Ironclad

Last reviewed: about 2 months ago

This guide covers how to configure Ironclad ↗ as a SAML application in Cloudflare Zero Trust.

Prerequisites

In Zero Trust ↗, go to Access > Applications.
Select Add an application > SaaS.
For Application, enter Ironclad and select the corresponding textbox that appears.
For the authentication protocol, select SAML.
Select Add application.
Copy the SSO Endpoint and Public key.
Keep this window open without selecting Select configuration. You will finish this configuration in step 3. Finish adding a SaaS application to Cloudflare Zero Trust.

In Ironclad, select your profile picture > Company settings > Integrations > SAML.
Select Add SAML Configuration > Show Additional IdP Settings.
Copy the Callback value.
Fill in the following fields:
- Entry Point: SSO endpoint from application configuration in Cloudflare Zero Trust.
- Identity Provider Certificate: Public key from application configuration in Cloudflare Zero Trust. The key will automatically be wrapped in -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
Select Save.

In your open Zero Trust window, fill in the following fields:
- Entity ID: ironcladapp.com
- Assertion Consumer Service URL: Callback from Ironclad SAML SSO set-up.
- Name ID format: Email
Select Save configuration.
Configure Access policies for the application.
Select Done.

In Ironclad, select your profile picture > Company settings > Users & Groups.
Select Invite User.
For Email addresses, add your desired email address for your test user.
For Sign-in Method, ensure Sign in with (your-team-domain.cloudflareaccess.com) is selected
Select Invite.
In the invitation email sent to the test user, select Join now. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
Once this is successful, you can contact your LE, CSM POC, or [email protected] to migrate existing users to SSO login.