By default, Kinde issues a Kinde subdomain when you first register. But for your production environment you can use your own custom domain instead of Kinde’s as your URL. For example, account.mydomain.com instead of mydomain.kinde.com.

There are a few reasons you may wish to do this.

• It will give your users the impression they have never left your application to authenticate, creating a seamless user experience.
• For Single Page Applications (SPAs) it means we can securely set a first party cookie meaning authentication state persists for full-page refreshes and new tabs.
• If you also register the domain in the configuration for any social providers you are using, the social providers auth screen will be customized with your app details.

We find most customers use account , id , or auth as their subdomain, i.e account.mydomain.com.

ℹ️ When to still use the Kinde domain. Even if you use custom domains, you need to use your Kinde domain for Kinde Management API access and machine-to-machine applications.

Note that the verification process can take up to a few hours, depending on who your domain provider is. See tips for the DNS set up below.

1. Go to Settings > Environment > Custom domain. The Custom domain page opens.

2. Enter your custom domain in the Domain name field. Be sure to include the subdomain, for example account.mydomain.com.

3. Select Get DNS details. The DNS details appear.

4. Go to your domain provider website and create CNAME DNS records using the DNS details. Apologies that we can’t offer instructions for all situations, as this will be different depending on your provider. But here are the setup steps for Godaddy, Cloudflare, and NameCheap.

   ⚠️ Cloudlfare users: DNS entries must be DNS-only, not proxied.

5. Once you have created the DNS entries, go back to Kinde and select Verify. The verification process can take up to a couple of hours. When it completes, the verification status will change and an SSL certificate will be provisioned. Your domain will then be used instead of Kinde’s. You will also receive an email notification when the process is complete.

6. If you encounter any errors, such as the verification taking too long, re-check the DNS records you created on your provider site, to ensure the details are correct.

When you use social connections to authenticate users, you’ll also want to show your own domain name in the social provider sign in form instead of kinde.com.

To achieve this, register your application with the provider and configure it in Kinde. See instructions for the relevant social sign in for details.

Remember to also update your own code to use your custom domain, rather than the Kinde issued subdomain.

Auth endpoints are available for both custom domains and your Kinde subdomain. You can get tokens from either end point, but they are not interchangeable. For example, if you get an ID and access token from account.mydomain.com, it cannot be used with mydomain.kinde.com.

Currently, Kinde only supports *.localhost for non-https traffic.

When you create the DNS records for linking your own domain to Kinde, be sure to match the format you have used above.

For example, if your custom domain is account.mydomain.com, then:

Host = account

Record type = CNAME

Value = account.mydomain.com

TTL = Leave as default

Routing policy = Leave as default

If you are using a multi-level subdomain, like multi.subdomain.domain.com, how you set up DNS records will depend on how your zones are set up.

The details provided in the admin console assumes the domain entered is adding a single level to your DNS zone, but if you are adding more than one level you’ll need to create others.

So if your business is blue.black.red.com, you need to created a DNS entry for the custom domain blue.back.red, as well as an _acme-challenge.blue.black.red domain.

There are many different ways people manage multi-level domains and zones, and unfortunately we can’t cover all variations in these instructions.