Cloudflare Access

Cloudflare Access IdP with Entra ID

Cloudflare Access IdP with Entra ID

Cloudflare Access is a wonderful tool that can add MFA (Multi-Factor Authentication) to applications that don’t support it.

I’ve previously covered Setting Up Cloudflare Access using email OTP (One-time PIN). What I didn’t cover in that post was how to set up Cloudflare Access with an IdP (Identity Provider).

In this post, I will show step-by-step how to set up Cloudflare Access to use Microsoft Entra ID (formerly Microsoft Azure Active Directory) as the IdP and use Microsoft 365 SSO (Single sign-on) to make everything very transparent to the user.

Prerequisites

  • DNS for the web application in Cloudflare with Cloudflare Proxy enabled on the DNS record. (or a Cloudflare Tunnel)

The Process

  • Click on Custom Pages.
  • Make a note of your Team domain.

For this example, I will be using the team domain test.cloudflareaccess.com

Microsoft Entra ID Configuration

  • Login to Microsoft Entra admin center.
  • Click on Applications > App registrations.
  • Click on New registration.
  • Name your application. I will use the name Cloudflare Access.
  • Select Accounts in this organizational directory only (Single tenant)
  • Set the Redirect URI platform to Web.
  • Set the Redirect URI to the URL of the Team domain you noted down earlier. Add https:// to the front of it and add /cdn-cgi/access/callback to the end of it.

Read More Read More

Setting Up Cloudflare Access

Setting Up Cloudflare Access

I’ve been a fan of Cloudflare for a while now. I love how fast they can propagate DNS changes and I typically like to use them as a DNS resolver. An issue that I’ve ran into many times, is how to protect something with MFA (Multi-Factor Authentication) that doesn’t have any support for MFA.

This problem is common with legacy web applications and very common with SCADA (Supervisory Control And Data Acquisition) web applications. The issue I was trying to solve was how to put MFA in front of a SCADA web application.

I decided to use Cloudflare Access. Cloudflare Access goes by a few names some of them are Cloudflare Zero Trust Network Access (ZTNA), Cloudflare Access, and Cloudflare Zero Trust Access. For simplicity I’m going to refer to it as Cloudflare Access.

Cloudflare Access is really nice because you can put it in front of any web application and it will require the user to authenticate before they can even reach the website.

If you have a lot of applications like this you can even set it up so the users can login to a portal to see all of the applications that are available to them. You can do all of this without the user having to install anything. What’s even better is that it’s free for 50 users.

Here’s how I setup a SCADA web app with Cloudflare Access.

Read More Read More