Any way to allow "circular" authentication (i.e. cloudflare google idp for google)

I’m experimenting with rolling out Zero Trust for Teams for my organisation.

I was wanting to use Google Workspace as our only authentication method, but I was also hoping to put our Google Workspace logins behind Cloudflare’s SAML, to add the extra peace of mind of additional conditions etc.

I tried it out, and it resulted in an endless loop - pushed to the Cloudflare access page, selecting Google Workspace as an authentication option, and then bouncing back to the Cloudflare access page.

This seems logical I guess. But I just wanted to confirm there isn’t some way to make it work. It would be great to be able to apply the gateway’s extra security to all of the apps that we currently use Google SSO for, and it would be great to still use Google as our source of truth for identity (as it would be annoying to have to add another source at this point).

Any thoughts?

I don’t think this is something that is going to be possible.

If you wanted to work around it, you could possibly add a policy that would allow it to only work from set IP or with WARP.

Ok, I guess the best solution is just to eventually add a stand-alone IDP as the Cloudflare authentication method, like Okta or Onelogin.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.