Custom domains

In this article, you learn how to connect the platform (backend and assessment portal) and e-mail to a custom domain, for example 'assessments.<your domain>.com' or 'compliance.<your domain>.com.' A custom domain name boosts credibility and makes the assessment portal and e-mails appear legitimate to your third parties.


With all the phishing scams going around the web nowadays, it is not surprising that people are cautious about clicking on a URL they don’t recognize. Using a custom domain connected to your brand name can encourage your third parties to click the link, access the assessment portal, and complete the assessment.

Custom domains

The custom domain will be applied to the backend, the assessment portal and all the e-mail communication sent by the platform.


By connecting a custom domain, the backend of the platform (i.e. the daily working environment for your risk and compliance officers) will be directly accessible from the subdomain of your liking.

Assessment portal

The custom domain will also be connected to the assessment portal. This means that your third parties will access their due diligence assessment through a link that contains the custom domain. For example: 'assessments.<your domain>.com/<unique assessment identifier>'.


The platform can be configured to send e-mails from a custom domain, for example, 'assessments@<your domain>.com' or 'assessments@compliance.<your domain>.com.'

We recommend using Microsoft Graph for sending and receiving e-mails as you keep full control over all the e-mail communication by the platform, including audit logging.


The 3rdRisk partner coordinates the process of implementing custom domains. The 3rdRisk team will implement custom domains based on the input provided by the partner. If no partner is involved, the 3rdRisk team will directly reach out to you.

1. Discuss custom domain

The first step is to discuss the need for using a custom domain with your partner or the 3rdRisk team. We advise using your own domain because it boosts credibility and makes the assessment portal and e-mails look legitimate to your third parties.

If you decide to use your own domain, you must consider which subdomain you want to use. This could be a subdomain such as 'assessments.<your domain>.com', 'compliance.<your domain>.com' or 'security.<your domain>.com'.

2. Complete intake form

The second step includes completing the custom domain intake form and providing it to your partner or the 3rdRisk team. 

The custom domain intake form consists of the following fields:

  • Customer name: <enter name of the end customer>
  • Partner name: <insert name of the partner>
  • Contact person: <provide name of contact person>
  • Technical contact person: <provide name and contact details of IT engineer>
  • Contact details: <add contact details>
  • Order number: <insert order number>
  • Preferred subdomain: <insert subdomain, e.g. 'assessments.<your domain>.com'>
  • Preferred e-mail: <insert e-mail address, e.g. 'assessments@<your domain>.com'>

3. Review and support

The third step is to send the custom domain intake form to your partner or the 3rdRisk team for review. If you need help completing the intake form, contact your partner or 3rdRisk via e-mail or chat to get immediate support. After submitting the intake form, the 3rdRisk team will reach out to the technical contact person and initiate the custom domain implementation.

4. Implement

The fourth step contains implementing the custom domain for the backend and assessment portal. The implementation requires actions from the 3rdRisk team and you (the end customer). These steps are indicated below:

  1. End customer: Add CAA record issue "" allowing Amazon certificate authority (ACM) to issue a certificate.
  2. End customer: Inform 3rdRisk ( that the CCA record is added to DNS.
  3. 3rdRisk team: Request SSL certificate and send CNAME to end customer
  4. End customer: Add CNAME records sent by 3rdRisk for DNS validation and host forwarding. Inform the 3rdRisk team that CNAME records are added to DNS.
  5. 3rdRisk team: Make changes to activate the subdomain and request the end customer to initiate a functional test.

Using your own domain for e-mail communication sent by the platform can be configured through DNS or by using Microsoft Graph.

5. Approve

Before the implementation is approved, you have to test the working of the custom domain within your own environment. After testing, you are asked to approve the custom domain implementation by sending an e-mail to your partner or the 3rdRisk team.

Download intake form

Please contact for the intake form.