Ironclad
Last reviewed: 3 months ago
This guide covers how to configure Ironclad ↗ as a SAML application in Cloudflare Zero Trust.
- An identity provider configured in Cloudflare Zero Trust
- Admin access to a Ironclad site
- In Zero Trust ↗, go to Access > Applications.
- Select Add an application > SaaS.
- For Application, enter
Ironclad
and select the corresponding textbox that appears. - For the authentication protocol, select SAML.
- Select Add application.
- Copy the SSO Endpoint and Public key.
- Keep this window open without selecting Select configuration. You will finish this configuration in step 3. Finish adding a SaaS application to Cloudflare Zero Trust.
- In Ironclad, select your profile picture > Company settings > Integrations > SAML.
- Select Add SAML Configuration > Show Additional IdP Settings.
- Copy the Callback value.
- Fill in the following fields:
- Entry Point: SSO endpoint from application configuration in Cloudflare Zero Trust.
- Identity Provider Certificate: Public key from application configuration in Cloudflare Zero Trust. The key will automatically be wrapped in
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
.
- Select Save.
- In your open Zero Trust window, fill in the following fields:
- Entity ID:
ironcladapp.com
- Assertion Consumer Service URL: Callback from Ironclad SAML SSO set-up.
- Name ID format: Email
- Entity ID:
- Select Save configuration.
- Configure Access policies for the application.
- Select Done.
- In Ironclad, select your profile picture > Company settings > Users & Groups.
- Select Invite User.
- For Email addresses, add your desired email address for your test user.
- For Sign-in Method, ensure Sign in with (your-team-domain.cloudflareaccess.com) is selected
- Select Invite.
- In the invitation email sent to the test user, select Join now. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
- Once this is successful, you can contact your LE, CSM POC, or
support@ironcladapp.com
to migrate existing users to SSO login.