Skip to content

[CF1] dash SSO email domain callout #22105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 2, 2025
Merged

[CF1] dash SSO email domain callout #22105

merged 1 commit into from
May 2, 2025

Conversation

deadlypants1973
Copy link
Contributor

Summary

PCX-16429

Screenshots (optional)

Documentation checklist

  • The documentation style guide has been adhered to.
  • If a larger change - such as adding a new page- an issue has been opened in relation to any incorrect or out of date information that this PR fixes.
  • Files which have changed name or location have been allocated redirects.

@deadlypants1973 deadlypants1973 requested review from kennyj42, ranbel and a team as code owners April 30, 2025 17:04
@hyperlint-ai Hyperlint AI
Copy link
Contributor

hyperlint-ai bot commented Apr 30, 2025

Howdy and thanks for contributing to our repo. The Cloudflare team reviews new, external PRs within two (2) weeks. If it's been two weeks or longer without any movement, please tag the PR Assignees in a comment.

We review internal PRs within 1 week. If it's something urgent or has been sitting without a comment, start a thread in the Developer Docs space internally.

PR Change Summary

Added a caution note regarding the global application of Cloudflare Dashboard SSO for email domains, clarifying that all users must authenticate via the specified identity provider.

  • Introduced a caution note about the global impact of enabling SSO for email domains.
  • Clarified that all users with the specified email domain must authenticate through the identity provider.

Modified Files

  • src/content/docs/cloudflare-one/applications/configure-apps/dash-sso-apps.mdx
How can I customize these reviews?

Check out the Hyperlint AI Reviewer docs for more information on how to customize the review.

If you just want to ignore it on this PR, you can add the hyperlint-ignore label to the PR. Future changes won't trigger a Hyperlint review.

Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add hyperlint-ignore to the PR to ignore the link check for this PR.

deadlypants1973
deadlypants1973 commented Apr 30, 2025
View reviewed changes
src/content/docs/cloudflare-one/applications/configure-apps/dash-sso-apps.mdx
@@ -35,6 +35,12 @@ Once your SSO domain is approved, a new **SSO App** application will appear unde
- Every user with that email domain must be an employee in your organization. For example, university domains such as `@harvard.edu` are not allowed because they include student emails.
- Your SSO domain can include multiple email domains.

:::caution

Enabling Cloudflare Dashboard SSO for an email domain (for example, `@mycompany.com`) will apply globally across all Cloudflare accounts where users log in with that domain. All users will be required to authenticate via the specified identity provider (IdP), including users on pre-existing Cloudflare accounts.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kennyj42 if Access allows multiple IdPs on an account, would this technically be more correct if it was:

All users will be required to authenticate via the specified identity providers (IdPs), including users on pre-existing Cloudflare accounts.

plural?

This step only says "set up an IdP" https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/dash-sso-apps/#1-set-up-an-idp but technically, they could have multiple. Let me know which wording you think is best.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

correct. all accounts for that domain will become sso'd

@github-actions GitHub Actions
Copy link
Contributor

Preview URL: https://22402a38.preview.developers.cloudflare.com
Preview Branch URL: https://kate-fixes-dashssocallout.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/dash-sso-apps/ https://kate-fixes-dashssocallout.preview.developers.cloudflare.com/cloudflare-one/applications/configure-apps/dash-sso-apps/

@deadlypants1973 deadlypants1973 merged commit ded16fc into production May 2, 2025
13 checks passed
@deadlypants1973 deadlypants1973 deleted the kate/fixes-dashssocallout branch May 2, 2025 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pedrosousa pedrosousa pedrosousa approved these changes

@kennyj42 kennyj42 kennyj42 approved these changes

@ranbel ranbel Awaiting requested review from ranbel ranbel is a code owner

Assignees

@kennyj42 kennyj42

@ranbel ranbel

Labels
product:cloudflare-one size/xs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@deadlypants1973 @pedrosousa @kennyj42 @ranbel