By default, tenant IAMs are accessible through the platform domain airlock.cloud. To use a custom domain for the tenant applications (Loginapp, Adminapp, and Transaction Approval), you must both enable custom domains in the Airlock Console and update the tenant IAM configuration in the saas.yaml file. This page describes how to enable custom domains. For details about the required tenant IAM configuration, see ALSAASPM-N-177.
Configure a custom domain to make tenant applications accessible through a domain that you own. Custom domains can be configured independently for the following applications:
Loginapp
Adminapp
Transaction Approval
Notice
A custom domain cannot be configured while mTLS is enabled.
Although a custom domain can be configured for the Adminapp, the application is not directly accessible. Access requires a valid SSO ticket and a supporting IAM configuration.
Accessing the Custom Domain settings
In the Airlock Console, go to:
Configuration >> Custom domainSelect the tab for the application you want to configure (Loginapp, Adminapp, or Transaction Approval).
Select Custom domain.
Create the DNS records shown on the page.
Once the DNS records are active, enter the domain name and click Save.
Notice
Custom domain settings take effect immediately. No further activation is required.
DNS verification
When you configure a custom domain, the platform performs a DNS verification. Before the change is applied, the result of the verification is displayed in the confirmation dialog.
If the required DNS records cannot be found or are configured incorrectly, a DNS verification failed warning is displayed:
DNS records
To use a custom domain, you must configure the required DNS records for the domain.
ACME Record
The ACME record is used to verify ownership of the domain and to enable automatic issuance and renewal of TLS certificates through the ACME protocol.
Record type |
CNAME |
TTL |
86400 |
Host |
_acme-challenge.<your-custom-domain> |
Target |
_acme-challenge.<your-custom-domain>.acme.airlock.cloud |
Custom domain record
This record maps your domain to the target domain provided by Airlock.
Record type |
CNAME |
TTL |
86400 |
Host |
<your-custom-domain> |
Target |
custom.ch-1.airlock.cloud |