Skip to main content
Version: Config V2

Cloudflare Zero Trust

Connect ConfigCat with Cloudflare Zero Trust via SAML.


Each SSO Identity Provider requires specific information to configure a SAML integration. The following guide will walk you through how you can connect ConfigCat with Cloudflare Zero Trust as a SAML Identity Provider.

1. Create an Application in Cloudflare

  • Log in to CloudFlare, go to the Zero Trust Dashboard, and select Applications under the Access menu.
    Then click on Add an application.

    Create Cloudflare application
  • Select SaaS.

    Select SaaS
  • Enter a descriptive name in the Application field.

    Cloudflare app name

The next step will guide you on how to collect the information required for the appearing configuration section.

2. Configure SAML for the Cloudflare Application

  • Open your organization's authentication settings on the ConfigCat Dashboard.

    ConfigCat authentication settings

    ConfigCat Add Identity Provider
  • Give a name for your Identity Provider, and click Create.

    ConfigCat Name Identity Provider
  • From the next section of the dialog, copy the following values and paste them into the Cloudflare application.

    • Entity ID -> Entity ID

    • Assertion Consumer Service -> Assertion Consumer Service URL

      ConfigCat SAML configuration Cloudflare SAML url EID
  • Set the Name ID Format to Email.

    Cloudflare SAML name id
  • Click Next at the bottom of the page.

3. Configure policies for the Cloudflare Application

To let users authenticate via SAML, you need to assign groups to the Cloudflare application.

  • Give a name for the Cloudflare Application's policy and check those groups that you want to assign.

    Cloudflare SAML name id
  • Click Next at the bottom of the page.

4. Configure ConfigCat with SAML Details from Cloudflare

  • Copy the value of SSO endpoint and Public key fields.

    Cloudflare SSO url cert
  • On the ConfigCat Dashboard, select the 3. Set up ConfigCat step, click Manual Configuration, then paste the copied values into the appearing fields.

    • SSO endpoint -> Sign-on URL

    • Public key -> X.509 Certificate

      ConfigCat manual configuration

5. Select Trusted Domains on the SAML Configuration Dialog

  • Only user accounts from trusted domains can login with SAML SSO. You can bind multiple verified domains to a SAML Identity Provider.

    Select trusted domains
  • Click Save.

5. Sign In

  • Go to the ConfigCat Log In page, and click COMPANY ACCOUNT - SAML.

    ConfigCat SAML login
  • Sign in with your company email address assigned to the Cloudflare application.

    ConfigCat SAML company login
  • ConfigCat will redirect you to Cloudflare's sign in page.

    Cloudflare sign in

6. Next Steps