Set up Cloudflare dashboard SSO
By adding a Dashboard SSO application to your Cloudflare Zero Trust account, you can enforce single sign-on (SSO) to the Cloudflare dashboard with the identity provider (IdP) of your choice. SSO will be enforced for every user in your email domain.
|Yes (with Standard or Premium Success plans)
1. Set up an IdP
2. Contact your account team
Ask your account team to approve and create your SSO domain. An SSO domain is the email domain associated with the members in your Cloudflare account. For example, if your SSO domain is configured for emails ending in
@yourcompany.com, a member with email
@test.com would not see the Log in with SSO option and would have to enter their username and password.
Once your SSO domain is approved, a new SSO App application will appear under Access > Applications. The application is pre-configured with
allow email domain as the default rule and your IdP as the authentication providers.
SSO domain requirements
- The email domain must belong to your organization. Public email providers such as
@gmail.comare not allowed.
- Every user with that email domain must be an employee in your organization. For example, university domains such as
@harvard.eduare not allowed because they include student emails.
- Your SSO domain can include multiple email domains.
3. Enable dashboard SSO
In the Cloudflare dashboard SSO card, set your email domain to Enabled. This action can only be performed by Super Administrators.
Do not log out or close your browser window. Instead, open a different browser or an incognito window.
If you can log in successfully, you have successfully set up your dashboard SSO application.
If you cannot log in successfully: