Cloudflare SAML setup

Getting started

1. Log in to Cloudflare and go to Zero Trust.
2. Select Applications and click Add an application:

Creating a new application

1. Enter the name for the application (e.g. 1Password SaaS Manager).
2. Choose SAML, then click Add application.

You now need to collect some information from SaaS Manager to enter into Cloudflare. In a separate tab, log in to SaaS Manager and go to Settings > Users and scroll down to the Single Sign-On (SSO) section:

1. Paste the SaaS Manager SAML Entity ID into the Cloudflare Entity ID field.
2. Paste the SaaS Manager SAML Assertion Consumer Service (ACS) URL into the Cloudflare Assertion Consumer Service URL.
3. Select Email as the Name ID Format in Cloudflare.
4. Copy the SAML Metadata endpoint to the clipboard.

You now need to enter some Cloudflare information into SaaS Manager. Click on the New button in the SAML providers section of the SaaS Manager user settings page.

1. Select Url and certificate for the Metadata type.
2. Paste the Cloudflare SAML Metadata endpoint value into the SaaS Manager Metadata URL field.
3. Click Save in SaaS Manager.

Complete the configuration in Cloudflare

1. Set up SAML attribute statements if required - these will pass through the user's name when new users log in to SaaS Manager. The values SaaS Manager expects are given_name and family_name:
   
2. Complete any other Cloudflare configuration.
3. Click Save application at the bottom and then apply the necessary Cloudflare access policy or group.
4. Click Done.