If you use Cloudflare to manage authentication across your systems, you can use Kinde as an third-party identity provider.
This topic explains how to set up Cloudflare Zero Trust to use Kinde as an auth identity provider through OpenID Connect.
You need to already have a backend web application set up in Kinde to follow this procedure.
- Sign into Cloudflare and navigate to Zero Trust.
- Go to Settings > Custom Pages.
- Copy your Team domain.
-
In Kinde, go to Settings > Applications.
-
Select View details on the relevant backend/web application.
-
Copy the Client ID and Client secret and add them somewhere you can access later.
-
Scroll to the Callback URLs section and enter the Zero Trust Team domain in the Allowed callback URLs field. (Copied in the procedure above)
In this example, we would paste:
mirosaurus.cloudflareaccess.com/cdn-cgi/access/callback
-
Select Save.
-
In your browser, go to the OpenID configuration URL of your Kinde business. This will be
https://<your_kinde_subdomain>.kinde.com/.well-known/openid-configuration
Our example shows details for
mirosaurus.kinde.com/.well-known/openid-configuration
-
Copy the following information somewhere you can access it later.
- jwks_uri - e.g.
https://mirosaurus.kinde.com/.well-known/jwks
- token_endpoint - e.g.
https://mirosaurus.kinde.com/oauth2/token
- authorization_endpoint - e.g.
https://mirosaurus.kinde.com/oauth2/auth
- jwks_uri - e.g.
- Back in the Cloudflare Zero Trust dashboard, go to Settings > Authentication.
- In the Login methods section, select Add new. The Add a login method screen opens.
- Select OpenID Connect as the identity provider.
-
Follow the page guide and enter the following details:
- Name - Whatever you want
- App ID - this is the Client ID you copied from your Kinde app
- Client Secret - this is the Client secret you copied from your Kinde app
- Auth URL - the
authorization_endpoint
copied in the previous procedure - Token URL - the
token_endpoint
copied in the previous procedure - Certificate URL - the
jwks_uri
copied in the previous procedure
-
Select Save.
- In the Zero Trust dashboard, go to Access > Applications.
- In the Authentication tab, select the newly created Open ID Connect method.
- Select Save application. When an authentication event is triggered, Cloudflare will offload to Kinde to complete the authentication.