Configure a Google Workspace account for Access for SaaS
This tutorial covers how to use Cloudflare as a single sign on provider by setting up Access for SaaS.
⏲️ Time to complete: 15 minutes
Create an SSO provider in Google Workspace
In your Google Workspace account, create an SSO third-party identity provider.
Select Setup SSO with a third party identity provider.
Create an application on the Zero Trust Dashboard
On the Zero Trust Dashboard, navigate to Access > Applications and create a SaaS application.
- Entity ID:
- Assertion Consumer Service URL:
- Name ID:
- Entity ID:
Click Next to create an Access policy and use the following mapping to set up your Workspace sign-in:
Google Workspace value Cloudflare value Sign-in page URL SSO Endpoint Sign-out page URL SSO Endpoint Verification Certificate Public Key
Next, you can select Use a domain specific issuer. If you select this option, Google will send an issuer specific to your domain (where
your_domain.comis replaced with your actual primary Google Workspace domain name).
Create and upload a certificate file
- Paste the Public Key in VIM or another code editor.
- Wrap the certificate in
- Set the file extension as
Once the certificate file has been created, upload it to your Google Workspace account.
Test the integration
You can now test the integration by going to
Error: “G Suite - This account cannot be accessed because the login credentials could not be verified.”
If you see this error, it is likely that the Public Key and Private Key do not match. Confirm your certificate file matches your Public Key.