Configuring Cloudflare Access App Launch with ADFS Integration

1. Download the federation metadata XML file from the ADFS server by browsing to https://myserver.domain.com/FederationMetadata/2007-06/FederationMetadata.xml 
2. Launch Cloudflare Access
   1. Add a login method and select SAML
   2. Drag the XML from step 1 into the 'Drop or select ldP metadata file to upload' box at the top of the form
   3. Change the idP Entity ID or Issuer URL box to the callback address for the domain for example https://yourdomain.cloudflareaccess.com/cdn-cgi/access/callback
   4. In the list of SAML attributes, the first one should be something like http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. Copy this into the Email attribute name field
   5. Save and close this
   6. Scroll down to Access App Launch and go into 'Edit Access App Launch'. Configure the criteria for who should be allowed access for example 'Emails Ending In' then put the domain names you want to allow
3. Browse to https://yourdomain.cloudflareaccess.com/cdn-cgi/access/saml-metadata. The link will return a web page with your SAML SP data in XML format. Save the file as an XML document.
4. Launch ADFS Management on the ADFS server
   1. Open Relying Party Trusts
   2. Add Relying Party Trust
   3. Select Claims Aware
   4. Select Import data about the relying party from a file and browse to the XML file from step 3 
   5. Give it a name
   6. Select 'Permit everyone' 
   7. Click next and finish
   8. Check in 'Edit Claim Issuance Policy'. This should have 2 entries: Send Email and Create NameID. If these aren't here, follow step 2 from https://developers.cloudflare.com/access/configuring-identity-providers/adfs/
5. Launch Powershell as an administrator on the ADFS server
   1. Run this command - Set-ADFSRelyingPartyTrust -TargetName "Name of RPT Display Name" -SamlResponseSignature "MessageAndAssertion"
6. Now test by browsing to https://yourdomain.cloudflareaccess.com and selecting the SAML login method