Docs
[IAM]

Custom Domains

Custom Domains allow each Realm in IAM to use its own branded domain names for authentication and identity flows, instead of relying on default PLTFRMS-managed domains.

This enables full white-label identity experiences while still using the underlying PLTFRMS IAM infrastructure.

What are custom domains?

A custom domain is a domain controlled by a customer that is mapped to IAM services for a specific Realm.

Examples:

  • auth.customer.com
  • login.partner.org
  • id.company-domain.com

These domains are used for:

  • Hosted Login
  • Hosted Onboarding
  • OAuth2 / OpenID Connect flows
  • Redirect-based authentication

How custom domains work

When a custom domain is configured:

  1. The domain is linked to a specific Realm
  2. DNS records point to PLTFRMS IAM infrastructure
  3. TLS certificates are provisioned and managed
  4. IAM routes authentication traffic based on domain + realm mapping

From the user perspective, the entire identity system appears fully branded and independent.

Realm isolation

Custom domains are always bound to a single Realm.

This ensures:

  • No cross-realm authentication leakage
  • Each domain maps to exactly one identity environment
  • Authentication flows remain strictly isolated per customer

A domain is never shared between realms.

Hosted Login integration

Custom domains are fully integrated with Hosted Login.

This means:

  • Login pages can be served under the customer’s domain
  • Redirect flows remain OpenID Connect compliant
  • Branding (logos, styles, messaging) can be customized per realm
  • Authentication still executes within PLTFRMS IAM infrastructure

The identity experience becomes fully white-labeled.

OAuth2 and OpenID Connect support

Custom domains are fully compatible with:

  • OpenID Connect authorization endpoints
  • OAuth2 token endpoints
  • Session and logout flows
  • Token refresh mechanisms

This ensures that applications do not need to change integration logic when switching to custom domains.

Security model

Custom domains are secured through:

  • TLS certificate management (automated provisioning)
  • Strict domain-to-realm binding
  • Validation of redirect URIs per client
  • Full audit logging of authentication flows
  • Prevention of domain impersonation or misconfiguration

Security is enforced at the domain routing layer as well as the IAM layer.

Use cases

Custom domains are commonly used for:

  • White-labeled SaaS identity systems
  • Enterprise customer branding
  • Partner or reseller identity portals
  • Compliance or trust requirements (own domain authentication)
  • Integration into existing corporate identity ecosystems

Why custom domains matter

Custom domains provide:

  • A fully branded authentication experience
  • Stronger trust for end-users
  • Seamless integration into customer ecosystems
  • No dependency on PLTFRMS-branded endpoints
  • Full compatibility with OAuth2 and OpenID Connect standards

They allow IAM to operate as both a platform service and a fully white-labeled identity provider.