PingOne (SAML)
The PingOne cloud platform from PingIdentity provides SSO identity management. Cloudflare Access supports PingOne as a SAML identity provider.
-
In your PingIdentity environment, go to Connections > Applications.
-
Select Add Application.
-
Enter an Application Name.
-
Select SAML Application.
-
Select Configure.
-
To fill in your Cloudflare Access metadata:
- Select Import from URL.
- Set the Import URL to:
where
<your-team-name>
is your Cloudflare Zero Trust team name.- Select Import.
- Save the configuration.
-
In the Configuration tab, select Download metadata and save the XML metadata file. This file will be used in a later step to add PingOne to Zero Trust.
-
In the Attribute Mappings tab, add the following required attributes (case sensitive) and select Save.
Application attribute Outgoing value email
Email Address givenName
Given Name surName
Family Name These SAML attributes tell Cloudflare Access who the user is.
-
Set the application to Active.
-
In Zero Trust ↗, go to Settings > Authentication.
-
Under Login methods, select Add new.
-
Select SAML.
-
Upload your PingOne XML metadata file.
-
(Optional) To enable SCIM, refer to Synchronize users and groups.
-
(Optional) Under Optional configurations, configure additional SAML options.
-
Select Save.
You can now test your connection and create Access policies based on the configured login method and SAML attributes.