Skip to content
Visit Kinde’s marketing website Kinde Docs
  • Auth and access
  • Enterprise connections

Use Cloudflare as a SAML identity provider

If you use Cloudflare to centralize authentication and authorization in your business, you can integrate Kinde as a service provider for these processes. This gives you the benefits of Kinde’s robust auth capabilities, while keeping the familiar Cloudflare structure.

You need to set up an enterprise connection in Kinde for this, and add a Cloudflare application. See steps below.

Step 1: Add and configure a Cloudflare connection in Kinde

Link to this section
  1. In Kinde, go to Settings > Authentication.
  2. In the Enterprise connections section, select Add connections.
  3. In the window that appears, select Cloudflare and then select Save. The connection is added.
  1. On the connection you just created, select Configure.
  2. Enter a random string value for Entity ID, for e.g. 870sa9fbasfasdas23aghkhc12zasfnasd.
  1. Complete any optional fields you want, including Entity ID, and key attributes. You’ll add the IdP Metadata URL later.
  2. Enter Home realm domains. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information about how, see Home realm domains or IdP discovery.
  3. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the Always show sign-in button option.
  4. Copy the Assertion Customer Service (ACS) URL and the Entity ID somewhere you can access it later. You’ll need this to set up your Cloudflare application.
  5. Select provisioning options.
  6. Add a signed certificate and key if you have it. You can also do this later.
  7. Select Save.

Step 2: Add and configure your Cloudflare application

Link to this section
  1. Sign in to your Cloudflare account.
  2. In the menu, select Zero trust.
  3. Go to Access > Applications, then select Add an application.
  4. Select SaaS as the type of application. The Add application window opens.
Screen shot of Cloudlfare adding application
  1. Enter an application name or select an application.
  2. Choose Select SAML for the authentication protocol.
  3. Select Add Application. The Configure application page opens.
Screen shot of app config screen in Cloudflare
  1. Add the Entity ID and ACS URL from Kinde.
  2. Copy the SAML Metadata endpoint to your clipboard. You’ll need to enter this back in Kinde.
  3. Scroll through the other sections and then select Save configuration. The Add policies page opens.
  4. Add a policy to define who can access your application. You might do this via an allowlist and groups, or other strategy.
  5. Complete any other relevant sections of the window, and then select Done.
Screen shot of Application list in Cloudflare

Step 3: Finish setting up your Cloudflare connection

Link to this section
  1. In Kinde, go to Settings > Authentication.
  2. Select Configure on the Cloudflare connection.
  3. Scroll to the IdP metadata URL field and paste the Metadata URL you copied from your Cloudflare app.
  4. In the Applications area, switch on the applications you want to use this connection.
Screen shot of your list of applications in Kinde with switches
  1. Select Save. You can now use Cloudflare as an IdP for the selected applications.

Related articles

Useful links

  • Join the community

    Get support from the Kinde team and expert users in the Kinde community

    Join via Slack or Discord

  • Contact support

    Chat to support through the Kinde help widget, or send a question via email

    Send an email