PingOne
The PingOne cloud platform from PingIdentity provides SSO identity management. Cloudflare Access supports PingOne as an OIDC identity provider.
-
In your PingIdentity environment, go to Connections > Applications.
-
Select Add Application.
-
Enter an Application Name.
-
Select OIDC Web App and then Save.
-
Select Resource Access and add the email and profile scopes.
-
In the Configuration tab, select General.
-
Copy the Client ID, Client Secret, and Environment ID to a safe place. These ids will be used in a later step to add PingOne to Zero Trust.
-
In the Configuration tab, select the pencil icon.
-
In the Redirect URIs field, enter the following URL:
You can find your team name in Zero Trust under Settings > Custom Pages.
-
Select Save.
- In Zero Trust ↗, go to Settings > Authentication.
- Under Login methods, select Add new.
- Select PingOne.
- Input the Client ID, Client Secret, and Environment ID generated previously.
- (Optional) Enable Proof of Key Exchange (PKCE) ↗. PKCE will be performed on all login attempts.
- (Optional) To enable SCIM, refer to Synchronize users and groups.
- (Optional) Under Optional configurations, enter custom OIDC claims that you wish to add to your users' identity. This information will be available in the user identity endpoint.
- Select Save.
You can now test your connection and create Access policies based on the configured login method.