Ironclad

Last reviewed: over 1 year ago

This guide covers how to configure Ironclad ↗ as a SAML application in Cloudflare One.

Prerequisites

In Cloudflare One ↗, go to Access controls > Applications.
Select Add an application > SaaS.
For Application, enter Ironclad and select the corresponding textbox that appears.
For the authentication protocol, select SAML.
Select Add application.
Copy the SSO Endpoint and Public key.
Keep this window open. You will finish this configuration in step 3. Finish adding a SaaS application to Cloudflare One.

In Ironclad, select your profile picture > Company settings > Integrations > SAML.
Select Add SAML Configuration > Show Additional IdP Settings.
Copy the Callback value.
Fill in the following fields:
- Entry Point: SSO endpoint from application configuration in Cloudflare One.
- Identity Provider Certificate: Public key from application configuration in Cloudflare One. The key will automatically be wrapped in -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
Select Save.

In your open Cloudflare One window, fill in the following fields:
- Entity ID: ironcladapp.com
- Assertion Consumer Service URL: Callback from Ironclad SAML SSO set-up.
- Name ID format: Email
Configure Access policies for the application.
Save the application.

In Ironclad, select your profile picture > Company settings > Users & Groups.
Select Invite User.
For Email addresses, add your desired email address for your test user.
For Sign-in Method, ensure Sign in with (your-team-domain.cloudflareaccess.com) is selected
Select Invite.
In the invitation email sent to the test user, select Join now. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.
Once this is successful, you can contact your account team or support@ironcladapp.com to migrate existing users to SSO login.