cloudflare · maxvp · Aug 27, 2024 · Aug 22, 2024 · Aug 22, 2024 · Aug 22, 2024
@@ -4,16 +4,15 @@ title: DocuSign
 updated: 2024-06-18
 sidebar:
   order: 10
-
 ---
 
-This guide covers how to configure [Docusign](https://support.docusign.com/s/document-item?language=en_US\&bundleId=rrf1583359212854\&topicId=ozd1583359139126.html&_LANG=enus) as a SAML application in Cloudflare Zero Trust.
+This guide covers how to configure [Docusign](https://support.docusign.com/s/document-item?bundleId=rrf1583359212854&topicId=ozd1583359139126.html) as a SAML application in Cloudflare Zero Trust.
 
 ## Prerequisites
 
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
-* Admin access to a Docusign account that has Single Sign-On available
-* A [domain](https://support.docusign.com/s/document-item?language=en_US\&bundleId=rrf1583359212854\&topicId=gso1583359141256.html&_LANG=enus) verified in Docusign
+- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- Admin access to a Docusign account that has Single Sign-On available
+- A [domain](https://support.docusign.com/s/document-item?bundleId=rrf1583359212854&topicId=gso1583359141256.html) verified in Docusign
 
 ## 1. Create the Access for SaaS application
 
@@ -25,26 +24,26 @@ This guide covers how to configure [Docusign](https://support.docusign.com/s/doc
 
 4. Use the following configuration:
 
-   * Set the **Application** to *DocuSign*.
-   * Put placeholder values in **EntityID** and **Assertion Consumer Service URL** (e.g. `https://example.com`). We’ll come back and update these.
-   * Set **Name ID Format** to: *Unique ID*.
+   - Set the **Application** to _DocuSign_.
+   - Put placeholder values in **EntityID** and **Assertion Consumer Service URL** (e.g. `https://example.com`). We'll come back and update these.
+   - Set **Name ID Format** to: _Unique ID_.
 
 5. DocuSign requires SAML attributes to do Just In Time user provisioning. Ensure you are collecting SAML attributes from your IdP:
 
-   * Group
-   * username
-   * department
-   * firstName
-   * lastName
-   * phone
+   - Group
+   - username
+   - department
+   - firstName
+   - lastName
+   - phone
 
 6. These IdP SAML values can then be mapped to the following DocuSign SAML attributes:
 
-   * Email
-   * Surname
-   * Givenname
+   - Email
+   - Surname
+   - Givenname
 
-7. Set an Access policy (for example, create a policy based on *Emails ending in @example.com*).
+7. Set an Access policy (for example, create a policy based on _Emails ending in @example.com_).
 
 8. Copy and save SSO Endpoint, Entity ID and Public Key.
 
@@ -58,7 +57,7 @@ This guide covers how to configure [Docusign](https://support.docusign.com/s/doc
 
 11. Wrap the value in `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
 
-12. Set the file extension to `.crt` and save. 
+12. Set the file extension to `.crt` and save.
     :::
 
 ## 2. Configure your DocuSign SSO instance
@@ -69,27 +68,27 @@ This guide covers how to configure [Docusign](https://support.docusign.com/s/doc
 
 3. On the Identity Providers page, select **ADD IDENTITY PROVIDER**. Use the following mappings from the saved Access Application values:
 
-   * **Name**: Pick your desired name.
-   * **Identity Provider Issuer**: Entity ID.
-   * **Identity Provider Login URL**: Assertion Consumer Service URL.
+   - **Name**: Pick your desired name.
+   - **Identity Provider Issuer**: Entity ID.
+   - **Identity Provider Login URL**: Assertion Consumer Service URL.
 
 4. Save the Identity Provider.
 
-5. Upload your certificate to the *DocuSign Identity Provider* menu.
+5. Upload your certificate to the _DocuSign Identity Provider_ menu.
 
 6. Configure your SAML Attribute mappings. The Attribute Names should match the values in **IdP Value** in your Access application.
 
 7. Go back to the Identity Provider's screen and select **Actions** > **Endpoints**. Copy and save the following:
-   * Service Provider Issuer URL.
-   * Service Provider Assertion Consumer Service URL.
+   - Service Provider Issuer URL.
+   - Service Provider Assertion Consumer Service URL.
 
 ## 3. Finalize your Cloudflare configuration
 
 1. Go back to your DocuSign application under **Access** > **Applications**.
 2. Select **Edit**.
 3. Use the following mappings:
-   * EntityID->Service Provider Issuer URL.
-   * Assertion Consumer Service URL -> Service Provider Assertion Consumer Service URL.
+   - EntityID->Service Provider Issuer URL.
+   - Assertion Consumer Service URL -> Service Provider Assertion Consumer Service URL.
 4. Save the application.
 
 When ready, enable the SSO for your DocuSign account and you will be able to login to DocuSign via Cloudflare SSO and your Identity Provider.
@@ -3,24 +3,23 @@ pcx_content_type: how-to
 title: Generic SAML application
 sidebar:
   order: 1
-
 ---
 
-import { Render } from "~/components"
+import { Render } from "~/components";
 
 This page provides generic instructions for setting up a SaaS application in Cloudflare Access using the SAML authentication protocol.
 
 ## Prerequisites
 
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
-* Admin access to the account of the SaaS application
+- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- Admin access to the account of the SaaS application
 
 ## 1. Get SaaS application URLs
 
 Obtain the following URLs from your SaaS application account:
 
-* **Entity ID**: A unique URL issued for your SaaS application, for example `https://<your-domain>.my.salesforce.com`.
-* **Assertion Consumer Service URL**: The service provider's endpoint for receiving and parsing SAML assertions.
+- **Entity ID**: A unique URL issued for your SaaS application, for example `https://<your-domain>.my.salesforce.com`.
+- **Assertion Consumer Service URL**: The service provider's endpoint for receiving and parsing SAML assertions.
 
 ## 2. Add your application to Access
 
@@ -38,15 +37,15 @@ Obtain the following URLs from your SaaS application account:
 
 7. Enter the **Entity ID** and **Assertion Consumer Service URL** obtained from your SaaS application account.
 
-8. Select the **Name ID Format** expected by your SaaS application (usually *Email*).
+8. Select the **Name ID Format** expected by your SaaS application (usually _Email_).
 
 9. Copy the **SSO endpoint**, **Access Entity ID or Issuer**, and **Public key**.
 
-10. If your SaaS application requires additional **SAML attribute statements**, add the mapping of your IdP’s attributes you would like to include in the SAML statement sent to the SaaS application.
+10. If your SaaS application requires additional **SAML attribute statements**, add the mapping of your IdP's attributes you would like to include in the SAML statement sent to the SaaS application.
 
 :::note[IdP groups]
 
-If you are using Okta, AzureAD, Google Workspace, or GitHub as your IdP, Access will automatically send a SAML attribute titled `groups` with all of the user's associated groups as attribute values. 
+If you are using Okta, AzureAD, Google Workspace, or GitHub as your IdP, Access will automatically send a SAML attribute titled `groups` with all of the user's associated groups as attribute values.
 :::
 
 11. (Optional) Configure [App Launcher settings](/cloudflare-one/applications/app-launcher/) for the application.
@@ -67,9 +66,9 @@ If you are using Okta, AzureAD, Google Workspace, or GitHub as your IdP, Access
 
 Next, configure your SaaS application to require users to log in through Cloudflare Access. Refer to your SaaS application documentation for instructions on how to configure a third-party SAML SSO provider. You will need the following values from the Zero Trust dashboard:
 
-* **SSO endpoint**
-* **Access Entity ID or Issuer**
-* **Public key**
+- **SSO endpoint**
+- **Access Entity ID or Issuer**
+- **Public key**
 
 You can either manually enter this data into your SaaS application or upload a metadata XML file. The metadata is available at the URL: `<SSO endpoint>/saml-metadata`.
 

@@ -4,39 +4,38 @@ title: Google Cloud
 updated: 2024-07-03
 sidebar:
   order: 13
-
 ---
 
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
 
 This guide covers how to configure [Google Cloud](https://support.google.com/cloudidentity/topic/7558767) as a SAML application in Cloudflare Zero Trust.
 
 :::caution
 
 When configuring Google Cloud with Access, the following limitations apply:
 
-* Users will not be able to log in using [Google](/cloudflare-one/identity/idp-integration/google/) or [Google Workspace](/cloudflare-one/identity/idp-integration/gsuite/) as an identity provider after Google Cloud is configured with Access.
+- Users will not be able to log in using [Google](/cloudflare-one/identity/idp-integration/google/) or [Google Workspace](/cloudflare-one/identity/idp-integration/gsuite/) as an identity provider after Google Cloud is configured with Access.
 
-* The integration of Access as a single sign-on provider for your Google Cloud account does not work for Google super admins. It will work for other users. 
+- The integration of Access as a single sign-on provider for your Google Cloud account does not work for Google super admins. It will work for other users.
   :::
 
 ## Prerequistes
 
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
-* Admin access to a Google Workspace account
-* [Cloud Identity Free or Premium](https://support.google.com/cloudidentity/answer/7389973) set up in your organization's Google Cloud account
+- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- Admin access to a Google Workspace account
+- [Cloud Identity Free or Premium](https://support.google.com/cloudidentity/answer/7389973) set up in your organization's Google Cloud account
 
 ## 1. Add a SaaS application to Cloudflare Zero Trust
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Access** > **Applications**.
 2. Select **Add an application** > **SaaS** > **Select**.
-3. For **Application**, select *Google Cloud*.
+3. For **Application**, select _Google Cloud_.
 4. For the authentication protocol, select **SAML**.
 5. Select **Add application**.
 6. Fill in the following fields:
-   * **Entity ID**: `google.com`
-   * **Assertion Consumer Service URL**: `https://www.google.com/a/<your_domain.com>/acs`
-   * **Name ID format**: *Email*
+   - **Entity ID**: `google.com`
+   - **Assertion Consumer Service URL**: `https://www.google.com/a/<your_domain.com>/acs`
+   - **Name ID format**: _Email_
 7. Copy the **SSO endpoint**, **Access Entity ID or Issuer**, and **Public key**.
 8. Select **Save configuration**.
 9. Configure [Access policies](/cloudflare-one/policies/access/) for the application.
@@ -54,9 +53,9 @@ When configuring Google Cloud with Access, the following limitations apply:
 2. Select **Third-party SSO profile for your organization** > **Add SSO Profile**.
 3. Turn on **Set up SSO with third-party identity provider**.
 4. Fill in the following information:
-   * **Sign-in page URL**: SSO endpoint from application configuration in Cloudflare Zero Trust.
-   * **Sign-out page URL**: `https://<team-name>.cloudflareaccess.com/cdn-cgi/access/logout`, where `<team-name>` is your Zero Trust <GlossaryTooltip term="team name">team name</GlossaryTooltip>.
-   * **Verification certificate**: Upload the `.crt` certificate file from step [2. Create a x.509 certificate](#2-create-a-x509-certificate).
+   - **Sign-in page URL**: SSO endpoint from application configuration in Cloudflare Zero Trust.
+   - **Sign-out page URL**: `https://<team-name>.cloudflareaccess.com/cdn-cgi/access/logout`, where `<team-name>` is your Zero Trust <GlossaryTooltip term="team name">team name</GlossaryTooltip>.
+   - **Verification certificate**: Upload the `.crt` certificate file from step [2. Create a x.509 certificate](#2-create-a-x509-certificate).
 5. (Optional) Turn on **Use a domain specific issuer**. If you select this option, Google will send an issuer specific to your Google Cloud domain (`google.com/a/<your_domain.com>` instead of the standard `google.com`).
 
 ## 4. Test the integration
@@ -65,6 +64,6 @@ Open an incognito browser window and go to your Google Cloud URL (`https://conso
 
 ## Troubleshooting
 
-`Error: “G Suite - This account cannot be accessed because the login credentials could not be verified.”`
+`Error: "G Suite - This account cannot be accessed because the login credentials could not be verified."`
 
 If you see this error, it is likely that the public key and private key do not match. Confirm that your certificate file includes the correct public key.
@@ -4,25 +4,22 @@ title: Google Workspace
 updated: 2024-06-04
 sidebar:
   order: 13
-
 ---
 
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
 
-This guide covers how to configure [Google Workspace](https://support.google.com/a/topic/7579248?hl=en\&ref_topic=7556686\&sjid=14539485562330725560-NA) as a SAML application in Cloudflare Zero Trust.
+This guide covers how to configure [Google Workspace](https://support.google.com/a/topic/7579248?ref_topic=7556686&sjid=14539485562330725560-NA) as a SAML application in Cloudflare Zero Trust.
 
 :::note
 
-
 The integration of Access as a single sign-on provider for your Google Workspace account does not work for Google super admins. It will work for other users.
 
-
 :::
 
 ## Prerequistes
 
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
-* Admin access to a Google Workspace account
+- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- Admin access to a Google Workspace account
 
 ## 1. Create an application in Zero Trust
 
@@ -31,14 +28,14 @@ The integration of Access as a single sign-on provider for your Google Workspace
 2. Select **SaaS application**.
 
 3. Fill in the following information:
-   * **Application**: *Google*.
-   * **Entity ID**: `google.com`
-   * **Assertion Consumer Service URL**: `https://www.google.com/a/<your_domain.com>/acs`, where `<your_domain.com>` is your Google Workspace domain.
-   * **Name ID Format**: *Email*.
+   - **Application**: _Google_.
+   - **Entity ID**: `google.com`
+   - **Assertion Consumer Service URL**: `https://www.google.com/a/<your_domain.com>/acs`, where `<your_domain.com>` is your Google Workspace domain.
+   - **Name ID Format**: _Email_.
 
 :::caution
 
-When you put your Google Workspace behind Access, users will not be able to log in using [Google](/cloudflare-one/identity/idp-integration/google/) or [Google Workspace](/cloudflare-one/identity/idp-integration/gsuite/) as an identity provider. 
+When you put your Google Workspace behind Access, users will not be able to log in using [Google](/cloudflare-one/identity/idp-integration/google/) or [Google Workspace](/cloudflare-one/identity/idp-integration/gsuite/) as an identity provider.
 :::
 
 4. On the next page, [create an Access policy](/cloudflare-one/policies/access/) for your application. For example, you could allow users with an `@your_domain.com` email address.
@@ -66,9 +63,9 @@ When you put your Google Workspace behind Access, users will not be able to log
 3. Select **Third-party SSO profile for your organization**.
 4. Enable **Set up SSO with third-party identity provider**.
 5. Fill in the following information:
-   * **Sign-in page URL**: Copy and then paste your **SSO endpoint** from Zero Trust.
-   * **Sign-out page URL**: `https://<team-name>.cloudflareaccess.com/cdn-cgi/access/logout`, where `<team-name>` is your Zero Trust <GlossaryTooltip term="team name">team name</GlossaryTooltip>.
-   * **Verification certificate**: Upload the certificate file containing your public key.
+   - **Sign-in page URL**: Copy and then paste your **SSO endpoint** from Zero Trust.
+   - **Sign-out page URL**: `https://<team-name>.cloudflareaccess.com/cdn-cgi/access/logout`, where `<team-name>` is your Zero Trust <GlossaryTooltip term="team name">team name</GlossaryTooltip>.
+   - **Verification certificate**: Upload the certificate file containing your public key.
 6. (Optional) Enable **Use a domain specific issuer**. If you select this option, Google will send an issuer specific to your Google Workspace domain (`google.com/a/<your_domain.com>` instead of the standard `google.com`).
 
 ## 4. Test the integration
@@ -81,6 +78,6 @@ An Access login screen should appear.
 
 ## Troubleshooting
 
-`Error: “G Suite - This account cannot be accessed because the login credentials could not be verified.”`
+`Error: "G Suite - This account cannot be accessed because the login credentials could not be verified."`
 
 If you see this error, it is likely that the public key and private key do not match. Confirm that your certificate file includes the correct public key.
@@ -4,33 +4,32 @@ title: Zendesk
 updated: 2024-04-29
 sidebar:
   order: 29
-
 ---
 
 This guide covers how to configure [Zendesk](https://support.zendesk.com/hc/en-us/articles/4408887505690-Enabling-SAML-single-sign-on#topic_u54_wc3_z2b) as a SAML application in Cloudflare Zero Trust.
 
 ## Prerequisites
 
-* An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
-* Admin access to your Zendesk account
+- An [identity provider](/cloudflare-one/identity/idp-integration/) configured in Cloudflare Zero Trust
+- Admin access to your Zendesk account
 
 ## Configure Zendesk and Cloudflare
 
 1. Go to your Zendesk administrator dashboard, typically available at `<yourdomain>.zendesk.com/admin/security/sso`.
 
 2. In a separate tab or window, open [Zero Trust](https://one.dash.cloudflare.com), select your account, and go to **Access** > **Applications**.
 
-3. Select **Add an application**, then choose *SaaS*.
+3. Select **Add an application**, then choose _SaaS_.
 
 4. Input the following values in the Zero Trust application configuration:
 
    | Zero Trust field                   | Value                                           |
    | ---------------------------------- | ----------------------------------------------- |
    | **Entity ID**                      | `https://<yoursubdomain>.zendesk.com`           |
    | **Assertion Consumer Service URL** | contents of **SAML SSO URL** in Zendesk account |
-   | **Name ID Format**                 | *Email*                                         |
+   | **Name ID Format**                 | _Email_                                         |
 
-5. (Optional) Configure these Attribute Statements to include a user’s first and last name:
+5. (Optional) Configure these Attribute Statements to include a user's first and last name:
 
    | Cloudflare attribute name | IdP attribute value                                               |
    | ------------------------- | ----------------------------------------------------------------- |
@@ -54,7 +53,7 @@ This guide covers how to configure [Zendesk](https://support.zendesk.com/hc/en-u
 
    2. Wrap the value with `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
 
-   3. Set **Algorithm** to *SHA256* and select **Calculate Fingerprint**.
+   3. Set **Algorithm** to _SHA256_ and select **Calculate Fingerprint**.
 
    4. Copy the **Formatted FingerPrint** value.