Configuring identity providers

You can integrate your organization's identity provider with Cloudflare Access. Your team can simultaneously use multiple providers, reducing friction when working with partners or contractors.

identity flow

Guides are available for specific providers as well as generic OIDC or SAML integrations. Cloudflare Access supports social identity providers that do not require administrator accounts, open source providers, and corporate providers. Cloudflare also supports using signed AuthN requests with SAML providers.

You can use the documentation linked below or the same material in the Cloudflare for Teams dashboard.

GuideTypeDescription
One-Time PinDefaultYou can use Cloudflare Access without an identity provider with the one-time pin integration.
Facebook®SocialGuide to integrating Facebok as an identity option.
Google®SocialGuide to integrating Google® without a G Suite® organization.
GitHub®SocialGuide to integrating GitHub, including GitHub Teams.
LinkedInSocialGuide to integrating LinkedIN.
KeycloakOpen SourceGuide to integrating Keycloak
G Suite®CorporateGuide to integrating G Suite®, including groups.
Okta®CorporateGuide to integrating Okta®
Okta® with SAMLCorporateGuide to integrating Okta® as a SAML provider.
OneLogin®CorporateGuide to integrating OneLogin®
Azure AD®CorporateGuide to integrating Azure AD®
Centrify®CorporateGuide to integrating Centrify®
Yandex®CorporateGuide to integrating Yandex®
Citrix ADC SAMLCorporateGuide to integrating Citrix ADC, formerly Citrix NetScaler ADC.
PingIdentity®CorporateGuide to integrating PingFederate and PingOne.
Active DirectoryCorporateGuide to integrating self-hosted Active Directory.

Configure identity providers in the Access app

Adding an identity provider as a login method requires configuration in the Cloudflare Access dashboard as well as with the identity provider. Navigate to the Cloudflare for Teams dashboard to get started.

add an identity provider screenshot

To configure an identity provider in Cloudflare:

  1. Open the Access section of the navigation bar and select Authentication. The dashboard will display all identity providers currently configured. Cloudflare Access defaults to enable the one-time pin option for new accounts. Select + Add to add a new provider.

add an identity provider screenshot

  1. Choose the provider you plan to integrate. You can integrate multiple providers of the same type.

add an identity provider screenshot

  1. You can input the required fields in the identity provider screen. If you need more help, step-by-step instructions can be expanded below the input form.

add an identity provider screenshot

Using the API

We recommend that you use our dashboard to configure your identity providers. However, if you would like to use the Cloudflare API, each of the identity provider topics covered here include an example API configuration snippet as well.