Custom Vanity Domains For SaaS Providers

You’ve got customers, and they want to connect their own domains to your app. Here’s how to use Qloaked to provision third-party ‘vanity’ URLs for SaaS (or ecommerce) clients...

It’s commonplace in SaaS to need to offer a whitelabelled solution to customers who wish to use their own domains.

Take Beacon.by, a SaaS platform which has been using Qloaked for over a year.

“At Beacon.by we needed to be able to quickly provision SSL certs for customers,” said the company’s Eoin McGrath.

While most likely this is a need for B2B SaaS companies who sell customer-facing products to their clients (think help centers, loyalty or affiliate software, marketing software, landing page software or some other ‘brandable’ service), it’s also a requirement for eCommerce backends or more personal services like portfolio builders.

Thanks to Google, SSL is now a requirement for these pages. This presents SaaS businesses with a couple of unappealing options:

1. Build custom infrastructure to allow users to upload their own certificates
2. Build custom integration with third-party SSL services to secure custom domains.

However, as a SaaS business you want to focus on what you do best – not mess around with SSL.

“As a small team, building our own solution wasn’t an option,” explains Eoin.

Instead, they turned to Qloaked.

Qloaked’s reverse proxy accepts inbound connections from Beacon.by’s clients, automatically securing domains that don’t have an SSL certificate, before proxying the traffic through to your app server.

How does it work?

As a visual representation, it looks something like this:

As a process flow, the chart above looks something like:

1. Your clients (e.g. www.clientsite.com) will point their insecure domain at your branded CNAME (e.g. secured.yourcompany.com)
2. Your branded CNAME will send that traffic to your Qloaked server (e.g. yourcompany.domains.qloaked.com)
3. The Qloaked server will send traffic onwards to your app server, which will handle the request (e.g. appendpoint.aws.com)

The magic happens in the middle.

When Qloaked detects your client’s insecure domain sending traffic, it will automatically try to secure the traffic, provisioning an SSL certificate to secure the connection from their domain name to Qloaked. Then, it’ll continue routing the secured traffic to your application server.

Why is this better?

This solution is far better for you and your customers.

Beacon.by’s Eoin praised Qloaked as “simple setup, seamless and most importantly cost effective.”

For Qloaked clients, there’s no technical integration or headaches at all. You’ll enjoy secured client domains, with no code whatsoever.

For end users, the service means no messing around with buying or uploading SSL certificates. Qloaked handles everything, with no action required – most clients don’t even realize what’s happening on the backend. It just works.

That means that for SaaS companies like Beacon.by, Qloaked is a lifesaver:

“Customer support has been excellent and the service runs quietly in the background allowing us to concentrate on our core business. Thoroughly recommended.”