Skip to content
Cloudflare for Teams
Visit Cloudflare for Teams on GitHub
Set theme to dark (⇧+D)

SaaS applications

Cloudflare Access allows you to integrate your SaaS products by acting as an identity aggregator, or proxy. This way, users cannot login to SaaS applications without first meeting the criteria you want to introduce.

SaaS applications diagram

1. Add your application

  1. On the Teams dashboard, navigate to Access > Applications.
  2. Click Add an application.
  3. Select SaaS.

Access Saas and Self-Hosted

  1. In the Configure app section, select an application from the Application drop-down menu. If your application is not listed, type its name in the textbox and select it.

Unlisted SaaS app

  1. In the Entity ID field, provide the unique identifier of your SaaS application. SaaS applications store this information in different ways.

  2. In the Assertion Consumer Service URL field, input the service provider’s endpoint for receiving and parsing SAML assertions.

  3. Scroll down to the Application logo card to choose a logo that will represent the application in the App Launcher and in the Applications page. You can either:

  • Select Default if you want to show the SaaS application’s logo.
  • Select Custom if you want to assign a custom logo to the application.

SaaS logo

  1. Next, scroll down to the Identity Providers card to select the identity providers you want to enable for your app.

    Setup SaaS IdPs

  2. Click Next.

2. Add a policy

You can now configure a policy to control who can access your app.

To learn more about how policies work, read our Policies.

  1. First, specify a name for your rule. This is a mandatory field.
  2. Specify a policy action.
  3. Specify one or more rules in the Configure a rule box. You can add as many include, exception, or require statements as needed.
  4. Click Next to add your application to Access.

3. Integrate your SaaS application with Access

Before you begin using your application through Access, your last step is to integrate your SaaS application to Access.

  1. First, configure these fields with your SAML SSO-compliant application. Take note of these fields before you click Done:
  • Your SSO endpoint

  • Your Access Entity ID or Issuer

  • Your Public key

    Setup SaaS IdPs

  1. Click Done to see your application listed on your Applications tab.