Add a SaaS application to Access
Cloudflare Access allows you to add an additional authentication layer to your SaaS applications. When you integrate a SaaS application with Access, users log in using your existing identity providers and are only granted access if they pass your Access policies.
This page provides generic instructions for setting up a SaaS application in Zero Trust.
1. Get SaaS application URLs
Obtain the following URLs from your SaaS application account:
- Entity ID: A unique URL issued for your SaaS application, for example
- Assertion Consumer Service URL: The service provider’s endpoint for receiving and parsing SAML assertions.
2. Add your application to Access
Select Add an application.
Select your Application from the drop-down menu. If your application is not listed, enter a custom name in the Application field and select the textbox that appears below.
Enter the Entity ID and Assertion Consumer Service URL obtained from your SaaS application account.
Select the Name ID Format expected by your SaaS application (usually Email).
If your SaaS application requires additional SAML attribute statements, add the mapping of your IdP’s attributes you would like to include in the SAML statement sent to the SaaS application.
Under Block pages, choose what end users will see when they are denied access to the application:
Next, configure how users will authenticate:
2. Add an Access policy
3. Configure SSO in your SaaS application
Finally, you will need to configure your SaaS application to require users to log in through Cloudflare Access.
Configure the following fields with your SAML SSO-compliant application:
- SSO endpoint
- Access Entity ID or Issuer
- Public key
You can either manually enter this data into your SaaS application or upload a metadata XML file. The metadata is available at the URL:
<SSO Endpoint>/saml-metadata. The SSO Endpoint can be copied out of the dashboard.
Your application will appear on the Applications page.
The following tutorials provide detailed integration instructions for specific SaaS applications.