Vanity URLs
The RapidIdentity Cloud solution follows a specific tenant naming convention and provides customers the ability to choose a subdomain of their choice to be used in the RapidIdentity URL. Many customers, however, require a higher level of personalization and need the ability to make RapidIdentity Cloud tenant's URL appear to be part of their domain.
To accommodate this need, RapidIdentity Cloud, Identity and Access Management, allows new customers to request a URL of their choice associated with and managed by their domain. This is referred to as a Vanity URL. The request for a Vanity URL must be made during the Tenant Request Process and the customer must be familiar with and able to modify their domain entries.
Customers wishing to have a Vanity URL must already own the desired domain (e.g., springfield.edu). Customers who do not already own the desired domain or are unfamiliar with or unable to modify their domain entries will not be able to use a Vanity URL with their RapidIdentity Cloud solution. Identity Automation will not purchase, own, or manage the customer's domain or their domain entries.
Except for a few known customers, Vanity URL requests made after tenant creation will not be honored. Vanity URLs must be requested during the Tenant Creation process. The Order of Operations for tenant creation is an associated, in-progress Google Doc.
RapidIdentity Tenant Naming
By default, RapidIdentity Cloud customer tenant URLs are created with the following naming convention:
https://springfield.us001-rapididentity.comNote
You will need to specify the desired subdomain part.
Alternatively, tenant requests may include a desired domain name as a Vanity URL during the initial environment preparation.
https://portal.springfield.eduNote
When signing on to RapidIdentity Cloud or other authentication events, the Login Page will show the Native URL in the user's browser. The login page will come from (e.g.,
springfield.us001-rapididentity.comor local equivalent), but the two are identical and will not cause an issue. When logging out, users will be directed to a Native URL location as well (e.g., https://springfield.us001-rapididentity.com/idp/logout).
Requirements
Criteria for a Vanity URL:
The customer must already own the desired domain (e.g., springfield.edu)
The request to use a vanity URL must be included in the initial Tenant Request
The customer must be able to independently add DNS entries to their Domain via their Domain Control Center to configure the initial DNS resolution
The customer must update their DNS with a CNAME entry to validate the certificate
After the certificate is validated by AWS, DevOps will continue their work
Only one vanity URL can be used per customer tenant and the desired URL must NOT already be in use.
If the desired URL is already being used for an on-prem solution, a new URL must be determined.
In the case that a Vanity URL is desired, Identity Automation will create an SSL certificate for the customer that supports both the default name (i.e., springfield.us001-rapididentity.com) and the vanity domain (i.e., portal.springfield.edu).
Note
Customers will have 72 hours to validate their certificate via DNS after it has been requested.
It is critical to note that Identity Automation does not own the domain name, so it must be a URL to a domain that the customer owns and manages. Identity Automation will, however, own and manage the SSL certificate for it - customers will need a person to be the approver for the SSL certificate (generally, whoever owns the domain).
Note
This decision must be made prior to the creation of the RapidIdentity Cloud tenant and cannot change once the tenant has been created and the configuration of the solution has begun.
The customer will add DNS entries to point users to the proper cluster endpoint. This will delegate control of DNS resolution for the portal to Identity Automation via the AWS DNS servers.
Record Type: | NS |
Name: | portal.springfield.edu |
Value: | ns-XXXX.awsdns-54.org. ns-XXXX.awsdns-21.co.uk. ns-XXX.awsdns-33.com. ns-XXX.awsdns-02.net. |
The SSL certificate will automatically renew yearly as long as the Vanity URL is delegated to Identity Automation. There is no other action necessary.
Customers should use their Native URL (e.g., https://springfield.us001-rapididentity.com) to log in to their IDP or Federation. They can then be redirected to the IDP to sign in from the Vanity URL and will see the Vanity URL after login.
Note
This cannot be changed, as the IDP does not support changing to the Vanity URL.