Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)


The PingOne® cloud platform from PingIdentity provides SSO identity management. Cloudflare Access supports PingOne as a SAML identity provider.

​​ Set up PingOne as an identity provider

  1. In your PingIdentity environment, navigate to Connections > Applications.

  2. Click Add Application.

  3. Enter an Application Name.

  4. Select SAML Application.

  5. Click Configure.

  6. To fill in your Cloudflare Access metadata:

    1. Select Import from URL.
    2. Set the Import URL to:

    where <your-team-name> is your Cloudflare Zero Trust team name.

    1. Click Import.
    2. Save the configuration.
  7. In the Configuration tab, click Download metadata and save the XML metadata file. This file will be used in a later step to add PingOne to the Zero Trust Dashboard.

  8. In the Attribute Mappings tab, add the following required attributes (case sensitive) and click Save.

Application attributeOutgoing value
emailEmail Address
givenNameGiven Name
surNameFamily Name

These SAML attributes tell Cloudflare Access who the user is.

  1. Enable the application.
  2. On the Zero Trust Dashboard, navigate to Settings > Authentication.
  3. Under Login methods, click Add new.
  4. Select SAML.
  5. Upload your PingOne XML metadata file from Step #7.
  6. (Recommended) Enable Sign SAML authentication request.
  7. Click Save.

You can now test your connection and create Access policies based on the configured login method and SAML attributes.