If your tenant is going to be the Identity provider , and you need to verify it for the app, then yes you need a verifiable custom domain setup in Entra.
https://learn.microsoft.com/en-us/entra/identity/users/domains-manage
Having said that, you could in theory simply use the onmicrosoft domain you manage as the domain but if the app is requiring proof of ownership, then you really should setup a custom domain as the onmicrosoft.com domain is considered a "fallback domain"