Skip to content
Visit Access on GitHub
Set theme to dark (⇧+D)


You can integrate Okta with Cloudflare Access to allow users to reach applications protected by Access with their Okta account.

  1. In your Okta dashboard, click Admin.

Okta Applications

  1. Select the Applications tab in the Admin dashboard.

Admin Dash

  1. Click Add Application on the next page.

Add App

  1. Click Create New App in the top right corner.

Create New App

  1. Choose Web as the Platform and toggle OpenID Connect. Click Create.

Create New App

  1. You can name the application to be any value. In the Login redirect URIs field, input the callback URL of your Cloudflare authentication domain.

The domain will be structured in the following format:


In the URI field, input your authentication domain with the path below.


Create New App

  1. Once saved, choose the Sign On tab from the application view.

Create New App

  1. Scroll down to the OpenID ConnectID Token.

Scroll Down

  1. Click Edit and edit the Groups claim filter to Starts with and the value .*.

Scroll Down

  1. Next, click the Assignments tab.

Assignments Tab

  1. Click Assign and assign the application to all users in your organization.

Assign App

  1. Return to the General tab. Scroll down to find your credentials. Copy the ID and secret.


  1. Visit the Cloudflare for Teams dashboard and navigate to the Authentication page of the Access section. Click +Add to add a new identity provider. Choose Okta.

Choose Okta

  1. Input the ID, secret, and the Okta account URL. Click Save.


  1. In the application list, you can now test the connection by clicking the Test button.


Example API Configuration

{    "config": {        "client_id": "<your client id>",        "client_secret": "<your client secret",        "okta_account": "",    },    "type": "okta",    "name": "my example idp"}