Your users can sign in at the hostname.

4. Optional — brand the panel

Expand the Branding section in the new-domain form to set a display name, primary colour, logo URL, and tagline. The hosted-UI loads these on every Host-resolved request, so the sign-in page already looks like the customer's app. Enterprise tenants can also hide the “Powered by Authio” footer.

5. Optional — branded email

From the domain detail page, click Enable branded email with a from-address like noreply@yourcompany.com. Authio mints a per-customer SES identity and surfaces three DKIM CNAMEs — publish those, then click Verify DKIM. Once verified, sign-in emails go out from your domain immediately.

See Set up branded email for the full flow.