Add a custom domain name


Effective October 12, 2022, Power Apps portals is Power Pages. More information: Microsoft Power Pages is now generally available (blog)
We will soon migrate and merge the Power Apps portals documentation with Power Pages documentation.

A custom domain can enhance your brand and help your customers more easily find your support resources. Once you provision your portal and acquire your domain name, you'll need an SSL certificate to set up a custom host name. After the SSL certificate is purchased, you can use a wizard to link your portal to a custom domain. Only one custom domain name can be added to a portal.


  • You can add a custom domain name to a portal only when the portal is in production state. For more information about portal stages, go to portal lifecycle.

To learn about the roles required to perform this task, read Admin roles required for portal administrative tasks.

  1. Open Power Apps portals admin center.

  2. Go to Portal Actions > Add a Custom Domain Name. A wizard opens to choose the SSL certificate.

  3. On the Choose a SSL certificate page, select one of these options:

    • Upload a new certificate: Select this option to upload the .pfx file if you haven't yet uploaded it to the organization. Select the upload button underneath File to select the .pfx file. After selecting the file, enter the password for your SSL certificate in the Password field.

    • Use an existing certificate: Select this option to choose the correct certificate from the drop-down list.


      The SSL certificate must meet all the following requirements:

      • Signed by a trusted certificate authority.
      • Exported as a password-protected PFX file.
      • Contains private key at least 2048 bits long.
      • Contains all intermediate certificates in the certificate chain.
      • Must be SHA2 enabled; SHA1 support is being removed from popular browsers.
      • PFX file must be encrypted with TripleDES encryption. Power Apps portals doesn't support AES-256 encryption.
      • Contains an Extended Key Usage for server authentication (OID =

      The steps to export SSL certificate as a password-protected PFX file may vary depending on your certificate provider. Check with your certificate provider for recommendation. For example, certain providers may suggest to use OpenSSL 3rd party tool from OpenSSL or OpenSSL Binaries sites.

  4. Select Next.

  5. On the Choose a host name page, select one of the following options:

    • Add a new host name: Select this option to create a new custom domain. Enter the CNAME you want in the Domain Name field.
    • Use an existing host name: Select this option to choose a host name from the drop-down list.


    • You can only have one custom domain name for a portal.
    • To create a custom host name, you will need to create a CNAME with your domain provider that points your domain to the URL of your portal. If you have just added a CNAME with your domain provider, it will take some time to propagate to all DNS servers. If the name is not propagated and you add it here, the following error message will appear: "Please add a CNAME record to this domain name. Retry after some time passes."
  6. Review the information you've entered, and then select Next to begin creating the SSL Binding. You should see the message Custom Domain name has been successfully configured for this Portal. You can now go to {Custom Domain Name} to access this portal. {Custom Domain Name} will be a hyperlink to the Custom Portal URL that you configured.

  7. Select Finish to close the wizard.

Change current custom domain name

To change your existing custom domain name:

  1. From the admin center, select Set up custom domains and SSL.
  2. Manually delete the current SSL binding.
  3. Manually delete the current assigned hostname.
  4. Rerun the wizard and follow the instructions outlined in Add a custom domain name.

Validate the custom domain

The domain should be validated before associating to the endpoint and routes for content delivery network (CDN) enabled websites. You should add TXT record to the domain DNS for the validation. The TXT record is in the form of _dnsauth.<your_subdomain>. In your DNS provider, manually create a new TXT record of name_dnsauth.<your_subdomain> with the record value.

See also

Configure SSL certificates and custom domain names