mTLS / client certificate authentication support for project integrations
Proposal
We have a self-hosted GCP installation and we need to integrate with on-premise services which are exposed through Cloudflare. These are however secured by Cloudflare Access mTLS and considering that e.g. the jira integration doesn't allow to configure a client certificate (procured from the corporate CA), the integration doesn't work.
Proposal:
- add a group/project configuration item which allows to provide the group/project with an TLS certificate which can be used to be enabled for a specific group/project integration for projects under the group / the project (maybe limiting the usage of the TLS certificate to specific domains?)
- allow to choose one of the group/project TLS certificates to be used for a specified group/project integration
Don't know whether this makes any sense security-wise though.
I'm not that experienced with mTLS setups but I presume this is not something which can be applied from the admin level (security risks? or maybe it will if it's possible to either permit all groups and projects / specific groups to use it?), so I'm guessing these configurations being a project/group level configuration would be a good place to start.