# Custom Domain

> Brand your Applivery App Store with a custom domain — set up a CNAME record and enable it from the Dashboard.

Source: https://docs.applivery.com/en/platform/organization/custom-domain/  •  Last updated: 2026-05-12

**Key topics:** Custom Domain Setup, CNAME Configuration, SSO Considerations, SSL Certificates, Applivery, DNS, CNAME, SAML, Azure AD, Okta, Ping Identity, DigiCert, Google Trust Services, Let's Encrypt, SSL.com

---

**TL;DR:** Configure a custom domain for your Applivery App Store by creating a CNAME record and enabling it in the Applivery Dashboard.

By default, your Applivery App Store is accessible at `{your-organization}.applivery.io`. Custom domains let you replace this with a subdomain of your own — for example, `apps.yourcompany.com` — giving employees a branded, recognizable URL when they access internal app Builds.

:::info
Custom domains apply to the **App Store (Enterprise Store)** only. The Applivery Dashboard and MDM Portal are not affected.
:::

* * *

## Setup

**Create a CNAME record in your DNS provider**

Before configuring anything in Applivery, you need to point your subdomain to Applivery's servers. In your DNS provider, create a new `CNAME` record for the subdomain you want to use:

| Type | Name | Value |
| --- | --- | --- |
| `CNAME` | `Apps` _(your chosen subdomain)_ | `domains.applivery.io` |

DNS propagation can take a few minutes to several hours, depending on your provider and TTL settings. You can verify it has propagated using a tool like [dnschecker.org](https://dnschecker.org/) before proceeding.

:::tip
Custom domains only work with **subdomains** (e.g., `apps.yourcompany.com`). Apex domains (e.g., `yourcompany.com` without a subdomain prefix) are not supported, as they require an A record rather than a CNAME.
:::

**Enable the custom domain in Applivery**

In the [**Applivery Dashboard**](https://dashboard.applivery.io/), navigate to the **Settings** 1 section and select **Store Customization** 2 from the left-hand menu. Locate the **Custom domain** 3 field, type your subdomain (e.g., `apps.yourcompany.com`), and click **Save**.

![store customization](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/feaade91-affe-47a7-ae39-ebee9b203418.png)

Applivery will verify that the CNAME record is correctly configured and activate the custom domain for your App Store. Once active, your employees can access the App Store at the new URL.

* * *

## What changes after enabling a custom domain

**Your original URL keeps working.** The default `{your-organization}.applivery.io` URL remains active after you enable a custom domain — both URLs work simultaneously. You don't need to communicate a migration deadline to your users.

**SSO configuration may need to be updated.** If you have Single Sign-On configured via SAML (Azure AD, Okta, Ping Identity, or any other SAML-based provider), the callback URLs embedded in the SAML metadata will change when a custom domain is active. You may need to reconfigure the SAML integration from scratch with the updated metadata to restore SSO functionality.

:::warning
Always configure your custom domain **before** setting up SAML SSO. The SAML metadata Applivery generates includes the App Store URL as a callback endpoint — if you add a custom domain after configuring SSO, you will need to regenerate the metadata and update your Identity Provider.
:::

* * *

## SSL certificate and CAA records

Applivery automatically provisions and manages an SSL certificate for your custom domain. No manual certificate configuration is required on your side.

If your domain uses **CAA (Certification Authority Authorization)** DNS records to restrict which Certificate Authorities can issue certificates for it, you need to authorize the CAs that Applivery uses. Add a CAA record for each of the following:

| Type | Name | Value |
| --- | --- | --- |
| `CAA` | `@` _(or your subdomain)_ | `0 issue "digicert.com"` |
| `CAA` | `@` _(or your subdomain)_ | `0 issue "pki.goog"` |
| `CAA` | `@` _(or your subdomain)_ | `0 issue "letsencrypt.org"` |
| `CAA` | `@` _(or your subdomain)_ | `0 issue "ssl.com"` |

If you don't have any CAA records configured, all CAs are permitted by default, and no action is needed. You can use [SSLMate's CAA Record Generator](https://sslmate.com/caa/) to generate the correct record for your setup.