Skip to content

[CF1] sso limitations update #19754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Feb 6, 2025
Merged

[CF1] sso limitations update #19754

merged 4 commits into from
Feb 6, 2025

Conversation

@deadlypants1973
Copy link
Contributor

@deadlypants1973 deadlypants1973 commented Feb 5, 2025

Summary

15081

Screenshots (optional)

Screenshot 2025-02-05 at 11 18 04

Documentation checklist

  • The documentation style guide has been adhered to.
  • If a larger change - such as adding a new page- an issue has been opened in relation to any incorrect or out of date information that this PR fixes.
  • Files which have changed name or location have been allocated redirects.

@deadlypants1973 deadlypants1973 requested review from a team, kennyj42 and ranbel as code owners February 5, 2025 11:18
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Feb 5, 2025
edited
Loading

Deploying cloudflare-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: ee97fa0
Status: ✅  Deploy successful!
Preview URL: https://068d94bf.cloudflare-docs-7ou.pages.dev
Branch Preview URL: https://kate-fixes-ssolimit.cloudflare-docs-7ou.pages.dev

View logs

@github-actions
Copy link
Contributor

github-actions bot commented Feb 5, 2025

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/dash-sso-apps/ https://kate-fixes-ssolimit.cloudflare-docs-7ou.pages.dev/cloudflare-one/applications/configure-apps/dash-sso-apps/

kennyj42
kennyj42 reviewed Feb 5, 2025
View reviewed changes
src/content/docs/cloudflare-one/applications/configure-apps/dash-sso-apps.mdx Outdated
:::note

We recommend noting down your [Global API key](/fundamentals/api/get-started/keys/) in case you need to [disable SSO](#option-2-disable-dashboard-sso) later.
Cloudflare recommends noting down your [Global API key](/fundamentals/api/get-started/keys/) in case you need to [disable SSO](#option-2-disable-dashboard-sso) later.
Copy link
Contributor

@kennyj42 kennyj42 Feb 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we caveat to store it carefully. the global api key is very powerful

kennyj42
kennyj42 reviewed Feb 5, 2025
View reviewed changes
src/content/docs/cloudflare-one/applications/configure-apps/dash-sso-apps.mdx Outdated
* Users with plus-addressed emails, such as `[email protected]`. If you have users like this added to your Cloudflare organization, they will be unable to login with SSO.
* IdP initiated logins (such as a tile in Okta). All login attempts must originate from `https://dash.cloudflare.com`. You can create a bookmark for this URL in your IdP to assist users.
- Users with plus-addressed emails, such as `[email protected]`. If you have users like this added to your Cloudflare organization, they will be unable to login with SSO.
- IdP initiated logins (such as a tile in Okta). All login attempts must originate from `https://dash.cloudflare.com`. You can create a bookmark for this URL in your IdP to assist users.
Copy link
Contributor

@kennyj42 kennyj42 Feb 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can actually do this, kind of. If you configure a Cloudflare SAML application in Okta and paste in the SSO config info from the Dash SSO app, it will work.

Copy link
Contributor Author

@deadlypants1973 deadlypants1973 Feb 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kennyj42 making a note of this in another ticket. Need to add these instructions in the right place.

kennyj42
kennyj42 reviewed Feb 5, 2025
View reviewed changes
src/content/docs/cloudflare-one/applications/configure-apps/dash-sso-apps.mdx Outdated
* IdP initiated logins (such as a tile in Okta). All login attempts must originate from `https://dash.cloudflare.com`. You can create a bookmark for this URL in your IdP to assist users.
- Users with plus-addressed emails, such as `[email protected]`. If you have users like this added to your Cloudflare organization, they will be unable to login with SSO.
- IdP initiated logins (such as a tile in Okta). All login attempts must originate from `https://dash.cloudflare.com`. You can create a bookmark for this URL in your IdP to assist users.
- Adding a separate email-based policy to the SSO application that does not match your SSO domain policy. As your account team must [approve and create your SSO domain](/cloudflare-one/applications/configure-apps/dash-sso-apps/#2-contact-your-account-team) based on the [SSO domain requirements](/cloudflare-one/applications/configure-apps/dash-sso-apps/#sso-domain-requirements), adding a new policy domain policy on your own will not work.
Copy link
Contributor

@kennyj42 kennyj42 Feb 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"new policy domain policy" <- that needs to be reworded

@deadlypants1973 deadlypants1973 merged commit 1933657 into production Feb 6, 2025
12 checks passed
@deadlypants1973 deadlypants1973 deleted the kate/fixes-ssolimit branch February 6, 2025 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kennyj42 kennyj42 kennyj42 left review comments

@Oxyjun Oxyjun Oxyjun approved these changes

@ranbel ranbel Awaiting requested review from ranbel ranbel is a code owner

Assignees

@kennyj42 kennyj42

@ranbel ranbel

Labels

product:cloudflare-one size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@deadlypants1973 @kennyj42 @Oxyjun @ranbel