Last reviewed: almost 2 years ago
This guide covers how to configure SparkPost or SparkPost EU ↗ as a SAML application in Cloudflare Zero Trust.
- An identity provider configured in Cloudflare Zero Trust
- Admin access to a SparkPost or SparkPost EU account
- In Zero Trust ↗, go to Access > Applications.
- Select Add an application > SaaS > Select.
- For Application, enter
SparkPostand select the corresponding textbox that appears.
- For the authentication protocol, select SAML.
- Select Add application.
- Fill in the following fields:
- Entity ID:
https://api.sparkpost.comfor SparkPost accounts
https://api.eu.sparkpost.comfor SparkPost EU accounts
https://<api-host>for SparkPost accounts with dedicated tenants
-
- Assertion Consumer Service URL:
https://api.sparkpost.com/api/v1/users/saml/consumefor SparkPost accounts
https://api.eu.sparkpost.com/api/v1/users/saml/consumefor SparkPost EU accounts
https://<api-host>/api/v1/users/saml/consumefor SparkPost accounts with dedicated tenants
-
- Name ID format: Email
- Entity ID:
- Copy the SAML Metadata endpoint.
- Configure Access policies for the application.
- Save the application.
- Paste the SAML metadata endpoint from application configuration in Cloudflare Zero Trust in a web browser.
- Follow your browser-specific steps to download the URL's contents as an
.xmlfile.
- In SparkPost, select your profile picture > Account Settings.
- Under Single Sign-On, select Provision SSO.
- Under Upload your Security Assertion Markup Language (SAML), select select a file and upload the
.xmlfile you created in step 2. Download the metadata file.
- Select Provision SSO.
- Select Enable SSO.
- In SparkPost, current users must be deleted and re-invited to use SSO. To create a test user, select your profile picture > Users > name of the user > Delete User. Then, select Invite User and fill in the necessary information. Alternatively, invite a new user. An invitation email will be sent.
- Go to the link sent in the invitation email. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
- Once SSO is successful, you can turn on SSO for the rest of your current users by deleting and then re-inviting them.
