This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

JumpCloud SSO x CloudFlare Access Policies (Zero Trust)

shawnsong
Rising Star III
Rising Star III

‎09-17-2024 01:53 AM - edited ‎09-17-2024 08:19 AM

Hi folks,

Hope everyone is sailing smoothly through the last month of Q3 and gearing up for the final stretch of 2024 – time flies, doesn’t it?

Recently, I encountered a unique use case that got my creative gears turning right from the start. The task? We needed to add an authentication layer to a web application’s gateway. Ideally with a SSO IdP that supports SAML. 

So, fast forward a bit: I mapped out a strategy that combines CloudFlare Access Policies and JumpCloud’s CloudFlare SAML connector together to achieve this goal. And to validate the concept, I even built a sample Flask app (which, if you're interested, you can check out here).

The architecture looks something like this:shawnsong_1-1726551975946.png

As usual, let’s dive into the How-To.

 

 

Step 0 - Make sure the DNS record of your app is managed by CloudFlare. 

 

Step 1 - Integrate CloudFlare with JumpCloud (SAML)

Step 2 - Create the access policies on CloudFlare

 

  • Access policies
  • You can create multiple “self-hosted applications” as in our case we have two application paths representing 2 different roles:shawnsong_3-1726552112084.png

     

  • The settings of 1 of the application look like this.
    • At Overview section:shawnsong_6-1726552162311.pngshawnsong_7-1726552193228.png

       

       
       
      • At Policy section - Make sure the policy check against the group member in JumpCloud:shawnsong_8-1726552232072.png
      • At the Authentication section - select the SAML integration with JumpCloud you have created from above. shawnsong_9-1726552279968.png
    • I have left the rest of the settings / configurations untouched, feel free to tweak based on your application environment. 
    • Repeat the same steps for /IT path if needed. 

 

Now, It’s time for a test run

 

The main use case I can think of is protecting your application — often internal corporate ones where adding an authentication layer within the application (via auth SDKs) isn’t feasible, especially for just a handful of users. Implementing a modern security solution like SAML for SSO can solve this without needing extensive changes. 

Of course, there are plenty of other use cases out there—as long as those DNS records are in your hands 😉.

Thanks for reading! Catch you folks in the next one!

0 REPLIES 0
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts

Keep up with Product News

Read our community guidelines

Ready to join us? You can register here.