Cloudflare Docs
Cloudflare Zero Trust
Edit this page on GitHub
Set theme to dark (⇧+D)


The PingOne® cloud platform from PingIdentity provides SSO identity management. Cloudflare Access supports PingOne as a SAML identity provider.

​​ Set up PingOne as a SAML provider

  1. In your PingIdentity environment, go to Connections > Applications.

  2. Select Add Application.

  3. Enter an Application Name.

  4. Select SAML Application.

  5. Select Configure.

  6. To fill in your Cloudflare Access metadata:

    1. Select Import from URL.
    2. Set the Import URL to:

    where <your-team-name> is your Cloudflare Zero Trust team name.

    1. Select Import.
    2. Save the configuration.
  7. In the Configuration tab, select Download metadata and save the XML metadata file. This file will be used in a later step to add PingOne to Zero Trust.

  8. In the Attribute Mappings tab, add the following required attributes (case sensitive) and select Save.

    Application attributeOutgoing value
    emailEmail Address
    givenNameGiven Name
    surNameFamily Name

    These SAML attributes tell Cloudflare Access who the user is.

  9. Set the application to Active.

  10. In Zero Trust, go to Settings > Authentication.

  11. Under Login methods, select Add new.

  12. Select SAML.

  13. Upload your PingOne XML metadata file from Step 7.

  14. Enable Sign SAML authentication request.

  15. Select Save.

You can now test your connection and create Access policies based on the configured login method and SAML attributes.