SparkPost
Last reviewed: 10 months ago
This guide covers how to configure SparkPost or SparkPost EU ↗ as a SAML application in Cloudflare Zero Trust.
Prerequisites
- An identity provider configured in Cloudflare Zero Trust
- Admin access to a SparkPost or SparkPost EU account
1. Add a SaaS application to Cloudflare Zero Trust
- In Zero Trust ↗, go to Access > Applications.
- Select Add an application > SaaS > Select.
- For Application, enter
SparkPost
and select the corresponding textbox that appears. - For the authentication protocol, select SAML.
- Select Add application.
- Fill in the following fields:
- Entity ID:
https://api.sparkpost.com
for SparkPost accountshttps://api.eu.sparkpost.com
for SparkPost EU accountshttps://<api-host>
for SparkPost accounts with dedicated tenants
- Assertion Consumer Service URL:
https://api.sparkpost.com/api/v1/users/saml/consume
for SparkPost accountshttps://api.eu.sparkpost.com/api/v1/users/saml/consume
for SparkPost EU accountshttps://<api-host>/api/v1/users/saml/consume
for SparkPost accounts with dedicated tenants
- Name ID format: Email
- Entity ID:
- Copy the SAML Metadata endpoint.
- Select Save configuration.
- Configure Access policies for the application.
- Select Done.
2. Download the metadata file
- Paste the SAML metadata endpoint from application configuration in Cloudflare Zero Trust in a web browser.
- Follow your browser-specific steps to download the URL’s contents as an
.xml
file.
3. Add a SAML SSO provider to SparkPost
- In SparkPost, select your profile picture > Account Settings.
- Under Single Sign-On, select Provision SSO.
- Under Upload your Security Assertion Markup Language (SAML), select select a file and upload the
.xml
file you created in step 2. Download the metadata file. - Select Provision SSO.
- Select Enable SSO.
4. Add a test user and test the integration
- In SparkPost, current users must be deleted and re-invited to use SSO. To create a test user, select your profile picture > Users > name of the user > Delete User. Then, select Invite User and fill in the necessary information. Alternatively, invite a new user. An invitation email will be sent.
- Go to the link sent in the invitation email. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
- Once SSO is successful, you can turn on SSO for the rest of your current users by deleting and then re-inviting them.