Skip to main content

Integration - Custom URL

Custom URL setup instructions

Matt Szczurek avatar
Written by Matt Szczurek
Updated over a month ago

Overview

All SafeBase customers can set up a Custom URL. This gives our customers a public-facing URL for their Trust Center. All Custom URLs are provided with WAF protection and additional security coverage.

Note that SafeBase currently supports only one custom domain per Trust Center. If additional URLs are required, DNS redirects can be configured to your primary domain.

Custom URL Format

Custom URLs must follow the naming convention of prefix.company.domain e.g. :

  • trust.company.com

  • trustcenter.company.io

  • security.company.ai

Please see SafeBase's Custom URL for an example.

Note: We do not support URLs such as company.com/trust

Configuration requirements

Check your CAA Record

If you do not specify CAs, you can skip this section.


Cloudflare deploys SSL certificates via “Google Trust Services (GTS)”.
If you specify CAs in your environment, please add GTS to your CAA record:

  1. In your DNS provider, access your CAA record

  2. Edit the CAA record to add GTS with a flag, tag, and value:

    • flag: 0

    • tag: issue

    • value: pki.goog

  3. The record should read: 0 issue ‘pki.goog’

Setup Instructions

1. Verify Your Organization's Domains

Your custom Trust Center URL must match one of the domains on your SafeBase organization. You can see these domains in Settings -> Organization Settings -> Domains. Most organizations will only have one domain, which will be the company's main corporate domain, e.g. company.com. This domain will also control who can be invited as an organization member and log into your organization.

In some cases, companies will have multiple domains for different purposes (e.g. one for marketing and one for internal email, or one for public branding and one for API services). If you wish to create your custom URL on a domain other than the original primary domain of your organization, please reach out to Support and provide each of the verified domains you own and want added.

Please be aware that SafeBase supports only one primary custom domain per Trust Center. For any additional domains, you can implement DNS redirects to the main custom URL to ensure seamless access for visitors.

2. Add a Custom URL in Settings

Once you have decided on your Custom URL (e.g. trust.company.com), navigate to the Trust Center URL section of SafeBase's Settings and input the subdomain that you would like to use as your Custom URL:


Double-check your URL before clicking Submit.

Note: If you need to change this value in the future or encounter an error, please reach out to support.

3. Add the CNAME Record to your DNS Provider

After clicking Submit, you will be provided with CNAME DNS record and it's corresponding value:


Please add this CNAME record to your subdomain's DNS provider.


For example:

  • CNAME Record: trust.company.com

  • CNAME Value: company.portals.safebase.io

Note: Please ensure the CNAME record is DNS Only

  • For Cloudflare customers, ensure the DNS record is not Orange Clouded in the Cloudflare DNS table.

  • For other CDN/Proxy customers, see Troubleshooting below.

4. Publish Your Trust Center

Once the CNAME has been added, check the status by clicking Refresh

  • The configuration will validate automatically in the background.

After the values are validated, a button will appear to publish your Trust Center:


Click Publish Trust Center when you are ready for your Trust Center to be public.

Note: Once your Trust Center is published, you will need to reach out to support to un-publish or make any changes to the Custom URL.

Use exiting custom URL from Drata or other Trust Center

For organizations that would like to re-use the existing Trust Center Custom URL when migrating from another platform, this is 100% possible and is only a few steps.

If you plan to manage multiple domain names, you may configure DNS redirects from those domains to lead visitors to the primary domain configured with SafeBase.

The only thing separates a URL such e.g. "trust.company.com" from leading to SafeBase or a different Trust Center is the value that the DNS CNAME points to.

Prerequisites

All steps above are required.

  • Ensure the CAA record is correct (or not needed)

  • Verify the existing DNS CNAME record is DNS only, or is set to DNS only when making the change.

Making the swap

Set things up in SafeBase first.

  • Enter the subdomain and click submit.

  • When ready, change the existing DNS entry for the old Trust Center and point it to the value given in SafeBase. It will follow the format of "companyname.portals.safebase.io"

  • Once the status is validated, click "Publish Trust Center"

  • Once published, the Trust Center will be public at that URL.

Note: There may be a few minutes of downtime while DNS replicates. If taking an extended amount of time, please reach out to suppor@safebase.io.

Troubleshooting

Wrong domain in the "Your subdomain" box?

This happens, as SafeBase will pull the domain we have listed in our database, if you would like an alternate domain, please do not submit and reach out first!

Let our support know that you would like to update the domain for your Custom URL.

Proxy'ing as a last resort

If an organization MUST proxy this URL behind a service such as CloudFront, they most likely will run into errors when the origin server does not respond.

In these scenarios, there may be a requirement to pass a Host header with the custom URL as the value so that our infrastructure can serve the correct page.

Please reach out to Support with any questions or concerns.

Related Articles
Integration - SAML SSO
Branding - Custom Email Notifications
Trust Center - Rebranding
SafeBase Networks - WAF & Bot Protection, Custom Hostnames, and Scanning
Trust Center - Custom Item URLs
Did this answer your question?