Theory of Operation: CNAME + DOMAIN




Theory of Operation

Use your own domain name with Agilicus AnyX.

3c720137 undraw domain names re 0uun

Setup Planning: Domain Name (CNAME) Setup

When creating a new Organisation through the Signup process, you are asked 2 questions:

  1. “Organisation/Company/Account Name”
  2. “DNS Domain”

On the “DNS Domain” you have 2 choices:

  1. “I have my own domain name”
  2. “I will use an Agilicus-supplied domain name”

The “Organisation/Company/Account Name” is used for billing purposes, and for metrics. It does not appear to the end-users of your company.

The ‘DNS Domain’ is used by all users (administrative and end-user). Notably,

  • https://admin.DOMAIN 🠒 the administrator will sign-in here to configure and update the system
  • https://auth.DOMAIN 🠒 for any sign-in activity, the user will be redirected here during the sign-in process according to the OpenID Connect specification
  • https://profile.DOMAIN 🠒 end-users can see a ‘launcher’ of all applications in the organisation, and adjust their multi-factor authentication preferences
  • https://APPNAME.DOMAIN 🠒 for each application you configure, a public URL will be created via its name and the domain you choose.
b8441575 image

If you choose to use an Agilicus-supplied domain name, we will attempt to use your organisation name in conjunction with agilicus.{cloud|net|org}.

If you choose “I have my own domain name”, the administrator and end users will never see our domain. We recommend this option. In this model, you are delegating a sub-domain of your own to our system to manage on your behalf. So for example, you can say “*.cloud.MYDOMAIN” is managed.

For the domain, if you choose to provide your own sub-domain, you must first put an entry in your Domain Name Server (DNS) to prove you own it, and to allow us to host content on it. This is done by creating a CNAME record with a wildcard. In your DNS, create a CNAME report from *.subdomain.yourdomain to For more information about the Hows and Whys of a CNAME, see “Internet Redirect & Alias: The CNAME“. NOTE: this is a wildcard.

For example, we recommend using “cloud” as the subdomain. If your company web-page is “”, you will create a CNAME of *, pointing to You and your users will now be accessing applications as

If you use a domain we supply, this can be very quick for you to get going. If you use your existing domain its simpler for your users, and, can help train them to avoid spearphishing by only using your corporate domain. The choice is yours.

An example setup using Google DNS is shown. This will vary slightly depending on your DNS provider. If you wish to test the setup of your CNAME, we recommend using dig, as below. You may also use a web-based service such as Lookup anyname.subdomain.yourdomain.

406482f2 image
Example Setup with Google DNS
$ dig -t cname
 ;    IN  CNAME

Once you select CREATE it will take approximately 30-60 seconds to setup an environment. During this time our system is created a Federated Login system (allowing authentication against your Identity Providers), SSL certificates (100% of what we do is encrypted), and some other database setup for Audit Logging etc.

NOTE: Split-Horizon DNS

If you run split-horizon DNS (e.g. a name server internally which serves different answers than externally), you will need to make the same changes in both systems. This can happen e.g. if you use Microsoft Active Directory on premise as a DNS server, and a public DNS server externally.

NOTE: Testing

You may test your newly added CNAME using an Agilicus API. In your browser, navigate to:’‘. So, for example, if you chose ‘cloud’ as the subdomain, and your main domain was ‘’, you would open will return some text like:
{“AA”:false,”AD”:false,”Answer”:[],”Authority”:[{“data”:” 2019051401 28800 7200 604800 600″,”name”:””,”type”:6}],”CD”:false,”Flags”:[“QR”,”RD”,”RA”],”QR”:true,”Question”:[{“name”:””,”type”:5}],”RA”:true,”RD”:true,”Responder”:”″,”Status”:3,”TC”:false}You may also use a tool such as dig:dig -t cname
; <<>> DiG 9.16.15-Ubuntu <<>> -t cname
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15521
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
; EDNS: version: 0, flags:; udp: 65494
;; ANSWER 1800 IN CNAME;; Query time: 168 msec
;; WHEN: Sun Oct 17 18:24:14 EDT 2021
;; MSG SIZE rcvd: 82