Setting up Atlassian Cloud SSO using Cloudflare Access?

I’m trying to achieve the following:

  • I have Auth0 setup in my Cloudflare Access settings as a custom SAML identity provider. Works perfectly for self-hosted apps.

  • I want to configure Cloudflare Access to be my IdP for Atlassian Cloud (they call it Atlassian Access now but it’s the same thing I believe) such that when someone visits my Cloudflare Access App Launcher, they click the login button, then Cloudflare redirects the user to Auth0 to login, then Auth0 redirects to Cloudflare’s App Launcher, and when the user clicks the Atlassian app I configured, the user gets logged in via Cloudflare Access.

I read that Cloudflare Access recently started supporting SaaS apps and I tried configuring this but I keep getting the following error on Atlassian’s end:

“Hmm… we’re having trouble logging you in. You’ll need to talk to your organization admin - tell them we sent you, and that there appears to be an issue with the relay state for your SAML single sign-on configuration.”

Does Atlassian even support me using Cloudflare Access as an IdP? I’ve been trying to fix this for days now to no avail.

Also, I know that I could just setup Atlassian to use Auth0 directly, or I could switch to using something like Okta but I explicitly want to use the setup I outlined in the original post if at all possible.

I literally just had this same issue, with a different SaaS app. Seems like if the SAML process is initiated from the App Access Launcher, Cloudflare isn’t sending the RelayState parameter. However, sign-in that starts at the SaaS app side (SP-initiated, so initiated from the Atlassian side in your case) works.