diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/adobe-sign-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/adobe-sign-saas.mdx index a9bc1d27d645623..069e4a022cd5e60 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/adobe-sign-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/adobe-sign-saas.mdx @@ -44,9 +44,8 @@ This guide covers how to configure [Adobe Acrobat Sign](https://helpx.adobe.com/ * **Entity ID**: Entity ID/SAML Audience from Adobe Acrobat Sign SAML SSO configuration. * **Assertion Consumer Service URL**: Assertion Consumer URL from Adobe Acrobat Sign SAML SSO configuration. * **Name ID format**: *Email* -2. Select **Save configuration**. -3. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -4. Select **Done**. +2. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +3. Save the application. ## 4. Test the integration and finalize configuration diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/area-1.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/area-1.mdx index 9eaf85450057374..c1bc57ec8483f3f 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/area-1.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/area-1.mdx @@ -32,21 +32,11 @@ sidebar: | **Assertion Consumer Service URL** | `https://horizon.area1security.com/api/users/saml` | | **Name ID Format** | *Email* | -6. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application. +6. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -7. Choose the **Identity providers** you want to enable for your application. +7. Save the application. -8. Turn on **Instant Auth** if you are selecting only one login method for your application, and would like your end users to skip the identity provider selection step. - -9. Select **Next**. - -## 2. Add an Access policy - -1. To control who can access your application, [create an Access policy](/cloudflare-one/policies/access/). - -2. Select **Next**. - -## 3. Configure SSO for Area 1 +## 2. Configure SSO for Area 1 Finally, you will need to configure Area 1 to allow users to log in through Cloudflare Access. @@ -74,6 +64,4 @@ Finally, you will need to configure Area 1 to allow users to log in through Clou 7. Select **Update Settings**. -8. In Zero Trust, select **Done**. - -Your application will appear on the **Applications** page. If you added the application to your App Launcher, you can test the integration by going to `.cloudflareaccess.com`. +If you added the application to your App Launcher, you can test the integration by going to `.cloudflareaccess.com`. diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/asana-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/asana-saas.mdx index aeebf64cf0a0e91..9a57671a43568cd 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/asana-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/asana-saas.mdx @@ -26,9 +26,8 @@ This guide covers how to configure [Asana](https://help.asana.com/hc/en-us/artic * **Assertion Consumer Service URL**: `https://app.asana.com/-/saml/consume` * **Name ID format**: *Email* 7. Copy the **SSO endpoint** and **Public key**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Add a SAML SSO provider to Asana diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/atlassian-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/atlassian-saas.mdx index 9d148d90c5e0c40..7f6ea7e1324362b 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/atlassian-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/atlassian-saas.mdx @@ -24,7 +24,7 @@ This guide covers how to configure [Atlassian Cloud](https://support.atlassian.c 4. For the authentication protocol, select **SAML**. 5. Select **Add application**. 6. Copy the **Access Entity ID or Issuer**, **Public key**, and **SSO endpoint**. -7. Keep this window open without selecting **Select configuration**. You will finish this configuration in step [4. Finish adding a SaaS application to Cloudflare Zero Trust](#4-finish-adding-a-saas-application-to-cloudflare-zero-trust). +7. Keep this window open. You will finish this configuration in step [4. Finish adding a SaaS application to Cloudflare Zero Trust](#4-finish-adding-a-saas-application-to-cloudflare-zero-trust). ## 2. Create a x.509 certificate @@ -38,13 +38,9 @@ This guide covers how to configure [Atlassian Cloud](https://support.atlassian.c 3. For **Directory name**, enter your desired name. For example, you could enter `Cloudflare Access`. 4. Select **Add** > **Set up SAML single sign-on** > **Next**. -:::note - - -This screen will advise you to create an authentication policy before proceeding. You will do this in step [5. Create an application policy to test integration](#5-create-an-authentication-policy-to-test-integration). - - -::: + :::note + This screen will advise you to create an authentication policy before proceeding. You will do this in step [5. Create an application policy to test integration](#5-create-an-authentication-policy-to-test-integration). + ::: 5. Fill in the following fields: * **Identity provider Entity ID**: Access Entity ID or Issuer from application configuration in Cloudflare Zero Trust. @@ -62,9 +58,8 @@ This screen will advise you to create an authentication policy before proceeding * **Entity ID**: Service provider entity URL from Atlassian Cloud SAML SSO set-up. * **Assertion Consumer Service URL**: Service provider assertion comsumer service URL from Atlassian Cloud SAML SSO set-up. * **Name ID format**: *Email* -2. Select **Save configuration**. -3. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -4. Select **Done**. +2. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +3. Save the application. ## 5. Create an authentication policy to test integration diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/aws-sso-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/aws-sso-saas.mdx index f988b586729eb17..7fcc3506ce72ad6 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/aws-sso-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/aws-sso-saas.mdx @@ -40,9 +40,8 @@ Next, we will obtain **Identity provider metadata** from Zero Trust. 1. Copy the **SAML Metadata endpoint**. 2. In a separate browser window, go to the SAML Metadata endpoint (`https://.cloudflareaccess.com/cdn-cgi/access/sso/saml/xxx/saml-metadata`). 3. Save the page as `access_saml_metadata.xml`. -9. Save your SaaS application configuration. -10. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -11. Select **Done**. +9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +10. Save the application. ## 3. Complete AWS configuration @@ -60,7 +59,7 @@ Access for SaaS does not currently support [SCIM provisioning](/cloudflare-one/i 1. Users are created in both your identity provider and AWS. 2. Users have matching usernames in your identity provider and AWS. -3. Usernames are email addresses. This is the only format AWS supports with third-party SSO providers. +3. Usernames are email addresses. This is the only format AWS supports with third-party SSO providers. ::: ## 4. Test the integration diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/braintree-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/braintree-saas.mdx index 865b76f7000c5c2..7e7c6f78c3f590d 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/braintree-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/braintree-saas.mdx @@ -26,9 +26,8 @@ This guide covers how to configure [Braintree](https://developer.paypal.com/brai * **Assertion Consumer Service URL**: `https://www.placeholder.com` * **Name ID format**: *Email* 7. Copy the **SSO endpoint** and **Public key**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Enable SSO Configuration in Braintree diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/coupa-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/coupa-saas.mdx index 371a1c310c04c24..9f8386faf11b65b 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/coupa-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/coupa-saas.mdx @@ -28,9 +28,8 @@ This guide covers how to configure [Coupa](https://compass.coupa.com/en-us/produ * **Name ID format**: *Email* 7. Copy the **Access Entity ID or Issuer** and **SAML Metadata Endpoint**. 8. In **Default relay state**, enter `https://.coupahost.com/sessions/saml_post`. -9. Select **Save configuration**. -10. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -11. Select **Done**. +9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +10. Save the application. ## 2. Download the metadata file diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/digicert-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/digicert-saas.mdx index d5986d5bef4214f..92ccbb9c8d25678 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/digicert-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/digicert-saas.mdx @@ -27,9 +27,8 @@ This guide covers how to configure [Digicert](https://docs.digicert.com/en/certc * **Assertion Consumer Service URL**: `https://www.digicert.com/account/sso/` * **Name ID format**: *Email* 7. Copy the **SAML Metadata endpoint**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Add a SAML SSO provider in Digicert diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/docusign-access.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/docusign-access.mdx index ec871675a13d0df..0bab2519bf53909 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/docusign-access.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/docusign-access.mdx @@ -45,20 +45,17 @@ This guide covers how to configure [Docusign](https://support.docusign.com/s/doc 7. Set an Access policy (for example, create a policy based on _Emails ending in @example.com_). -8. Copy and save SSO Endpoint, Entity ID and Public Key. +8. Copy and save the **SSO Endpoint**, **Entity ID** and **Public Key**. - :::note +9. Transform the **Public Key** into a fingerprint: - The Public key must be transformed into a fingerprint. To do that: + 1. Copy the **Public Key** Value. -9. Copy the Public Key Value. + 2. Paste the **Public Key** into VIM or another code editor. -10. Paste the Public Key into VIM or another code editor. + 3. Wrap the value in `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`. -11. Wrap the value in `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`. - -12. Set the file extension to `.crt` and save. - ::: + 4. Set the file extension to `.crt` and save. ## 2. Configure your DocuSign SSO instance diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/dropbox-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/dropbox-saas.mdx index 0e86f0db764ff23..209fbcc30cf62ba 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/dropbox-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/dropbox-saas.mdx @@ -26,9 +26,8 @@ This guide covers how to configure [Dropbox](https://help.dropbox.com/security/s * **Assertion Consumer Service URL**: `https://www.dropbox.com/saml_login` * **Name ID format**: *Email* 7. Copy the **SSO endpoint** and **Public key**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Create a certificate file diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas.mdx index 26ab8a83e176ca0..947d924f17f7405 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-oidc-saas.mdx @@ -62,24 +62,22 @@ Some SaaS applications provide the Redirect URL after you [configure the SSO pro | Key endpoint | Returns the current public keys used to [verify the Access JWT](/cloudflare-one/identity/authorization-cookie/validating-json/)
`https://.cloudflareaccess.com/cdn-cgi/access/sso/oidc//jwks` | | User info endpoint | Returns all user claims in JSON format
`https://.cloudflareaccess.com/cdn-cgi/access/sso/oidc//userinfo` | -11. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering the URL that users should be sent to when they select the tile. +11. Add [Access policies](/cloudflare-one/policies/access/) to control who can connect to your application. All Access applications are deny by default -- a user must match an Allow policy before they are granted access. -12. +12. -13. +13. Select **Next**. -14. Select **Save configuration**. +14. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application. -## 3. Add an Access policy +15. -1. To control who can access the SaaS application, [create an Access policy](/cloudflare-one/policies/access/). +16. Select **Save application**. -2. Select **Done**. - -## 4. Configure SSO in your SaaS application +## 3. Configure SSO in your SaaS application Next, configure your SaaS application to require users to log in through Cloudflare Access. Refer to your SaaS application documentation for instructions on how to configure a third-party OIDC SSO provider. -## 5. Test the integration +## 4. Test the integration Open an incognito browser window and go to the SaaS application's login URL. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider. diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas.mdx index 446dfec843ade6f..5a207f5178194f7 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/generic-saml-saas.mdx @@ -48,19 +48,17 @@ Obtain the following URLs from your SaaS application account: If you are using Okta, Microsoft Entra ID (formerly Azure AD), Google Workspace, or GitHub as your IdP, Access will automatically send a SAML attribute titled `groups` with all of the user's associated groups as attribute values. ::: -11. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application. +11. Add [Access policies](/cloudflare-one/policies/access/) to control who can connect to your application. All Access applications are deny by default -- a user must match an Allow policy before they are granted access. -12. +12. -13. +13. Select **Next**. -14. Select **Save configuration**. +14. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application. -## 2. Add an Access policy +15. -1. To control who can access the SaaS application, [create an Access policy](/cloudflare-one/policies/access/). - -2. Select **Done**. +16. Select **Save application**. ## 3. Configure SSO in your SaaS application diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/github-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/github-saas.mdx index dd8ca0ea731c72d..18a5682af1ae73b 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/github-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/github-saas.mdx @@ -27,9 +27,8 @@ This guide covers how to configure [GitHub Enterprise Cloud](https://docs.github * **Assertion Consumer Service URL**: `https://github.com/orgs//saml/consume` * **Name ID format**: *Email* 7. Copy the **SSO endpoint**, **Access Entity ID or Issuer**, and **Public key**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Create a x.509 certificate diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-cloud-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-cloud-saas.mdx index f3d0505feb2c464..2032996bce82995 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-cloud-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-cloud-saas.mdx @@ -37,9 +37,8 @@ When configuring Google Cloud with Access, the following limitations apply: - **Assertion Consumer Service URL**: `https://www.google.com/a//acs` - **Name ID format**: _Email_ 7. Copy the **SSO endpoint**, **Access Entity ID or Issuer**, and **Public key**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Create a x.509 certificate diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-workspace-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-workspace-saas.mdx index b25f2a480d568eb..59867b67e3a7bc2 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-workspace-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/google-workspace-saas.mdx @@ -38,9 +38,11 @@ The integration of Access as a single sign-on provider for your Google Workspace When you put your Google Workspace behind Access, users will not be able to log in using [Google](/cloudflare-one/identity/idp-integration/google/) or [Google Workspace](/cloudflare-one/identity/idp-integration/gsuite/) as an identity provider. ::: -4. On the next page, [create an Access policy](/cloudflare-one/policies/access/) for your application. For example, you could allow users with an `@your_domain.com` email address. +4. [Create an Access policy](/cloudflare-one/policies/access/) for your application. For example, you could allow users with an `@your_domain.com` email address. -5. On the next page, you will see your **SSO endpoint**, **Access Entity ID or Issuer**, and **Public key**. These values will be used to configure Google Workspace. +5. Copy the **SSO endpoint**, **Access Entity ID or Issuer**, and **Public key**. These values will be used to configure Google Workspace. + +6. Save the application. ## 2. Create a certificate from your public key diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-cloud-saas-oidc.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-cloud-saas-oidc.mdx index 11ef1b207a94e40..2fc1b65b3e195ef 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-cloud-saas-oidc.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-cloud-saas-oidc.mdx @@ -25,10 +25,9 @@ This guide covers how to configure [Grafana Cloud](https://grafana.com/docs/graf 7. In **Redirect URLs**, enter `https:///login/generic_oauth`. 8. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/) if the protocol is supported by your IdP. PKCE will be performed on all login attempts. 9. Copy the **Client secret**, **Client ID**, **Token endpoint**, and **Authorization endpoint**. -10. Select **Save configuration**. -11. (Optional) configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering `https:///login`. -12. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -13. Select **Done**. +10. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +11. (Optional) In **Experience settings**, configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering `https:///login`. +12. Save the application. ## 2. Add a SSO provider to Grafana Cloud diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-saas-oidc.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-saas-oidc.mdx index 89cf2235b94f7a9..48b3e8ba1e387ed 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-saas-oidc.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/grafana-saas-oidc.mdx @@ -15,11 +15,7 @@ This guide covers how to configure [Grafana](https://grafana.com/docs/grafana/la * Admin access to a Grafana account :::note - - You can also configure OIDC SSO for Grafana using a [configuration file](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/generic-oauth/#configure-generic-oauth-authentication-client-using-the-grafana-configuration-file) instead of using Grafana's user interface (UI), as documented in this guide. - - ::: ## 1. Add a SaaS application to Cloudflare Zero Trust @@ -33,10 +29,9 @@ You can also configure OIDC SSO for Grafana using a [configuration file](https:/ 7. In **Redirect URLs**, enter `https:///login/generic_oauth`. 8. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/) if the protocol is supported by your IdP. PKCE will be performed on all login attempts. 9. Copy the **Client secret**, **Client ID**, **Token endpoint**, and **Authorization endpoint**. -10. Select **Save configuration**. -11. (Optional) configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering `https:///login`. -12. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -13. Select **Done**. +10. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +11. (Optional) In **Experience settings**, configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering `https:///login`. +12. Save the application. ## 2. Add a SSO provider to Grafana diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/greenhouse-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/greenhouse-saas.mdx index d3ea8b77af42be4..fb43009202bd5a7 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/greenhouse-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/greenhouse-saas.mdx @@ -22,7 +22,7 @@ This guide covers how to configure [Greenhouse Recruiting](https://support.green 4. For the authentication protocol, select **SAML**. 5. Select **Add application**. 6. Copy the **SAML Metadata endpoint**. -7. Keep this window open without selecting **Select configuration**. You will finish this configuration in step [4. Finish adding a SaaS application to Cloudflare Zero Trust](#4-finish-adding-a-saas-application-to-cloudflare-zero-trust). +7. Keep this window open. You will finish this configuration in step [4. Finish adding a SaaS application to Cloudflare Zero Trust](#4-finish-adding-a-saas-application-to-cloudflare-zero-trust). ## 2. Download the metadata file @@ -43,9 +43,8 @@ This guide covers how to configure [Greenhouse Recruiting](https://support.green * **Entity ID**: `greenhouse.io` * **Assertion Consumer Service URL**: SSO Assertion Consumer URL from SSO configuration in Greenhouse Recruiting. * **Name ID format**: *Email* -2. Select **Save configuration**. -3. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -4. Select **Done**. +2. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +3. Save the application. ## 5. Test the integration and finalize configuration diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/hubspot-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/hubspot-saas.mdx index 7057d4c0496c5d7..7128843f1b69c90 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/hubspot-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/hubspot-saas.mdx @@ -30,19 +30,21 @@ This guide covers how to configure [Hubspot](https://knowledge.hubspot.com/accou | Hubspot values | Cloudflare values | | -------------- | ------------------------------ | - | Audience URI | EntityID | + | Audience URI | Entity ID | | Sign On URL | Assertion Consumer Service URL | 4. Set **NameID** to *Email*. 5. Add any desired [Access policies](/cloudflare-one/policies/access/) to your application. -6. Copy SSO endpoint and Access Entity ID. +6. Copy the **SSO endpoint** and **Access Entity ID**. -## 3. Create the certificate +7. Save the application. -1. Wrap the certificate in `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`. -2. Paste the certificate contents into the Certificate field. +## 3. Create a x.509 certificate + +1. Paste the **Public key** in a text editor. +2. Wrap the certificate in `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`. ## 4. Finalize Hubspot configuration diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/ironclad-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/ironclad-saas.mdx index ba4a825556d5188..a0319e2ffffdf5a 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/ironclad-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/ironclad-saas.mdx @@ -22,7 +22,7 @@ This guide covers how to configure [Ironclad](https://support.ironcladapp.com/hc 4. For the authentication protocol, select **SAML**. 5. Select **Add application**. 6. Copy the **SSO Endpoint** and **Public key**. -7. Keep this window open without selecting **Select configuration**. You will finish this configuration in step [3. Finish adding a SaaS application to Cloudflare Zero Trust](#3-finish-adding-a-saas-application-to-cloudflare-zero-trust). +7. Keep this window open. You will finish this configuration in step [3. Finish adding a SaaS application to Cloudflare Zero Trust](#3-finish-adding-a-saas-application-to-cloudflare-zero-trust). ## 2. Add a SAML SSO provider to Ironclad @@ -40,9 +40,8 @@ This guide covers how to configure [Ironclad](https://support.ironcladapp.com/hc * **Entity ID**: `ironcladapp.com` * **Assertion Consumer Service URL**: Callback from Ironclad SAML SSO set-up. * **Name ID format**: *Email* -2. Select **Save configuration**. -3. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -4. Select **Done**. +2. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +3. Save the application. ## 4. Add a test user to Ironclad and test the integration diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/jamf-pro-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/jamf-pro-saas.mdx index 61d857fa2ccef37..55ef40c805ac636 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/jamf-pro-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/jamf-pro-saas.mdx @@ -33,9 +33,8 @@ This guide covers how to configure [Jamf Pro](https://learn.jamf.com/en-US/bundl * **Assertion Consumer Service URL**: Assertion Consumer Service value from Jamf Pro metadata file. * **Name ID format**: *Email* 7. Copy the **SAML Metadata endpoint**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 3. Edit Access SAML Metadata @@ -57,11 +56,7 @@ This guide covers how to configure [Jamf Pro](https://learn.jamf.com/en-US/bundl 5. Turn on **Single Sign On**. :::note - - The Failover Login URL located on this page can be used to log in if your SSO does not work. - - ::: ## 5. Test the Integration diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/miro-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/miro-saas.mdx index 32dd9de72fd8b9e..88d9f890fad49a4 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/miro-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/miro-saas.mdx @@ -29,9 +29,8 @@ This guide covers how to configure [Miro](https://help.miro.com/hc/articles/3600 * **Assertion Consumer Service URL**: `https://miro.com/sso/saml` * **Name ID format**: *Email* 7. Copy the **SSO endpoint** and **Public key**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Add a SAML SSO provider to Miro @@ -52,9 +51,5 @@ This guide covers how to configure [Miro](https://help.miro.com/hc/articles/3600 In the Miro SAML/SSO configuration page, select **Test SSO Configuration**. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider. If the login is successful, you will receive a **SSO configuration test was successful** message. :::note - - When testing the integration, you do not have to use an email from a domain you have configured for SSO or a user configured in Miro. The only requirement is that the user is already configured in your identity provider. - - ::: diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pagerduty-saml-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pagerduty-saml-saas.mdx index 5149743a46b4abe..abfa66b10f6760a 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pagerduty-saml-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pagerduty-saml-saas.mdx @@ -26,9 +26,8 @@ This guide covers how to configure [PagerDuty](https://support.pagerduty.com/doc * **Assertion Consumer Service URL**: ` https://.pagerduty.com/sso/saml/consume` * **Name ID format**: *Email* 7. Copy the **SSO endpoint** and **Public key**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Create a x.509 certificate diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pingboard-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pingboard-saas.mdx index b55b2ae5cd90b2a..fc202fc9863e9bc 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pingboard-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/pingboard-saas.mdx @@ -26,9 +26,8 @@ This guide covers how to configure [Pingboard](https://support.pingboard.com/hc/ * **Assertion Consumer Service URL**: `https://sso-demo.pingboard.com/auth/saml/consume` * **Name ID format**: *Email* 7. Copy the **SAML Metadata endpoint**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Add a SAML SSO provider to Pingboard diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-oidc.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-oidc.mdx index a6c13e2e5bb2dd0..4514b2af2871712 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-oidc.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-oidc.mdx @@ -32,10 +32,9 @@ This guide covers how to configure [Salesforce](https://help.salesforce.com/s/ar * **Authorization endpoint** * **Token endpoint** * **User info endpoint** -10. (Optional) configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering `https://.my.salesforce.com`. -11. Select **Save configuration**. -12. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -13. Select **Done**. +10. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +11. (Optional) In **Experience settings**, configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering `https://.my.salesforce.com`. +12. Save the application. ## 2. Add a SSO provider to Salesforce diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-saml.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-saml.mdx index cf23bc7d0dde6a9..4811a20700c52e1 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-saml.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/salesforce-saas-saml.mdx @@ -29,17 +29,12 @@ This guide covers how to configure [Salesforce](https://help.salesforce.com/s/ar * **Name ID format**: *Email* :::note - - If you are unsure of which URL to use in the **Entity ID** and **Assertion Consumer Service URL** fields, you can check your Salesforce account's metadata. In Salesforce, go to the **Single Sign-On Settings** page and select **Download Metadata**. In this file, you will find the correct URLs to use. - - ::: 7. Copy the **SSO endpoint**, **Public key**, and **Access Entity ID or Issuer**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Create a certificate file @@ -58,11 +53,11 @@ If you are unsure of which URL to use in the **Entity ID** and **Assertion Consu * **Issuer:** Paste the Access Entity ID or Issuer from application configuration in Cloudflare Zero Trust. * **Identity Provider Certificate**: Upload the `.crt` certificate file from [2. Create a certificate file](#2-create-a-certificate-file). * **Entity ID**: `https://.my.salesforce.com` - * **SAML Identity type:** If the user's Salesforce username is their email address, select *Assertion contains the User's Salesforce username*. Otherwise, select *Assertion contains the Federation ID from the User object* and make sure the user's Federation ID matches their email address. + * **SAML Identity type:** If the user's Salesforce username is their email address, select *Assertion contains the User's Salesforce username*. Otherwise, select *Assertion contains the Federation ID from the User object* and make sure the user's Federation ID matches their email address.
1. In the **Quick Find** box, enter `users` and select **Users**. 2. Select the user. - 3. Verify that the user's **Federation ID** matches the email address used to authenticate to Cloudflare Access. + 3. Verify that the user's **Federation ID** matches the email address used to authenticate to Cloudflare Access.
* **Identity Provider Login URL**: SSO endpoint provided in Cloudflare Zero Trust for this application. 5. Select **Save**. diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-oidc.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-oidc.mdx index b309ff64f2a7572..be4aafe79e4a5c8 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-oidc.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-oidc.mdx @@ -25,11 +25,9 @@ This guide covers how to configure [ServiceNow](https://docs.servicenow.com/bund 7. In **Redirect URLs**, enter `https://.service-now.com/navpage.do`. 8. (Optional) Enable [Proof of Key Exchange (PKCE)](https://www.oauth.com/oauth2-servers/pkce/) if the protocol is supported by your IdP. PKCE will be performed on all login attempts. 9. Copy the **Client secret** and **Client ID**. -10. Select **Save configuration**. -11. (Optional) configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering `https://.service-now.com`. -12. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -13. Select **Done**. - +10. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +11. (Optional) In **Experience settings**, configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) by turning on **Enable App in App Launcher** and, in **App Launcher URL**, entering `https://.service-now.com`. +12. Save the application. ## 2. Add the Multiple Provider Single Sign-On Installer Plugin to ServiceNow 1. In ServiceNow, select **All**. diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-saml.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-saml.mdx index bd42669af865b38..aa3f6132d9e8717 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-saml.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/servicenow-saas-saml.mdx @@ -26,9 +26,8 @@ This guide covers how to configure [ServiceNow](https://docs.servicenow.com/bund * **Assertion Consumer Service URL**: `https://.service-now.com/navpage.do` * **Name ID format**: *Email* 7. Copy the **SAML Metadata endpoint**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Add the Multiple Provider Single Sign-On Installer Plugin to ServiceNow diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/slack-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/slack-saas.mdx index 32ec7f8b6a4e82e..1953a1ad2ff80ba 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/slack-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/slack-saas.mdx @@ -28,9 +28,8 @@ This guide covers how to configure [Slack](https://slack.com/help/articles/20377 * **Assertion Consumer Service URL**: `https://.slack.com/sso/saml` * **Name ID format**: The format expected by Slack, usually *Email* 7. Copy the **SSO endpoint**, **Access Entity ID or Issuer**, and **Public key**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Create a x.509 certificate diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/smartsheet-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/smartsheet-saas.mdx index 30dd398d30c41d8..d984dba2d6ddeb3 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/smartsheet-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/smartsheet-saas.mdx @@ -16,11 +16,7 @@ This guide covers how to configure [Smartsheet](https://help.smartsheet.com/arti * A [domain](https://help.smartsheet.com/articles/2483051-domain-management) verified in Smartsheet :::note - - In Smartsheet, SSO is configured for a domain. If you have multiple plans using the same domain, the SSO configuration will apply to all Smartsheet users in that domain, regardless of their plan type. - - ::: ## 1. Add a SaaS application to Cloudflare Zero Trust @@ -35,9 +31,8 @@ In Smartsheet, SSO is configured for a domain. If you have multiple plans using * **Assertion Consumer Service URL**: `https://saml.authn.smartsheet.com/saml2/idpresponse` * **Name ID format**: *Unique ID* 7. Copy the **SAML Metadata endpoint**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Create and test a SAML SSO provider in Smartsheet diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/sparkpost-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/sparkpost-saas.mdx index b23d116cbc35aa5..ddb29f7fa092626 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/sparkpost-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/sparkpost-saas.mdx @@ -32,9 +32,8 @@ This guide covers how to configure [SparkPost or SparkPost EU](https://support.s * `https:///api/v1/users/saml/consume` for SparkPost accounts with dedicated tenants * **Name ID format**: *Email* 7. Copy the **SAML Metadata endpoint**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Download the metadata file @@ -57,5 +56,5 @@ This guide covers how to configure [SparkPost or SparkPost EU](https://support.s :::note -The SparkPost SSO login link is `https://app.sparkpost.com/auth/sso`. Alternatively, you can go to the usual sign in page and select **Log in with Single Sign-On**. +The SparkPost SSO login link is `https://app.sparkpost.com/auth/sso`. Alternatively, you can go to the usual sign in page and select **Log in with Single Sign-On**. ::: diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/tableau-saml-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/tableau-saml-saas.mdx index a6a062a938cfab4..475989d2f9af120 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/tableau-saml-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/tableau-saml-saas.mdx @@ -22,7 +22,7 @@ This guide covers how to configure [Tableau Cloud](https://help.tableau.com/curr 4. For the authentication protocol, select **SAML**. 5. Select **Add application**. 6. Copy the **SAML Metadata endpoint**. -7. Keep this window open without selecting **Select configuration**. You will finish this configuration in step [4. Finish adding a SaaS application to Cloudflare Zero Trust](#4-finish-adding-a-saas-application-to-cloudflare-zero-trust). +7. Keep this window open. You will finish this configuration in step [4. Finish adding a SaaS application to Cloudflare Zero Trust](#4-finish-adding-a-saas-application-to-cloudflare-zero-trust). ## 2. Download the metadata file @@ -45,9 +45,8 @@ This guide covers how to configure [Tableau Cloud](https://help.tableau.com/curr * **Entity ID**: Tableau Cloud entity ID from Tableau Cloud SAML SSO set-up. * **Assertion Consumer Service URL**: Tableau Cloud ACS URL from Tableau Cloud SAML SSO set-up. * **Name ID format**: *Email* -2. Select **Save configuration**. -3. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -4. Select **Done**. +2. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +3. Save the application. ## 5. Test the integration and set default authentication type diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/workday-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/workday-saas.mdx index f4ca54c9e05c945..90cf78c84f459f7 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/workday-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/workday-saas.mdx @@ -26,9 +26,8 @@ This guide covers how to configure [Workday](https://doc.workday.com/admin-guide * **Assertion Consumer Service URL**: `https://.myworkday.com//login-saml.flex` for a production account or `https://-impl.myworkday.com//login-saml.flex` for a preview sandbox account * **Name ID format**: *Email* 7. Copy the **SSO endpoint**, **Access Entity ID or Issuer**, and **Public key**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Download the metadata file @@ -59,11 +58,7 @@ This guide covers how to configure [Workday](https://doc.workday.com/admin-guide ## 4. Test the integration :::note - - If you encounter a situation where one or more users get locked out of Workday, the user can use this backup URL provided by Workday to sign in with their username and password: `https:///login.flex?redirect=n`. - - ::: 1. In Workday, create an [authentication rule](https://doc.workday.com/admin-guide/en-us/authentication-and-security/authentication/authentication-policies/dan1370796466772.html). diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zendesk-sso-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zendesk-sso-saas.mdx index 24b4a5d019b1503..2173b827f5c5073 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zendesk-sso-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zendesk-sso-saas.mdx @@ -40,23 +40,27 @@ This guide covers how to configure [Zendesk](https://support.zendesk.com/hc/en-u 6. To determine who can access Zendesk, [create an Access policy](/cloudflare-one/policies/access/). -7. Copy the values from the Cloudflare IdP fields and add them to the following Zendesk fields: +7. Copy the **SSO Endpoint** and **Public Key**. - | Cloudflare IdP field | Zendesk field | - | ------------------------------------------- | --------------------------- | - | **SSO Endpoint** | **SAML SSO URL** | - | **Public Key** (transformed to fingerprint) | **Certificate Fingerprint** | +8. Transform the public key into a fingerprint: + + 1. Open a [fingerprint calculator](https://www.samltool.com/fingerprint.php). - To transform the public key into a fingerprint, use a [fingerprint calculator](https://www.samltool.com/fingerprint.php): + 2. Paste the **Public Key** into **X.509 cert**. - 1. Copy the public key value and paste it into **X.509 cert**. + 3. Wrap the value with `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`. - 2. Wrap the value with `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`. + 4. Set **Algorithm** to _SHA256_ and select **Calculate Fingerprint**. - 3. Set **Algorithm** to _SHA256_ and select **Calculate Fingerprint**. + 5. Copy the **Formatted FingerPrint** value. - 4. Copy the **Formatted FingerPrint** value. +9. Add the Cloudflare values to the following Zendesk fields: + + | Cloudflare IdP field | Zendesk field | + | ------------------------------------------- | --------------------------- | + | **SSO Endpoint** | **SAML SSO URL** | + | **Public Key** (transformed to fingerprint) | **Certificate Fingerprint** | -8. Go to `https://.zendesk.com/admin/security/staff_members` and enable **External Authentication** > **Single Sign On**. +10. Go to `https://.zendesk.com/admin/security/staff_members` and enable **External Authentication** > **Single Sign On**. Users should now be able to log in to Zendesk if their Email address exists in the Zendesk user list. diff --git a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zoom-saas.mdx b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zoom-saas.mdx index cbbc5749464a1fc..41f72e814d5dc06 100644 --- a/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zoom-saas.mdx +++ b/src/content/docs/cloudflare-one/applications/configure-apps/saas-apps/zoom-saas.mdx @@ -28,9 +28,8 @@ This guide covers how to configure [Zoom](https://support.zoom.com/hc/en/article * **Assertion Consumer Service URL**: `https://.zoom.us/saml/SSO` * **Name ID format**: *Email* 7. Copy the **Access Entity ID or Issuer**, **Public key**, and **SSO endpoint**. -8. Select **Save configuration**. -9. Configure [Access policies](/cloudflare-one/policies/access/) for the application. -10. Select **Done**. +8. Configure [Access policies](/cloudflare-one/policies/access/) for the application. +9. Save the application. ## 2. Add a SAML SSO provider in Zoom