I am trying to get the group membership feature in Cloudflare Teams Access policies for Self Hosted applications.
I have successfully setup a SAML auth account using JumpCloud. When tested, I get the following results:
"email": "[email protected]",
"name": "My Name",
"givenName": "",
"surName": "",
"custom": {
"email": "[email protected]"
},
"headers": {
"memberOf": "[\"Team 1\",\"team_2\"]"
}
}```
To create an access policy, I choose *SAML Groups* as the *Include* rule. From there I put `memberOf` as the *Attribute name* and `team_2` as the *Attribute value*. This does not make the app appear in the App Launcher. I have tried combinations for *Attribute name* of `headers.memberOf` and various combinations of *Attribute value*. No matter what I put it, the app does not appear.
As soon as I put the email ending in `@domain.com` the app will appear.
What am I doing wrong?
The app launcher doesn’t do real-time evaluation of policies to determine what to display to a user. Does the Access policy work with group membership?
Thanks for the info @tarvi.
I added memberOf into the SAML attributes in the SAML application config in CloudFlare.
When I did that, the test result was: