Custom Domain
By default, the NeuralTrust console lives atapp.neuraltrust.ai. Custom Domain lets you map a hostname on a zone you own (for example ai.acme.com or trust.example.co) to your team’s console — so links, emails, and bookmarks all point at an address under your organization.
Open it from Team settings → Custom Domain.
A custom domain changes only the hostname users see for the NeuralTrust web app. It does not move data, change where the API is hosted, or affect TrustGate data-plane URLs (those are configured separately in Advanced or per-integration).
How it works
The custom domain is a CNAME you create in your own DNS zone pointing at a NeuralTrust target. NeuralTrust serves traffic for that hostname, terminates TLS with a certificate it issues automatically, and routes it to your team’s console.app.neuraltrust.ai URL keeps working — custom domains are additive, not a replacement. Existing SSO redirect URIs, API keys, and bookmarks tied to the default hostname remain valid.
Prerequisites
- Control of the DNS zone for the domain you want to use (so you can add CNAME / TXT records).
- Owner or Admin role on the team.
- A hostname that does not already have a conflicting A, AAAA, or CNAME record. The apex of a zone (for example
acme.com) usually cannot be used as a CNAME — pick a subdomain (for exampleai.acme.com).
Add a custom domain
- Go to Team settings → Custom Domain.
- Enter the hostname you want to use (for example
ai.acme.com) and submit. - The panel shows two things:
- A verification record — a TXT record you add to your zone to prove you control the hostname.
- A CNAME target — the NeuralTrust hostname your CNAME must point at.
- Add both records in your DNS provider (Route 53, Cloudflare, Google Cloud DNS, …).
- Come back to the panel and click Verify.
- NeuralTrust issues a TLS certificate for the hostname.
- The domain’s status flips to Active.
- The team’s console becomes reachable on
https://<your-hostname>.
Using the custom domain with SSO
If SSO is configured, update the identity provider to accept the new hostname as a redirect URI:- Microsoft Entra ID — add
https://<your-hostname>/auth/callbackalongside the existing NeuralTrust callback. - Generic OIDC — same idea; add the new callback to the application’s allowed redirect URIs.
app.neuraltrust.ai callback in place means both hostnames keep working during the rollout.
Removing a custom domain
- Go to Team settings → Custom Domain.
- Click Remove.
- Delete the CNAME and TXT records from your DNS provider.
app.neuraltrust.ai. Rotate any SSO redirect URIs that referenced the old hostname.
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
Verification failed after adding the TXT record | DNS hasn’t propagated yet. | Wait (5-15 min typical) and retry. Use dig TXT <host> to confirm the record is live on public DNS. |
Certificate not issued after verification | The CNAME is not yet public or points at the wrong target. | Confirm the CNAME resolves to the exact target shown in the panel with dig CNAME <host>. |
Invalid hostname | You tried to bind the zone apex or a name that already has an A record. | Pick a subdomain and remove the conflicting record. |
| Users get an SSO error after switching | Redirect URI on the IdP still only allows the old hostname. | Add the new callback URL to the IdP application. |