![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 45%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello @Subodh Vedhe,
We understand that you are trying to configure zero trust settings using Cloudflare Zero Trust for SAAS application precisely for Microsoft 365.
Cloudflare Access can integrate with various identity providers (e.g., Okta, Azure AD, or Google Identity) for authentication. If you're using Azure Active Directory (AAD) as your IdP, which is the most common approach for Microsoft 365, you can configure Cloudflare to use SAML SSO with Azure AD as the Identity Provider. With this feature, users can access the applications without requiring users to re-enter credentials after being authenticated once. The SAML protocol requires the identity provider (Microsoft Entra ID) and the service provider (the application) to exchange information about themselves.
Based on the protocols the application supports, you can use existing or create your own application for configuring the Single Sign On feature. In general, for applications that use OpenID or OAuth, the Application Registration blade will be used and for SAML applications, we will be using Enterprise Application blade.
Steps to configure SAML SSO:
For a non-gallery application, you can navigate to Enterprise Application blade in Microsoft Entra ID and then if you click on New Application, you can see an option to Create your own application.
For a gallery application, you can see them in the Browse Microsoft Entra Gallery.
Once the application is added, you can navigate to SSO blade in the application to enable the feature following necessary steps.
Choosing an SSO method depends on how the application is configured for authentication. Cloud applications can use federation-based options, such as OpenID Connect, and SAML. The application can also use password-based SSO, linked-based SSO, or SSO can be disabled.
Important steps for SAML Based SSO Configuration:
Configure the identifier (Entity ID), Reply URL (Assertion Consumer Service URL) and Sign-on URL.
Identifier (Entity ID) is the unique ID that is provided by the application which identifies your application to Microsoft Entra ID. Reply URL (Assertion Consumer Service URL) is where the application expects to receive the authentication token.
Later, download the Azure AD SAML Signing Certificate and provide it to the SaaS application for trust verification.
Kindly refer the document for more information: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal-setup-sso
Thanks & Best Regards,
Janaki Kota
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.