Configuring identity providers
You can integrate your organization's identity provider with Cloudflare Access. Your team can simultaneously use multiple providers, reducing friction when working with partners or contractors.
Guides are available for specific providers as well as generic OIDC or SAML integrations. Cloudflare Access supports social identity providers that do not require administrator accounts, open source providers, and corporate providers. Cloudflare also supports using signed AuthN requests with SAML providers.
You can use the documentation linked below or the same material in the Cloudflare for Teams dashboard.
|One-Time Pin||Default||You can use Cloudflare Access without an identity provider with the one-time pin integration.|
|Facebook®||Social||Guide to integrating Facebook as an identity option.|
|Google®||Social||Guide to integrating Google® without a G Suite® organization.|
|GitHub®||Social||Guide to integrating GitHub, including GitHub Teams.|
|LinkedIn||Social||Guide to integrating LinkedIN.|
|Keycloak||Open Source||Guide to integrating Keycloak|
|G Suite®||Corporate||Guide to integrating G Suite®, including groups.|
|Okta®||Corporate||Guide to integrating Okta®|
|Okta® with SAML||Corporate||Guide to integrating Okta® as a SAML provider.|
|OneLogin®||Corporate||Guide to integrating OneLogin®|
|Azure AD®||Corporate||Guide to integrating Azure AD®|
|Centrify®||Corporate||Guide to integrating Centrify®|
|Yandex®||Corporate||Guide to integrating Yandex®|
|Citrix ADC SAML||Corporate||Guide to integrating Citrix ADC, formerly Citrix NetScaler ADC.|
|PingIdentity®||Corporate||Guide to integrating PingFederate and PingOne.|
|Active Directory||Corporate||Guide to integrating self-hosted Active Directory.|
Configure identity providers in the Access app
Adding an identity provider as a login method requires configuration in the Cloudflare Access dashboard as well as with the identity provider. Navigate to the Cloudflare for Teams dashboard to get started.
To configure an identity provider in Cloudflare:
- Open the Access section of the navigation bar and select Authentication. The dashboard will display all identity providers currently configured. Cloudflare Access defaults to enable the one-time pin option for new accounts. Select
+ Add to add a new provider.
- Choose the provider you plan to integrate. You can integrate multiple providers of the same type.
- You can input the required fields in the identity provider screen. If you need more help, step-by-step instructions can be expanded below the input form.
Using the API
We recommend that you use our dashboard to configure your identity providers. However, if you would like to use the Cloudflare API, each of the identity provider topics covered here include an example API configuration snippet as well.