Step 1: Create a new Application in your Okta dashboard. Go to Applications, and click ‘Add Application’ ok-ent1

Click ‘Create New App’ ok-ent2

Step 2: ASelect OpenID Connect as the application integration type. ok-ent3

Step 3: Name the application. In the field Login redirect URI’s, put your authorization domain /cdn-cgi/access/callback. You can find your organization’s authoirzation domain in the Cloudflare dashboard. It will be begin with a subdomain unique to your organization and the domain “cloudflareaccess.com” will follow with the callback path specificied above. Click Save. ok-ent4

Step 4: Okta will show you your completed Application. Scroll down to the OpenID Connect Token section and click Edit. ok-ent5

Step 5: In the groups claim field, switch ‘Starts With’ to ‘Regex’ and set it equal to .* ok-ent6 Click Save.

Step 6: Now select the General tab. Scroll down to copy your Client ID and Client Secret from the Okta dashboard. Paste them into the respective fields to the left of these instructions. ok-ent7 ok-ent8

Step 7: In the Okta dashboard, click on Assignments for the Application. ok-ent9

Step 8: Now you can use the Cloudflare dashboard and specify which Okta groups and users should be allowed or denied access. ok-ent10 ok-ent11 ok-ent12

Step 9: Now Click on “Save and Test” on the Cloudflare dashboard to make sure your connection to the identity provider is successful. ok-ent13