Authenticate once and have access to multiple domains

How to have a user authenticate under a site in one domain and be able to visit links or download content in sites on another domain

1 Like

Hi! This is possible. With Cloudflare Access, users login with their upstream identity provider once and can reach multiple applications behind Access without logging in again.

2 Likes

Then how do you stop someone from logging into one domain’s Access portal then bypassing the Access portals in your other Access apps?

You still technically go through Access each time, but the IdP handshake it’s happening without any action from the user, especially if there is only one IdP configured with the automatic IdP redirect option.

1 Like

There are two tokens issued: one to your-auth-domain.cloudflareaccess.com and the other to your site. When you request the Site A, we look at the one present on Site A to determine if you should be allowed to proceed.

If you request Site B, which is part of the same auth domain account, but do not have it yet, then we check for the auth-domain token to issue you a token for Site B.

2 Likes