This deployment uses Synology C2 Identity with Cloudflare pages to control access.
Configuration Overview
graph TD
subgraph Synology C2
A[Create SAML App]
B[Export MetaData]
I[Enter SP Entity ID and SSO URL]
end
subgraph Cloudflare
C[Log in to Cloudflare Zero Trust]
D[Navigate to Login Methods]
E["Add New Login Method (SAML)"]
F[Import MetaData File]
G[Find Team Name]
H[Generate SAML URL]
J[Go to Access > Applications]
K[Select Application]
L[Create Authentication Rule]
M[Create Block Rule]
end
A --> B
B --> C
C --> D
D --> E
E --> F
F --> G
G --> H
H --> I
I --> J
J --> K
K --> L
L --> M
Synology C2 and Cloudflare Authentication
This guide will walk you through the steps to set up SAML authentication between Synology C2 Identity and your Cloudflare Pages website.
Prerequisites
- Access to Synology C2 Identity
- Access to Cloudflare Zero Trust dashboard
Step-by-Step Instructions
Step 1: Configure SAML Application in Synology C2 Identity
- Log in to your Synology C2 Identity console.
- Create a new SAML application.
- Go to the SAML application section.
- Create a new SAML application for your Cloudflare Pages website.
- Export the Metadata file.
- After creating the SAML application, export the metadata file. This file contains the necessary information for setting up SAML authentication on the Cloudflare side.
Step 2: Configure SAML Authentication in Cloudflare
- Log in to your Cloudflare Zero Trust dashboard.
- Navigate to the Login Methods:
- Go to
Zero Trust > Settings > Login Methods. - Click on
Add Newand selectSAML. - Import the Metadata File:
- Import the metadata file you exported from Synology C2 Identity.
Step 3: Retrieve Your Cloudflare Team Name
- Find your team name in Cloudflare:
- Navigate to
Zero Trust > Settings > Custom Pages. -
Your team name is listed here. For this example, let's assume your team name is
ovi-gc-pages. -
Generate the URL for SAML Authentication:
- Replace
<your-team-name>with your actual team name in the following URL:https://<your-team-name>.cloudflareaccess.com/cdn-cgi/access/certs - For example:
https://ovi-gc-pages.cloudflareaccess.com/cdn-cgi/access/certs
Step 4: Configure SP Entity ID and Single Sign-On URL in Synology C2
- Log in to your Synology C2 Identity console.
- Edit the SAML application you created:
- Go to the application settings and locate the fields for SP Entity ID and Single Sign-On URL.
- Populate these fields with the URLs from Cloudflare:
- SP Entity ID: Use the generated URL:
https://ovi-gc-pages.cloudflareaccess.com/cdn-cgi/access/certs - Single Sign-On URL: Use the same generated URL:
https://ovi-gc-pages.cloudflareaccess.com/cdn-cgi/access/certs
Step 5: Create an Access Application in Cloudflare
- Go to
Zero Trust > Access > Applications: - Click on the application
ovi-gc-knowledge-base - Cloudflare Pages. - Create a Rule for SAML Authentication:
- Click on
Create a Rule. - Fill in the details as follows:
- Policy Name: Synology C2 Identity
- Action: Allow
- Session Duration: Same as application session timeout
- Include, Selector: Login Methods
- Value: SAML Synology C2 Identity
Step 6: Create a Block Rule
- Add a Block Rule:
- After creating the allow rule, add a block rule to ensure that all other traffic is blocked unless authenticated through the Synology C2 Identity.
Conclusion
You have successfully set up SAML authentication between Synology C2 Identity and your Cloudflare Pages website. This configuration ensures that users are authenticated via Synology C2 Identity before accessing your Cloudflare Pages application. If you encounter any issues, verify each step and ensure all configurations are correct.
For more detailed information, refer to the official documentation of Synology C2 Identity and Cloudflare Zero Trust.
Resources
Here is a helpful setup video that was created around the timeframe the Knowledge Base was initially deployed:
https://www.youtube.com/watch?v=Q-YA_dA8C20